[Koha-bugs] [Bug 14242] Use ISBN-field to fill out purchase suggestions (using an Ajax-request)

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14242

--- Comment #118 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
Some findings that will be useful for QA
The request to googleapis.com is done from the browser directly. IIUC the fact
that it's due to Koha means that Koha (and thus the library) processes personal
data by sending it to Google. Which means the library should (someplaces
legally or just by best practices) inform the patrons in the list of all
personal data processings.

Which personal data?
- IP address
- user agent
- Accept-Language
- ISBN search

Which is enough to identify someone/a device and for example know some of their
reading preferences and use that in advertising.

That likely means that it should be avoided unless it's absolutely necessary.
One solution could be for Koha to be a proxy for the requests.
Is there an example of Koha acting as a proxy to an external service?

Since it's an old bug, would me creating a followup bug about proxying the
query be enough?

And meanwhile, should a small warning in the syspref description be added? So
the library can update their documents about their personal data processing.

Something like «Personal data processing: Google will receive the following
data: IP address, OS name, web browser version, prefered languages, and the
ISBNs of the books suggested.»

A more experienced English speaker might find a better phrasing.

-- 
You are receiving this mail because:
You are watching all bug changes.