Skip to content

Cookie consent banner and Privacy policy page #11

@uxabix

Description

@uxabix

We need to implement a cookie consent banner and a privacy policy page to ensure compliance with data protection regulations (e.g., GDPR) and improve transparency for users.


Requirements

Cookie Banner

Implement a cookie consent system that:

  • Displays a banner informing users that the site uses cookies.
  • Allows users to accept all, reject all, or customize cookie preferences.
  • Clearly explains which categories of cookies are used:
    • Essential (required for site functionality)
    • Analytical (e.g., Google Analytics)
    • Marketing/Advertising
    • Functional (e.g., remembering preferences)
  • Ensures that non-essential cookies are not activated before consent.
  • Stores user consent choices (e.g., via localStorage or a dedicated cookie).
  • Allows users to change their decision later (e.g., through a “Cookie settings” link in the footer).
  • Keeps a record of user consent (optional, for future auditing).

Privacy Policy Page

Create a page accessible from the footer that includes:

  • Information on what data is collected (e.g., email, name, cookies, etc.).
  • The purposes of data collection and processing.
  • The legal basis for processing (e.g., consent, legitimate interest).
  • Who has access to the data (internal and third parties).
  • Data retention period.
  • User rights, including:
    • Withdraw consent
    • Request data deletion
    • Obtain a copy of stored data
  • Contact information for data inquiries.
  • Reference to the site’s cookie usage.
  • Make acceptance of the privacy policy mandatory during registration.

Technical Details

  • Store privacy policy and cookie policy texts outside of templates (e.g., in models or Markdown/HTML files).
  • Provide an interface to edit these texts via the Django admin panel.
  • Expose policy texts through a dedicated API endpoint (e.g., /api/policy/ and /api/cookies/).
  • Implement a frontend component for the cookie banner (using vanilla JS).
  • Use a consistent design where “Accept All” and “Reject All” buttons are equally visible.
  • Consider using or extending existing libraries such as:
  • Optional: store consent history in a simple model (e.g., CookieConsentLog).

Recommendations (for uncertain points)

  • Personalization of cookies: Implement basic category toggling first (essential / non-essential). Later, add detailed control (e.g., separate analytics vs marketing).
  • Storage method: Prefer cookies with a short JSON structure over localStorage for consistency and server awareness.
  • Consent record: For now, store consent locally. Add DB-based logging only if legal compliance requires it.
  • Editable texts: Use Markdown fields in models, rendered dynamically, instead of static .html templates.
  • API exposure: Provide read-only REST API endpoints so frontend can fetch the latest policy text.

Testing

  • Verify that the banner appears on first visit and disappears after user action.
  • Ensure non-essential cookies are not created before consent.
  • Check that preferences persist across sessions.
  • Confirm that users can reopen the settings and change their choice.
  • Verify that the privacy policy page loads correctly from API data.

Definition of Done

  • Cookie consent banner implemented with customizable options.
  • Privacy policy page accessible and editable via admin.
  • Both policies available via REST API.
  • Consent stored and respected on subsequent visits.
  • Registration process includes privacy policy acceptance.
  • Documentation updated with implementation details and future improvements.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions