[wp-trac] [WordPress Trac] #46905: Erase Personal Data without verify enable erase option and change status issue

WordPress Trac noreply at wordpress.org
Sat Apr 13 20:09:03 UTC 2019

#46905: Erase Personal Data without verify enable erase option and change status
 Reporter:  mehulwpos                            |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  Privacy                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-screenshots needs-testing close  |     Focuses:
Changes (by garrett-eclipse):

 * keywords:  has-screenshots needs-testing => has-screenshots needs-testing


 Hi @mehulwpos thank you for raising this issue to discuss.

 The 'Force Personal Data Erasure' admin action is there to allow admins
 another process flow as they may have disabled the notification so they
 could control the communication with the requestor, or they may have been
 informed by the requestor to just erase their data asap and provided
 confirmation prior to the request being made. In these cases the action
 allows the admin to process the request immediately which is what the
 Force action is for. So the process currently is correct in my opinion.

 That being said it's very similar to #44644 which was committed recently
 and will be part of the next major release (5.2). In that ticket it
 handled the Personal Data Export Request which had a similar action as you
 mentioned but for 'Download Personal Data'. Originally this download
 action would also move the request to the completed status. This flow
 matches what you're experiencing with the erasure flow and the 'Force
 Erase Personal Data'. However, these actions are vastly different in that
 the export was a way for the admin to preview the data so it made sense
 not to change the request state, while this force erasure action actually
 conducts to user action of erasure for them so there's no information left
 for them to erase making additional actions by them via the emails
 unnecessary. They also receive a confirmation email indicating their data
 erasure is complete.
 *One sidenote: If they use the link after a Force Erasure they get a page
 stating 'This link has expired' which could be confusing.

 With the Force Erasure triggered by Admins the erasure link expires and
 the user receives the fulfillment email completing the request cycle,
 which is why the status gets updated.
 With the Export Download trigger by Admins the user may still want to view
 that export data so it makes sense not to have the Admin action change the
 status to complete.

 I'm tempted to close this as `invalid` but will just label as `close` for
 now to leave the discussion open for the process flow here. I hope I
 understood your issue correctly here.


Ticket URL: <https://core.trac.wordpress.org/ticket/46905#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list