[wp-trac] [WordPress Trac] #44068: Provide a way to check whether a user's data has been erased
WordPress Trac
noreply at wordpress.org
Mon May 14 04:43:10 UTC 2018
#44068: Provide a way to check whether a user's data has been erased
----------------------------+-----------------------------
Reporter: dennis_f | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: normal | Keywords: gdpr
Focuses: |
----------------------------+-----------------------------
There should be some way for plugins to check for completed personal data
erasures, so they won't store any personal data afterwards for those
users.
Consider the following scenario:
1. Plugin X saves user IP address when they sign in
2. User requests personal data erasure
3. Administrator completes the request and Plugin X deletes the user's IP
by using the "wp_privacy_personal_data_erasers" hook
4. Administrator removes the request
5. The same user signs in again later. The plugin saves the user's IP
address again since there is no way for the plugin to know that this user
had requested a personal data erasure.
Right now, when you click on the "Remove Request" button, the request
(post) is completely deleted from the database and there is no record of
the erasure.
So, if the requests were not completely deleted from the database after
clicking on the "Remove Request" button, but for example stored with a
custom status such as "completed-removed", this would allow us check if a
particular user has requested data erasure and therefore not store any
personal data about this user anymore. Or alternatively there could be a
flag stored in user meta upon erasure.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44068>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list