[wp-trac] [WordPress Trac] #40794: WordPress needs a privacy policy

WordPress Trac noreply at wordpress.org
Mon Oct 9 09:10:34 UTC 2017 

#40794: WordPress needs a privacy policy
----------------------------+-----------------------
 Reporter:  johnbillion     |       Owner:  pento
     Type:  task (blessed)  |      Status:  assigned
 Priority:  normal          |   Milestone:  4.9
Component:  Help/About      |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+-----------------------

Comment (by javorszky):

 Replying to [comment:45 pento]:

 > Unless you install and activate Jetpack, data is only being sent to
 WP.org, not WP.com. WP.org is hosted on seperate infrastructure,
 Automattic employees do not generally have access to it. ''Some''
 Automattic employees (myself included) have access, but we absolutely do
 not share that data inside Automattic, my colleagues know better than to
 ask. 🙂

 The main point is that it needs to be declared what data sent to where,
 who has access to it, and for what purpose. In this case, as soon as you
 install WP core, your blog name, if multisite, how many subsites, and your
 user count will be sent to the .org infrastructure every time WP Core
 checks for available updates (twice daily by default). The following
 people have access to the data: core contributors (? I don't actually
 know, but would love to), and for what purpose, ie: how is the data used
 to inform whatever decision it is informing.

 I'd also like to know what stops "Some Automattic" employees to exfil data
 from the .org infrastructure to use on other projects, such as .com
 infrastructure upgrades / marketing / whatever. Separation of roles /
 concerns / specific purpose.

 GDPR isn't even here, but having a read about data protection on the UK
 Government's site: https://www.gov.uk/data-protection, it seems current
 data protections aren't adequate even now.

 My next question: is this ticket only going to be about wording of the
 privacy policy, or will there be revisions to how the .org infrastructure
 handles data as well?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40794#comment:46>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list