PII self-management

[nikosdion]

To fully comply with the GDPR the following changes must be made.

Note that this is only really relevant for sites with multiple users. Most installations are single user, where the only user is the owner, therefore no consent is necessary. This is also not necessary if the only other users are clients of the site's owner who have agreed to a written contract that stipulates their access to the site monitoring site.

Basically, it's a miniature of DataCompliance. It doesn't have data minimisation or consent history features. Just the bare minimum.

ToS and Privacy Policy pages

Each installation of Panopticon needs a Terms of Service and a Privacy Policy page which are publicly available. Create a default for each page and insert it into the database if it's missing.

These pages should be editable, per language, in the backend. They will be linked to from the login page, and from the footer of every other page.

These pages must be available for read even when we're in a captive page.

User consent

Users must provide their consent and their consent must be recorded in the user account. Consent history is not necessary. The default admin user gets consent automatically on creation since it's by definition the owner of the site.

If the user has not provided their consent they must be sent to a captive page upon login and clearing MFA, but before they are captured by any other captive page (forced MFA, forced passkey).

The consent page must allow for account deletion and data export.

Account deletion

Users must be able to delete their own user account. The sites they own will be automatically deleted thanks to the cascade of the foreign key.

Data export

Export the user record and all of the sites they own to an XML file.