[wp-meta] [Making WordPress.org] #7716: Need clear definition of Explicit Consent for Plugin Guidelines
Making WordPress.org
noreply at wordpress.org
Sat Jul 13 10:12:05 UTC 2024
#7716: Need clear definition of Explicit Consent for Plugin Guidelines
-------------------------+--------------------
Reporter: drubonil | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone:
Component: Handbooks | Keywords:
-------------------------+--------------------
Currently plugin guideline states that:
7. Plugins may not track users without their consent.
In the interest of protecting user privacy, plugins may not contact
external servers **without explicit and authorized consent**. This is
commonly done via an ‘opt in’ method, requiring registration with a
service or a checkbox within the plugin settings. Documentation on how
any user data is collected, and used, should be included in the plugin’s
readme, preferably with a clearly stated privacy policy.
It says, plugins need explicit and authorized consent. I think paragraph
need to be more explicit with example. The rule should clear few things:
- Can a Plugin author Pre-Checked the consent with some smart wording?
- Can a plugin author auto-install other unrelated plugins with same pre-
checked dark UI method?
As I have reported this issue many times (via slack and email) and did not
get any straight-forward answer, I think these things are allowed. So I am
proposing the following changes to [the plugin
guidelines][https://developer.wordpress.org/plugins/wordpress-org
/detailed-plugin-guidelines/#7-plugins-may-not-track-users-without-their-
consent]
- You can pre-checked checkboxes for the consent to access any data of the
website and transfer to your own server for usage tracking
- You can pre-checked checkboxes to install unrelated or related plugins
for auto-install
- You may use dark-patterns for these checkboxes for example, you can use
the title "Join the [Plugin ShortName] Community" for getting access the
usage data and transfer to your server.
If these practices are not allowed in the definition of "Explicit Consent"
please add these as an example of that YOU CAN'T DO THESE and Plugin
review team should check on the offenders.
I am attaching a screenshot of a plugin that do these. Please note that,
tons of plugins use these type of dark patterns. This screenshot is only
for a reference. The checkboxes pre pre-checked by default.
[[Image(https://i.imgur.com/95KxGmN.png)]]
For example: Use just click "Save & Continue" which 99% people will do
then all the sales data along with plugin, site, theme information will be
transferred weekly basis. So I think it's a dark UI (or not!).
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7716>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list