[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates

WordPress Trac noreply at wordpress.org
Tue Apr 3 12:53:50 UTC 2018 

#43492: Core Telemetry and Updates
------------------------------+------------------------------
 Reporter:  xkon              |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Upgrade/Install   |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  gdpr 2nd-opinion  |     Focuses:
------------------------------+------------------------------

Comment (by azaozz):

 Replying to [comment:22 idea15]:
 > We've already established that the dataset sent back by telemetry checks
 (https://github.com/gdpr-compliance/info/blob/master/Synched-info.md)
 constitutes personal data.

 This is generally data about WordPress (the software) and the hosting
 company (the server). For clarity, could you point out which data is
 considered "personal"? For example, what is personal in the "core update"
 check:

 - Site URL - freely available from the domain registry
 - Site IP address (this is the server's IP address, not a "personal"
 address of any of the site's visitors) - server/hosting company info
 - WordPress version
 - PHP version - server/hosting company info
 - MySQL version - server/hosting company info
 - Locale
 - Number of sites (i.e., on a multisite install) (not stored)
 - Number of users (not stored)
 - Whether multisite is enabled or not
 - On Multisite installs, the URL of the parent blog (i.e., the parent blog
 of pento.blog is wordpress.com)
 - Initial DB version (corresponds with the version of WordPress that was
 initially installed for this site) - this is the same as "WordPress
 version" above
 - Report data on whether a site updated successfully or not

 Think we have touched an interesting question here: is the information
 about an internet site "personal data"? This is not information about who
 owns the site, who made it, who pays for it, who visits the site, etc. If
 we were sending the admin's email address to wp.org when checking for
 updates (which BTW would be nice in cases when an update fails), I'd agree
 that should be opt-in.

 I think that the focus here should be about informing and educating the
 site owners about what data is used when checking for updates, not forcing
 them to choose something when most of them cannot make an "informed
 decision" about it.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list