Case Study: UNICEF - Voices of Youth

Back end development

Voices of Youth is a global community for young people to learn about development issues.

UNICEF - Voices of Youth

UNICEF

Voices of Youth is a global community for young people to learn about development issues (such as Environment, Education, Human Rights, etc) and to express their opinions. Voices of Youth seeks to create a space that will help young people develop into active global citizens equipped to communicate and collaborate effectively to make a positive difference in their countries and communities. On VOY, young people will gain knowledge and awareness of the key thematic issues affecting young people around the world, enabling them to have an open and honest dialogue about the world in which they live.

Project Requirements

  • Social network platform type
  • Data encryption
  • General Data Protection Regulation (GDPR) compliance
  • Third party integration

Project Overview

The overarching goal of the Voices Of Youth project is to provide an online community platform allowing young people to learn about development issues and to share their thoughts. In order to achieve this objective, we need to be in compliance with the General Data Protection Regulation (GDPR), allow all the young people members do publish content in the website, and to provide tools for the UNICEF staff to maintain the website and have a workflow to approve the sent content.

The Challenge

GDPR regulation compliance requires a set of features in with I can highlight: Right to be forgotten, Data portability, and Privacy by design. UNICEF also asked to have their membership, users and content splitted across all their country offices sites, and to use DISQUS platform to store the user comments instead of the regular Drupal comment system.

The Approach & Solution

As this project was and still is being conducted by a team, I'm writing only about my specific responsibilities.

  1. In order to improve the user security, all personal information is encrypted. To do so I've used encrypt Drupal module and configured it. Click here to learn how to configure the encrypt module.
     
  2. In order to create the functionality that allow the user to be completely forgotten by the VOY website, I've created a custom module to delete all data sent by the user and an API interface with Disqus to delete all comments that belongs to by him.
     
  3. To allow the data portability, another custom module had been created that searches for all user sent data and images across the site and Disqus, pack it in a zip file and allows only the user that owns the data to download it.
     
  4. To allow users to make comments using Disqus, we used the disqus Drupal contribu moudule.
     
  5. The country office site functionality has been implemented using a custom module that recognizes the URL context and automatically sets the appropriated pages, elements and permissions.