[wp-trac] [WordPress Trac] #57880: Removing Emojis as GDPR trap

WordPress Trac noreply at wordpress.org
Tue Mar 7 09:56:55 UTC 2023 

#57880: Removing Emojis as GDPR trap
--------------------------------+-----------------------------
 Reporter:  burnuser            |      Owner:  (none)
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  External Libraries  |    Version:  6.1.1
 Severity:  normal              |   Keywords:
  Focuses:  privacy             |
--------------------------------+-----------------------------
 As reported there: https://github.com/WordPress/gutenberg/issues/48767 and
 advised to report it here.

 Inserting Emojis in the WordPress backend by every post author is very
 easy. With a few keystrokes to create a traditional smiley or inserting an
 Emoji with Windows On-Screen Keyboard.

 [[Image(https://user-
 images.githubusercontent.com/32030147/223041982-4a3c8731-8fc2-425b-8420-647d4b8d4bce.png)]]

 But when inserted, WordPress breaks a GDPR PRIVACY rule in the webpage
 frontend out of the box and loads the Emojis as SVG images from s.w.org
 Server.

 [[Image(https://user-
 images.githubusercontent.com/32030147/223042679-a5f92469-7df8-48c7-885a-
 6c47279e30c0.png)]]

 So, loading resources from an external (USA) server without user consent,
 the website owner can be sued in Europe!

 The only solution at the moment is using a Plugin like
 https://wordpress.org/plugins/disable-emojis/ to cut the unwanted external
 server connection.

 [[Image(https://user-images.githubusercontent.com/32030147/223043468
 -32c0bf3f-2a9f-42e0-9f10-9541ef2fc43e.png)]]

 Without any drawback in result, because any modern browser can display
 Emojis out of the box!

 But adding a "Disable Emojis" plugin to every WordPress website in Europe,
 only to be conform with GDPR is not a very lean solution. And most website
 owners are even not aware of the - eventually high price - problem of a
 simple, single inserted Emoji!

 One of the following solutions would be much better:
 A) Deactivating Emoji server fetching out of the box in WordPress
 B) Make Emoji server fetching optional (default = NOT) with a simple
 switch box in Settings => Reading
 C) Save and load Emojis locally (= from the same server of the WordPress
 installation)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57880>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list