[wp-trac] [WordPress Trac] #59445: Emoji Caching violates GDPR / CCPA

Tue Sep 26 11:42:30 UTC 2023

#59445: Emoji Caching violates GDPR / CCPA
--------------------------+-----------------------------------
 Reporter:  antmg         |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  6.4
Component:  Emoji         |     Version:  6.3
 Severity:  major         |  Resolution:
 Keywords:                |     Focuses:  performance, privacy
--------------------------+-----------------------------------

Comment (by antmg):

 Let's take a look at the PECR (UK):

 {{{
 The rules on cookies are in regulation 6. The basic rule is that you must:

 tell people the cookies are there;
 explain what the cookies are doing and why; and
 get the person’s consent to store a cookie on their device.
 As long as you do this the first time you set cookies, you do not have to
 repeat it every time the same person visits your website. However, bear in
 mind that devices may be used by different people. If there is likely to
 be more than one user, you may want to consider repeating this process at
 suitable intervals.

 You may also need to obtain fresh consent if your use of cookies changes
 over time.
 }}}

 And the exceptions:

 {{{
 There are two exemptions which apply where:

 the cookie is for the sole purpose of carrying out the transmission of a
 communication over an electronic communications network; or
 the cookie is strictly necessary to provide an ‘information society
 service’ (eg a service over the internet) requested by the subscriber or
 user. Note that it must be essential to fulfil their request – cookies
 that are helpful or convenient but not essential, or that are only
 essential for your own purposes, will still require consent.
 This means you are unlikely to need consent for:

 cookies used to remember the goods a user wishes to buy when they add
 goods to their online basket or proceed to the checkout on an internet
 shopping website;
 session cookies providing security that is essential to comply with data
 protection security requirements for an online service the user has
 requested – eg online banking services; or
 load-balancing cookies that ensure the content of your page loads quickly
 and effectively by distributing the workload across several computers.
 }}}

 Source https://ico.org.uk/for-organisations/direct-marketing-and-privacy-
 and-electronic-communications/guide-to-pecr/cookies-and-similar-
 technologies/#compliance
 (The UK information commissioner office)

 Theres no exception that would cover this use case.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/59445#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform