[wp-trac] [WordPress Trac] #43602: Add to the privacy tools UX a means to erase personal data by username or email address

WordPress Trac noreply at wordpress.org
Thu Mar 22 19:49:27 UTC 2018 

#43602: Add to the privacy tools UX a means to erase personal data by username or
email address
------------------------------+------------------------------
 Reporter:  allendav          |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  General           |     Version:  trunk
 Severity:  normal            |  Resolution:
 Keywords:  gdpr needs-patch  |     Focuses:
------------------------------+------------------------------

Comment (by azaozz):

 Replying to [comment:3 allendav]:

 We discussed this a bit further on Slack.

 > - user contacts admin to request erasure of their data (can be by email,
 phone call, postal mail, etc)

 For registered users it makes sense to have a button on the Profile screen
 that would trigger the verification email.

 For commenters (no-priv users) we may need to add some minimal UI to be
 able to trigger the verification email themselves from the front-end.
 Alternatively can leave these requests to be made through the site's
 contact form or other method.

 > - admin enters the user’s email address in the box near the erasure
 request table and hits request-verification button
 > - mike jolley’s magic code sends the verification email to the user
 > - user clicks the link in the email thus verifying the request
 > - admin sees a badge/dot/number on the wp-admin sidebar menu and goes to
 the erasure requests wp list table and sees the user verified the request
 > - admin clicks on the "erase personal data" action for the verified
 request
 > - a progress indicator is displayed for that row of the wp list table
 while erasure is in progress
 > - after erasure is complete, if the user was a registered user, admin is
 prompted whether they'd like to also delete the user's account

 IMHO the erasure or anonymization should be done in one step here. It's
 simpler and easier to understand. If plugins store information that is
 optionally anonymized, they should have settings where the user can select
 what is overwritten/deleted. Thinking that we shouldn't be asking the
 admin to decide what to keep and what to delete every time.

 As far as I see we are not going to delete comments or posts belonging to
 the user. We will anonymize the comments, create new user and reassign the
 posts, then delete the old user account.

 > - if the admin consents, the user account is then deleted

 This step should be automatic, see above.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43602#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list