Comments (7)
Free version is not GDPR compliant from the chart the have.
from reach4help.
Free version is not GDPR compliant from the chart the have.
This requires investigation then before picking a platform, whoever picks this issue, please perform a decision log on it
from reach4help.
I would suggest https://www.twilio.com/notify since we'll have a meeting to get free credits
from reach4help.
I would suggest https://www.twilio.com/notify since we'll have a meeting to get free credits
@webmonger do you have info on this one to see if it's GDPR compliant?
PS: nice suggestion @puzzledbytheweb
Also, did a bit of digging, and in order to use Twilio Web push notifications, we have to create a Firebase Cloud Messaging project (so this is the real push client). So not sure if we should have the extra trouble for doing it in Twilio?
Also, @webmonger do you have legal problems with FCM
?
from reach4help.
I think we need some requirements or a functional specification from backend on this feature. I feel like we may be over complicating things a tiny bit here. Is in-house development of this completely out of the question?
This was recently implemented into an app at work. We used firebase. The documentation is very good, and you can actually find a pretty good guide on it written on medium:
https://medium.com/@anum.amin/react-native-integrating-push-notifications-using-fcm-349fff071591
Here is the official latest integration guide for backend: https://invertase.io/oss/react-native-firebase/v6/messaging/quick-start#messaging-quick-start
from reach4help.
Had a productive conversation with David regarding GDPR compliance. Pasting it here for transparency.
`David Alecrim:flag-pt: 18 minutes ago
We can, I just think that the hard part here is not the implementation (I also implemented this kind of features before), the problem here is the compliance regarding GDPR, which is why I'm blocked here
David Alecrim:flag-pt: 17 minutes ago
Either way, it's in the backend board now also
AlexV 4 minutes ago
Alright, so that's a loaded question which goes much further than the reach of this app... While many of the GDPR controls are going to be specific with how the apps control and process EU citizen data, there also needs to be considerations on the organization level as well.
With firebase we are considered the data controller. If we sign the necessary paperwork(which I think is only available on the paid plan), Google is our data processor. If we don’t sign anything with google, we are considered the processor AND controller.
So even with google as our processor, we still can't pass on any GDPR obligations on to Google. They only perform a technical service for us, no organizational and legal services. Their privacy policy is not a dependency or part of our privacy policy. Because we are the controller and they the processor, they may only process the data as we instruct them to, and we are responsible whatever happens.
AlexV 2 minutes ago
GDPR is not so much about ticking boxes like storing data “securely”, but about planning any processing of personal data in accordance with certain principles (like data minimisation, using a proper legal basis, ect (all explained in gdpr text). Following these principles are not something that can be outsourced.
David Alecrim:flag-pt: 1 minute ago
I get your point here, then let's add @wilson Rodrigues and the backend team to the conversation, to see how we will deal with this data flow that is necessary to have
AlexV < 1 minute ago
Maintaining records of processing is only necessary under certain circumstances. The choice of our tech stack does not affect this. Even if you are not required to keep these records, they are a good exercise to make sure you are demonstrably GDPR-compliant.
Also, processing data that is subject to the GDPR in third countries like the US is fine as long as you take suitable precautions. The data processing agreement Google offers to you will likely already list the necessary aspects. Technically, you either need an EU adequacy decision or other suitable safeguards in the data processing agreement contract to transfer data internationally. The US privacy shield is currently recognized as adequate.
AlexV < 1 minute ago
perfect
AlexV < 1 minute ago
I'll actually copy and paste this all into the github ticket.`
FYI: I wrote up this small primer on GDPR for The Progressive Coders Network a few months ago. I think it's a pretty relevant read to this situation. https://docs.google.com/document/d/1bh6SN1nDPwNpYrxKSnC9aIsjs_uG3AyI19iXkJKbyis/edit?usp=sharing
from reach4help.
I think we need some requirements or a functional specification from backend on this feature. I feel like we may be over complicating things a tiny bit here. Is in-house development of this completely out of the question?
This was recently implemented into an app at work. We used firebase. The documentation is very good, and you can actually find a pretty good guide on it written on medium:
https://medium.com/@anum.amin/react-native-integrating-push-notifications-using-fcm-349fff071591Here is the official latest integration guide for backend: https://invertase.io/oss/react-native-firebase/v6/messaging/quick-start#messaging-quick-start
so have we decided to proceed with firebase cloud messaging?
We are already using Firebase's Firestore and Firebase Authentication in the web-client currently
I have experience integrating FCM into web apps using their web SDK and also with react native apps as mentioned above.
This is the document that outlines firebase's data security and privacy details: https://firebase.google.com/support/privacy
if we decide on using this, I can integrate FCM into the web-client app
from reach4help.
Related Issues (20)
- [AUTH.1] Verify via email or text unless Program Admin is dong entry
- [AUTH.2] Verify via email or text unless Program Admin is dong entry
- [REQ.5] Create a second request at a later point without having to re-enter contact info - either use verification via text / email or account
- [REQ.6] Create a repeating request
- Map filter bug: 'No Options' is not translated
- Improve performance by querying only those markers in view port
- REFACTOR MAP: includeHidden UI and code logic confusing
- [MAP] UBlock Origin Blocking Map Markers due to CORS
- [MAP EPIC] Migrate to use both Algolia (search engine) and Airtable (data input tool)
- [MAP] Refactor data model between Algolia and Airtable
- [MAP] Push transformed data from #1723 to Airtable
- Write a cloud function/realtime script to keep both databases synchronized
- [MAP] Extract location data using the Google Maps API from each marker
- [MAP] Parse out and properly formatting phone numbers and contact info
- reach4help landing page: add button for map and change Volunteer and Get Help to point to a Google Doc HOT 2
- Map may not center for users with ad blocker (geolocation)
- TECHNICAL MAP: Fix warnings about marker.getPosition
- MAP: Auto close search HOT 1
- MAP: Modify search box UI, remove organization type
- [MAP DATA] Parse and import Ukraine data on shelters
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reach4help.