[wp-trac] [WordPress Trac] #43750: Establish a standard means of core reading privacy declarations from plugins’ readme.txt

Thu May 31 18:00:30 UTC 2018

#43750: Establish a standard means of core reading privacy declarations from
plugins’ readme.txt
------------------------------------+------------------------------
 Reporter:  allendav                |       Owner:  (none)
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Privacy                 |     Version:  trunk
 Severity:  normal                  |  Resolution:
 Keywords:  gdpr needs-patch close  |     Focuses:
------------------------------------+------------------------------

Comment (by allendav):

 @azaozz @iandunn - for #43938 I need to know whether or not a plugin has
 implemented the privacy policy guide, export and erasure interfaces. (None
 of the present interfaces has a means of capturing any identifier for the
 plugins when they call them.)

 I was thinking that, instead of (or perhaps in addition to) modifying
 those interfaces, if we could have a new row in the plugin header that
 indicates if the plugin implements those interfaces, then when could 1)
 have what we need for #43938 AND 2) have a means (down the road) of
 showing privacy info/icons/something for plugins in the .org repository
 itself.

 What do you think?

 I was thinking that maybe plugins should have a Tags header something like
 what themes do ( https://codex.wordpress.org/File_Header )

 The tags we need for privacy would be

 - adds-to-privacy-guide - for plugins that provide snippets for the
 privacy policy guide
 - collects-personal-data - for plugins that register a personal data
 exporter and a personal data eraser for the personal data they collect
 and/or copy
 - collects-no-personal-data - for plugins that do not collect or copy
 personal data (mutually exclusive with collects-personal-data)
 - no-privacy-guide-text-needed - for plugins that do not do anything with
 personal data, and have nothing to add to the privacy policy (mutually
 exclusive with privacy-guide)

 Admins can be alerted during privacy guide, export and erasure when they
 have activated plugins that don't have these tags in their header (e.g.
 something like "You are responsible for gathering any personal data
 collected by the following plugins: plugin1, plugin2, etc,")

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43750#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform