[wp-trac] [WordPress Trac] #40794: WordPress needs a privacy policy

Fri Oct 6 10:54:24 UTC 2017

#40794: WordPress needs a privacy policy
-------------------------------------------------+-----------------------
 Reporter:  johnbillion                          |       Owner:  pento
     Type:  task (blessed)                       |      Status:  assigned
 Priority:  normal                               |   Milestone:  4.9
Component:  Help/About                           |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch i18n-change needs-testing  |     Focuses:
-------------------------------------------------+-----------------------

Comment (by idea15):

 I personally hate the term "privacy policy" because it suggests
 impenetrable paragraphs of backside-covering written by a lawyer which
 bears little to no resemblance to the actual data collection and use on
 the site. Everyone needs to switch the perspective from privacy policies
 to GDPR's privacy notices, which are clear, accountable, transparent
 disclosures of what information is sent, to whom it is sent, and what
 control the user has over that.

 Anyone building a .org site which collects personal data and is subject to
 GDPR will need to disclose, in that site's privacy notice, what personal
 data (which, under GDPR, includes online identifiers) is being sent to
 wp.com and what control they have over the transmission of that
 information. That goes for the data being collected through plugins and
 themes as well; see the WP Tavern discussion on Gforms and contact form
 retention on databases.

 The anonymised or pseudonymised information sent for security purposes
 (updates) is fine. However, if the information transmitted to WP.org for
 the purposes of checking for upgrades also allows wp.com to see that
 Popular Ecommerce Site X has 100,000 customers, that's an online
 identifier, commercially sensitive information, and another headache.

 At the very least, there will need to be a way for anyone building a .org
 site to immediately reference all of the information they need about the
 data collection and transmission taking place both within the base wp
 install *and* any plugins and themes in order to include that information
 within their own privacy notice. That information has to include granular
 choices for opting-out if the user so wishes, whether that is Gravatar or
 Google Fonts or anything bar the most essential functionality.

 And if wp.org could save the users of the web literally thousands of hours
 in both sourcing and properly arranging that information, rather than (as
 has been mentioned above) sending users on a mystery tour for information
 which only developers can comprehend, all the better.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40794#comment:43>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform