1459 display monitoring dataprotection
updated version of !1179 (closed) and !1185 (closed)
Some thoughts on data privacy:
Right now we are logging 10 different events: Study deletion, Attributeset update, Subject data update, Subject search, Subject deletion, GDPR export, Participationrequest deletion.
Of these, the first three are user data, the rest is study and subject data. User data can be saved for different purposes: surveillance of the workforce, stopping attacks before they happen, understand how attacks happened in hindsight.
Also, we should think about what to protect against, some examples: members of the organization without bad intentions but neglect, members with bad intentions, external attackers who want to log in once and grab everything they can get and external attackers who want to maintain a low profile and monitor changes.
I think we could do without saving login-related data. Below are my thoughts on the (dis)advantages of (not) saving it.
Solution 1: We log all 10 events and display them under dataprotection
- Pros
- DPC has all means to investigate misuse
- Cons
- DPC has a lot of insight into user behaviour
- users don't know that their behaviour is being monitored and by whom
Solution 2: Don't monitor login-related events
- Pros
- more privacy for users
- if necessary we still have login information in django-axes
- Cons
- we can't discriminate between attacks where a user has lost their password and ones where someone had unauthorized access to a computer or a session