This document proposes an implementation of improvements regarding privacy and personal data protection, with special emphasis on users under 13 years of age (U13 users). These functionalities are derived from the Children's Online Privacy Protection rule (COPPA), California Consumer Privacy Act (CCPA) and GDPR, and they are inspired by the implementations done by other organizations such as Khan Academy.
U13 will always be private and therefore they will not show up in rankings and their details will not be visible to any other user besides their parent and site admins.
The database will need to be modified to store a link from U13 accounts to parental figure accounts, and to also store whether an account has been verified by the parent or not. Existing U13 accounts will be given 7 days to register the email address of their parent and for their parent to verify their account.
- A list of APIs will be modified to disallow U13 from performing them. This includes all content creation APIs (create problem/contest/course/etc).
- A list of APIs will be modified to show only manually curated content (problems, courses and contests) to U13 and anonymous users. The only exception will be when a U13 was manually added as a participant of a private course/contest.
- Three new APIs will be created:
- An API for parents to verify their children's account.
- An API for users to request the deletion of their account. This will be performed by deleting all personal information from their account in the database and redacting their username.
- An API for users to request the deletion of their account. This will be performed by deleting all personal information from their account in the database and redacting their username.
- Add a date of birth field in sign up form.
- Forward existing users who didn't record a birthdate to the edit profile page the next time they sign in.
- Add a field in the profile page where users can register their parent's account.
- Add a banner reminding U13 users they have X days left for their parents to verify their account.
- Add a button where users can delete their child's account or their own account.
- Add a new page where parents can view a report of their child's activity.
- API parental token [omegaup/omegaup#6743]
- Cookie Consent Modal [omegaup/omegaup#6634]
- API Changes U13 Can't perfom [omegaup/omegaup#6718]
- API user can delete their account [omegaup/omegaup#6646]
- Created a birthdate picker and designed the sign up form [omegaup/omegaup#6695]
- Create an entrypoint to verify the parent token. [omegaup/omegaup#6773]
- Arenav2 pagination [omegaup/omegaup#6546]
- Added New Fields to Users Table. [omegaup/omegaup#6670]
GET /api/user/deleteConfirm/| Parameter | Type | Description |
|---|---|---|
token |
string |
/api/user/deleteRequest/| Parameter | Type | Description |
|---|---|---|
username |
null|string |
| Parameter | Type | |
|---|---|---|
token |
string |