[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Dec 7 18:08:25 UTC 2016

#16778: wordpress is leaking user/blog information during wp_version_check()
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:

Comment (by idea15):

 When we're talking about the data being passed it's important to clarify
 whether it contains personal information or identifiers. Aggregated and
 de-identified data is not in violation of European laws or directives,
 although users should still have a right to opt out of it.

 GDPR is a fresh opportunity to build in better privacy structures and
 legal certainty. Although it is a European law, it creates a very healthy
 baseline for all users (see, for example, yesterday's piece on tracking
 data which European Uber users have a legal right to see but US users
 don't.) Everyone needs to be working in implementations for their own
 businesses and sites in any case ahead of deadline day, in addition to any
 changes that need to be made in the WP code. Start there by working
 towards specific requirements for GDPR compliance, rather than being
 sidetracked by a general discussion of ethics.

 Suggest we loop in the A8c legal team on further discussions of this as
 they'll be needing to appoint a DPO as part of GDPR, and these questions
 will be part of that person's job.

Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:74>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list