In Germany, all websites must comply with the “Datenschutz-Grundverordnung” (DSGVO), the German version of the General Data Protection Regulation (GDPR), by 25 May 2018 at the latest.
Due to this legal requirement I have some technical problems with the upgrade of a Kirby 2 website of a German sport fishing club from Kirby 2 to 3, for which I hereby request the technical support of the Kirby team members and particularly @bastianallgeier.
Please do not discuss legal matters here!
Since this is not a security problem, its solution can be discussed publicly.
During the development of the previous website of the Sportanglerverein Barchfeld e.V., short: SAV or club or association, four years ago I followed everything from the beginning on the basis of Kirby 2, which still today fulfils the regulations of the current (new) DSGVO, as long as the website uses Kirby 2.
Unfortunately, I haven’t found a solution yet how this website under Kirby 3 can meet the requirements of the (new) DSGVO:
As you surely know, the e-mail address of every human being (like “John.Doe@example.com” in contrast to non-personalized e-mail addresses like “email@example.com” or “firstname.lastname@example.org”) is one of the information protected by the (new) DSGVO.
Is it really permissible (and otherwise wise) under the DSGVO to use this information as a unique key field for a Kirby user?
From several DSGVO training sessions of different German lawyers specialised in the (new) DSGVO, unfortunately I have to question the permissibility at least with regard to the DSGVO.
For each individual storage of such an e-mail address of a person (e.g. as author of a blog article) in the content files of the individual (blog article) web pages of a website, the website owner must be able to legally prove a DSGVO-compliant authorisation to store this e-mail address at this point instead of the (in Kirby 2 anonymous) user identification/user name of the same user. In practice, this means being able to prove this on paper with the author’s physical signature with reference to each individual blog article and its author. Many German judges are not really open-minded about EDP, so in case of doubt you need a paper-based permit with a physical signature for every storage of such data, if you want to be sure if at some point the “peace” between the former club member who wrote the blog post and the club no longer exists.
Also nobody can be obligated to disclose his possibly existing e-mail address, since there is no legally constructible necessity in the life of an association (club) that every member of the association discloses his e-mail address, as far as it exists at all, to the association.
The use of fictitious e-mail addresses (an e-mail address is expected as the registration name of Kirby 3) does not lead to the goal from a practical point of view.
But this is only a small part of the same problem:
In addition, underage children, for example, as long as they are not yet subject to compulsory education in Germany, usually do not have their own e-mail address. How reads their e-mail address as Kirby user to the member administration, since they were registered as member partly already shortly after their birth by the proud parents with the association as members?
In Kirby 3, the e-mail address of every Kirby user must be unique, so we cannot use the family e-mail for all family members under Kirby 3 as opposed to Kirby 2, or leave this field empty! It is not specified in any German law that the communication with a user must take place via his e-mail!
Very old association members have, even if younger humans can hardly imagine that, partly no e-mail address. They are also not legally obliged to maintain such an e-mail address. What is their e-mail address in Kirby 3?
E-mail addresses as well as mobile phone numbers in Germany are not permanent contact data of a real living human being aggravating this problem. Some people change these with every new mobile phone, e.g. annually. The maintenance of these changes is disproportionate and was not necessary under Kirby 2.
So how can I or the club avoid in the future that the entire content has to be searched and changed in the affected fields (e.g. author of a blog article) just because its author has a changed e-mail address? In addition, the time of the content file of the affected web page(s) in the operating system of the web server changes without “really” changing the content.
But there are other points:
Under Kirby 2 the username, also called nickname, was the unique name of each Kirby user of a Kirby website, which was also stored by the Kirby panel in the content files for fields of the “type: user” e.g. in blog posts. When changing from Kirby 2 to 3, the content of all blog articles, for example, must also be changed once in the current Kirby 3 version, because in new posts of the same user, unlike websites created under Kirby 2, a different content (his e-mail address) is stored in the User/Users field.
There is a script on https://getkirby.com/docs/cookbook/setup/migrate-users#update-user-fields that can change the content regarding the user IDs after the change from Kirby 2 to 3. But I don’t think such a thing should be necessary to run a website while it is running if a user (e.g. as an author of blog articles) has changed his e-mail address.
According to my understanding of the DSGVO, every user has the right to access websites under a nickname/pseudonym. According to my tests, Kirby 3 does not currently allow this, every user must have an unique e-mail address.
Unfortunately, the current Kirby 3 version does not (any longer) prevent two different users from using the same username. So I cannot use this field as a key field.
Can you please make this field “Username” (possibly as config-option for DSGVO-compliant websites) unique again and a mandatory field? From my point of view this would be a solution to make Kirby 3 DSGVO compliant.
I would then only have to adapt or replace the login mask and, if (really?) necessary, reintroduce fictitious e-mail addresses. Even if I will probably need the support of the Kirby forum for the implementation of this code.
I’m looking for a solution with which Kirby 3 can be used under the listed boundary conditions, e.g. using Kirby options or suitable Kirby 3 plugins:
How can I use a (possibly different) author field in Kirby 3 that doesn’t store the e-mail address and how can I change the Kirby default settings to the Kirby 2 settings for the users in the panel including the corresponding login in the panel and frontend?
Thank you in advance for solving or supporting this complex problem!
If an issue on Github is required to solve my problem, please create it for me. DSGVO-/GDPR-compliant I also pursue the goal of not maintaining avoidable access of websites (such as Github) to my e-mail (in DSGVO-German this is called “data economy”, because I would have to leave my personal e-mail address there; fake addresses are no solution to this either).
Thank you for supporting me also in this DSGVO-compliant way.
Unfortunately I did not find a hint on https://forum.getkirby.com/ or on https://github.com/getkirby/kirby which enabled me to avoid this request. Issues that have not been resolved do not help me, especially if they are not assigned to a solution point in version planning.