Add setting to require consent for notifications

Ensure GDPR compliance by default (Article 25 GDPR – privacy by design and by default). Under GDPR, consent must be freely given, specific, informed and unambiguous [1]. We were subscribing users without explicity consent, which goes against the "No pre-ticked boxes" principle. For compatibility with existing installations, we're using a setting, disabled by default. Once we release version 2.4.0 we will enable it by default, which won't affect existing installations but only new ones. [1] https://gdprinfo.eu/best-gdpr-newsletter-consent-examples-a-complete-guide-to-compliant-email-marketing
2025-09-16 21:25:35 +02:00
parent 208dc01d3b
commit e7f2210380
8 changed files with 54 additions and 10 deletions
--- a/app/components/admin/settings/features_tab_component.rb
+++ b/app/components/admin/settings/features_tab_component.rb
@@ -26,6 +26,7 @@ class Admin::Settings::FeaturesTabComponent < ApplicationComponent
      feature.sdg
      feature.machine_learning
      feature.remove_investments_supports
+      feature.gdpr.require_consent_for_notifications
      feature.dashboard.notification_emails
    ]
  end