I haven’t come across any mention of Social login and GDPR, so I was hoping to find someone who has implemented GDPR compliance while using social login. What did you change in your registration and sigin process flows to gather the required consent? What considerations were made for existing members (who registered with your website pre gdpr)?
Our sign-in form has an email/password option or buttons to sign in with your favorite social platform. How are you displaying the consent options in this case?
We’ve integrated SSO with our own internal user management system, which is separate of Discourse. We transfer user info from FB to our local system during registration. I was hoping that another site or two was similar in that fashion.
Also, we had existing users using social login, that hadn’t explicitly consented to that data transfer pre-GDPR-compliance-deadline .
Although technically a social login is a kind of SSO, I think their legal implications are very different.
As I said, I can’t see how social logins that people use to register on your forum are GDPR relevant for you.
Yes they have. That is how social logins work. Besides, you don’t need consent for most things (if any) that you do when running a discourse forum. See here (and following post):
SSO, on the other hand, is GDPR relevant if you are the SSO provider, which you apparently are:
Plrase note that I’m not a lawyer and the above does not constitute legal advice.
Our issue was more for existing users (that registered using social login before anything GDPR related) signing in for the first time post GDRP-compliance-changes we made.
We’re also doing some data processing outside of Discourse, within Wordpress and some custom apps, with the same users. That’s probably something I should have mentioned. And thanks for that post. It’s one I read previously.