[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates

Thu Apr 5 13:52:36 UTC 2018

#43492: Core Telemetry and Updates
------------------------------+------------------------------
 Reporter:  xkon              |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Upgrade/Install   |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  gdpr 2nd-opinion  |     Focuses:
------------------------------+------------------------------

Comment (by DavidAnderson):

 @robscott Is there really still an open question that a large number of
 website URLs will be classified by the GDPR as PII? The GDPR says?

 > ‘personal data’ means any information relating to an identified or
 identifiable natural person (‘data subject’); an identifiable natural
 person is one who can be identified, directly or indirectly

 I don't see any ambiguity there. They've written "directly or indirectly"
 to clarify that it doesn't matter what means are being used to perform the
 identification (i.e. we can't say "ah, but we'd have to manually browse
 their website to do it, and that's hard to automate") - they've covered
 that. They don't specify particular types of data - once *any* of the data
 can lead to identification, *all* the data is then PII ("any information
 relating to").

 But on your major point - I'm very interested in that too. How does
 wordpress.org storing (assuming I've understood rightly) your number of
 users, and site URL, and various other things, and explicitly linking
 those to your site URL, and storing it all, without anonymization, do
 anything for security, given that the security updates mechanism in WP is
 pull-based and has no facility at all for push-based?

 The GDPR is explicitly designed to force granularity - it's not a by-
 product, it's one of their core aims. If you get piece of data A as
 something necessary for purpose X, then you can't process it for purpose Y
 - that needs separate/sufficient justification before your allowed to
 touch it, even if it's stored on your servers and you got it legitimately
 for purpose X. On my understanding of the WP updates mechanism (code which
 on the client side I've studied and interacted with at some length), the
 site URL is never used in the updates response at all. And things like the
 number of registered users certainly make zero difference to the returned
 results. So things of that sort surely need explicit opt-in, even if other
 things are deemed essential to the normal operation of WP (on which I
 don't have a specific opinion).

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:42>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform