[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates
WordPress Trac
noreply at wordpress.org
Wed Apr 4 17:41:16 UTC 2018
#43492: Core Telemetry and Updates
------------------------------+------------------------------
Reporter: xkon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: gdpr 2nd-opinion | Focuses:
------------------------------+------------------------------
Comment (by robscott):
Maybe now I should disclose my 3 years of legal education... which
certainly do not qualify me to anything other than passing commentary.
Just to be clear about opt in vs opt out. If the "opt in" is relating to
personal data, then the GDPR specifically says:
{{{
"Consent should be given by a clear affirmative act establishing a freely
given, specific, informed and unambiguous indication of the data subject’s
agreement to the processing of personal data relating to him or her, such
as by a written statement, including by electronic means, or an oral
statement. This could include ticking a box when visiting an internet
website, choosing technical settings for information society services or
another statement or conduct which clearly indicates in this context the
data subject’s acceptance of the proposed processing of his or her
personal data. Silence, pre-ticked boxes or inactivity should not
therefore constitute consent. "
}}}
So if the consent is "opt out" then we should shelve it if it is personal
data and the ticket relates to GDPR.
My personal view would be this test:
1 is this personal data? Yes or no.
2 If yes - do we need to '''store''' it?
3 If we do not '''store''' the data, I don't feel we need to obtain
consent. (opinion!!).
4 If the data is stored - why? What is it stored for? (beyond the actual
transaction I mean)
We (might) need consent for the "why" - what is being done with this
(potentially identifiable) and (potentially) personal data?
Using the data for the purposes of processing the transaction (ephemeral
storage) is not storage. The only way this data can be considered personal
data would be if it were collected together as a package and stored.
Again, all my opinion.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:33>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list