[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates

WordPress Trac noreply at wordpress.org
Wed Apr 4 17:41:16 UTC 2018


#43492: Core Telemetry and Updates
------------------------------+------------------------------
 Reporter:  xkon              |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Upgrade/Install   |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  gdpr 2nd-opinion  |     Focuses:
------------------------------+------------------------------

Comment (by robscott):

 Maybe now I should disclose my 3 years of legal education... which
 certainly do not qualify me to anything other than passing commentary.

 Just to be clear about opt in vs opt out. If the "opt in" is relating to
 personal data, then the GDPR specifically says:

 {{{
 "Consent should be given by a clear affirmative act establishing a freely
 given, specific, informed and unambiguous indication of the data subject’s
 agreement to the processing of personal data relating to him or her, such
 as by a written statement, including by electronic means, or an oral
 statement. This could include ticking a box when visiting an internet
 website, choosing technical settings for information society services or
 another statement or conduct which clearly indicates in this context the
 data subject’s acceptance of the proposed processing of his or her
 personal data. Silence, pre-ticked boxes or inactivity should not
 therefore constitute consent. "
 }}}

 So if the consent is "opt out" then we should shelve it if it is personal
 data and the ticket relates to GDPR.

 My personal view would be this test:

 1 is this personal data? Yes or no.
 2 If yes - do we need to '''store''' it?
 3 If we do not '''store''' the data, I don't feel we need to obtain
 consent. (opinion!!).
 4 If the data is stored - why? What is it stored for? (beyond the actual
 transaction I mean)

 We (might) need consent for the "why" - what is being done with this
 (potentially identifiable) and (potentially) personal data?

 Using the data for the purposes of processing the transaction (ephemeral
 storage) is not storage. The only way this data can be considered personal
 data would be if it were collected together as a package and stored.
 Again, all my opinion.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:33>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list