[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates

WordPress Trac noreply at wordpress.org
Tue Apr 3 17:21:36 UTC 2018 

#43492: Core Telemetry and Updates
------------------------------+------------------------------
 Reporter:  xkon              |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Upgrade/Install   |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  gdpr 2nd-opinion  |     Focuses:
------------------------------+------------------------------

Comment (by azaozz):

 Replying to [comment:28 DavidAnderson]:
 > > As with everything else in WordPress, site owners can opt out of this
 service by using a plugin.
 >
 > If the intention is to comply with the GDPR, then the GDPR requires
 explicit informed consent for all PII (which includes all URLs and IP
 addresses that can eventually be traced to an individual). Opt-in-by-
 default, and requiring explicit opt-out action, are specifically
 prohibited.

 Think there may be some misunderstanding here. I'm not talking about
 giving or withholding consent of sending a site's URL to another site
 (this actually happens every time somebody follows a link on the
 internet). I'm talking about discontinuing a service that helps to keep a
 particular website secure.

 As mentioned in previous comments, there are specific rules in the GDPR
 concerning information needed for security reasons. They seem to apply in
 this case.

 > I do not work for the WP Foundation and it is not my business...

 I do not work for the WP Foundation either. WordPress is an open source
 project, and everybody here is contributing to it :)

 I'll try to explain my point once more:
 - It will be really foolish to force site owners into making a decision
 about keeping their websites secure without giving them enough information
 so they can make an informed decision.
 - For that reason think this ticket should focus on providing that
 information, including what data is sent on update checks, how it is used,
 and what it would mean for their site if these checks are disabled.

 I'd also really like to hear a lawyer's opinion on whether domain names
 and a websites IP addresses constitute "personal data" under the GDPR. If
 anybody knows of any such opinions that are posted somewhere, linking them
 here would be very helpful.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list