[wp-trac] [WordPress Trac] #59445: Emoji Caching violates GDPR / CCPA (was: Emoji Caching could violate GDPR / CCPA)

WordPress Trac noreply at wordpress.org
Mon Sep 25 23:59:13 UTC 2023 

#59445: Emoji Caching violates GDPR / CCPA
--------------------------+-----------------------------------
 Reporter:  antmg         |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  6.4
Component:  Emoji         |     Version:  6.3
 Severity:  major         |  Resolution:
 Keywords:                |     Focuses:  performance, privacy
--------------------------+-----------------------------------

Comment (by antmg):

 Being a cache by definition means it's not strictly necessary data, it can
 be recreated trivially if deleted and therefore is not required for the
 functionality of a site (So cannot come under the **strictly necessary**
 exception). Such storage can be used for cache, but after consent.

 Here's a link and excerpt from the UK's PECR ( our split from the EU )
 page covering the essential use exception:

 https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-
 electronic-communications/guide-to-pecr/cookies-and-similar-
 technologies/#exemptions

 There are two exemptions which apply where:

 * the cookie is for the sole purpose of carrying out the transmission of a
 communication over an electronic communications network; or

 * the cookie is strictly necessary to provide an ‘information society
 service’ (eg a service over the internet) requested by the subscriber or
 user. Note that it must be essential to fulfil their request – cookies
 that are helpful or convenient but not essential, or that are only
 essential for your own purposes, will still require consent.


 ----


 Based upon the second exception - this stored data is not essential /
 **strictly necessary** for the functionality, but helpful / convenient as
 it saves some compute time, but functionality would be otherwise entirely
 possible without the data in session storage.


 GDPR Version can be found here:

 https://ec.europa.eu/justice/article-29/documentation/opinion-
 recommendation/files/2012/wp194_en.pdf ()

  the cookie is “strictly necessary in order for the provider of an
 information society service explicitly requested by the subscriber or user
 to provide the service”.

 Similar to the PECR

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/59445#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list