Dear OJS team,
I want to share with you some concerns we have regarding the way OJS handles user information. As per the ‘Enroll a User from this Site in this Journal’ feature, any journal manager can access other journal’s user details. This is a big deal with regard to existing privacy laws, as the French Data Protection Authority confirmed to us.
I know this is supposed to make user’s life easier by using only one account for a series of journals but what is preferable is for them to choose to enroll themselves to a new journal, not the other way round.
Therefore, we believe this is a failure both in privacy design and user journey. Can you confirm whether OJS v3 behaves the same? If not, can you please provide a response to the issue?
Of course, this issue does not take away all the other wonderful things OJS has to offer
Best regards,
Antoine