Moodle HQ development team is working hard to allow compliance of EU’s General Data Protection Regulation (GDPR). The General Data Protection Regulation (GDPR) is an EU directive that provides users more control over their data. This regulation will come into effect on 25th May 2018 and covers all residents of the European Union.
This new directive by European Union gives the right to users like:
- to ask information on the types of personal data held, the instances of that data, and the deletion policy for each;
- to get access to all of their data; and
- to be forgotten.
Moodle HQ development team is giving their best efforts to help institutions become compliant with this new regulation. In addition to Moodle core, this compliance requirements also extend to installed plugins (including third party plugins). These Third party Moodle plugins need to be able to report what information they store or process about users, and have the ability to give and delete data for a user request.
How Moodle HQ will implement GDPR for Moodle plugins developers:
In order to help the third party Moodle plugins developers, Moodle HQ development team started working on a new Privacy API. This new Privacy API contains a number of PHP interfaces. The team has wrote some documentation which gives hints on how the API is structured and answers a number of Frequently Asked Questions.
They have also developed a working prototype of the plugin on GitHub which is now a work in progress. The team is seeking the feedback from Moodle plugin developers about the new Privacy API and the Plugin.
If you are a Moodle plugin developer, then it is the time to share your opinion. You can take part in this Moodle forum thread to share your opinion.
If you do not update your plugin, then any site which intends to use your plugin will not be able to fully comply with the requirements of GDPR. This may result in uninstalling your plugin from their Moodle site.