Synopsis
Firstly, I am not a lawyer, I’m a software engineer so anything I write in this post pertain to the software I create rather than a professional legal understanding.
The EU General Data Protection Regulation (GDPR) – www.eugdpr.org – comes into force on the 25th May 2018. It affects anyone who stores data about EU citizens. And it is the responsibility of the website author to ensure that the regulation is followed. I must stress that it is my understanding that you as an author are responsible for the code even if it has been developed by someone else.
From a Moodle point of view there will be tools for Moodle 3.3 upwards – moodle.com/2017/12/21/moodle-gdpr-approach-plan . But what about the plug-ins you have? How do you know what data they store, if they are covered, if they are user specific and if you could delete that data upon request? This thought got me thinking about my plug-ins and the data beyond core that they store and process. So in this post I will describe to you the extra data Collapsed Topics (CT) has, processes and why it does so. Then it is up to you to determine if it is covered by the GDPR and what steps you then must take to be complaint.
CT will by default store the state of the toggles on a per user per course basis. This can be turned off by an administrator with the setting ‘format_topcoll/defaulttogglepersistence’. It achieves this by utilising the ‘ Preference API ’ to store a bit of text, the ‘value’, against the user id with a name in the ‘user_preferences’ table. The ’name’ is ’topcoll_toggle_’ followed by the course id. The ‘value’ represents the state of the toggles on the course for the user. This ‘state’ is ‘compressed’ and looks like a sequence of characters.
Link
Post link on eLearningWorld: Collapsed Topics and the EU General Data Protection Regulation .