Openfoodnetwork: EU Cookie compliance

We need some dev to take tech lead on that project. I think it can be done in parallel as Spree upgrade as I don't think there is really implications. We have decided to prioritized for Q2. @daniellemoorhead might be good to discuss at next pipeline touchpoint.
I only put one story so far as I would like to organize a quick inception session with the tech lead on it to agree on the path we want to take and split that into stories. I have already shared some ideas in the slides document I put in the inception section in this epic.

Interesting and pedagogic way of taking about cookies: https://appear.in/information/tos/cookie-policy/

Ok so given the work done by @mkllnk on https://github.com/openfoodfoundation/openfoodnetwork/issues/2240 on the tech inception side, I am about to open all the stories, but before I want to make sure we all agree on UX inception side, how it's gonna look for users and what will be the flow.

Here is the proposed UX: (only 5 slildes!)
https://docs.google.com/presentation/d/1uMWiW6lQhqexAe_uFmjp5QNAM1zLfnIe1bF3-_Nb5xo/edit#slide=id.g3841ad4459_0_180
It looks pretty simple to me and quite easily understandable, but please share feedbacks and ask any questions you have.
@enricostano @sauloperez @NickWeir63 @lin-d-hop @sigmundpetersen @mllocs @luisramos0 are you ok with my analysis and proposal that this will make us legal on cookie side regarding GDPR?
Non EU instances might decide to just toogl this off but you will have the possibility to apply it if you want :-)

@mkllnk on slide 6 I have listed 6 stories in the order I think they should be done, the first ones blocking the later ones. Do you agree? Do you suggest any modification?

@myriamboure That looks really good. Thank you. Just a note on page three. You reference a Privacy Policy. We don't have one. :-( Last Aussie talk about it: https://github.com/openfoodfoundation/ofnaus-issues/issues/2

And about the story list: I would include story 2 in story 4. It's not a big thing and doesn't make sense on its own.

Yes @mkllnk I know we don't have yet a privacy policy but UK has and we are writting one in France so we will want to link it also, but I will open a separate issue for that, it's not in the scope of the cookie policy but very connected as the cookie policy is part of privacy policy so I guess I'll put that story in the epic as well.
I'll update the stories with your feedback.

@mkllnk yes privacy policy is separate but connected as cookie policy is kind of part of privacy policy, so I propose to add a separate story in the scope of the epic to have something consistent (UK has writte their privacy policy, we are writing our in France, and I guess even if not forced other instances might do it volunteerly as Aus has started to discuss). I also added that the cookie page generation also needs to be powered in/off depending on instance will.
Check the new stories set and tell me if it's better or still some unclear things ;-)

I added a mobile view on how that would look like. @mkllnk can you just have a last check at the new list of stories after I took into account your feedbacks to make sure it's all good on your side? Would like to avoid misunderstandings.
Also please we need more feedbacks on UX I don't want to be the only PO to validate it... especially EU people directly concerned @lin-d-hop @sigmundpetersen @sauloperez @mllocs just give your go if you are happy. @RachL I would like your UX feedback on it as well.
https://docs.google.com/presentation/d/1uMWiW6lQhqexAe_uFmjp5QNAM1zLfnIe1bF3-_Nb5xo/edit#slide=id.g3841ad4459_0_180

You are way deeper into this than me and I trust you @myriamboure :) All good on my side.

Are we missing any issue @luisramos0 on the cookie feature after the discussion we had? I guess the back end selection between Matomo and Analytics (that pilotes the cookie policy page content I guess) is part of cookie policy page issue isn't it? Please if we miss any new issue to cover something we didn't cover, add it to this epic! Do you have everything you need to finish it off?

Hey @myriamboure yes, I think I have everything I need.

• The main feature is complete and in Code Review here: #2411
• Basic integration with Matomo is addressed in #2492
• As far as I can see, "delete remember me cookie" #2400 is not applicable as it's already in place.

I am only missing some automated tests around some of these changes.

And add the opt-out iframe from Matomo in the cookie policy page. Also is the dynamic adaptation on that page already working @luisramos0 ? Like if instance use GA or Matomo some parts aren't visible?

yes, correct. I will use the matomo account setup now to add the Matomo opt-out iframe.

Yes, the cookies policy page is already flexible, I added screenshot here.

Quick epic update here, todo list:

• increase font size in #2597
• bug in the banner #2599
• improve policy page #2601
• matomo optout #2518
• user and admin documentation in #2427 and #2428

We are all dev done here. We are only missing the super admin guide book #2428

That's awesome @luisramos0 !!! We are going to do the last issue (documenting how to use the feature as a super admin user) when we set it up for France, so we need some days before we do the upgrade and then we'll work on it :-) That's on our side now! Cheers

This is done and working without any reported issue :-) Closing the epic !