[wp-trac] [WordPress Trac] #43473: Add default text for a privacy policy

WordPress Trac noreply at wordpress.org
Fri Apr 20 12:44:41 UTC 2018 

#43473: Add default text for a privacy policy
------------------------------+-----------------------
 Reporter:  azaozz            |       Owner:  idea15
     Type:  enhancement       |      Status:  assigned
 Priority:  normal            |   Milestone:  4.9.6
Component:  General           |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  gdpr needs-patch  |     Focuses:
------------------------------+-----------------------

Comment (by azaozz):

 Replying to [comment:13 idea15]:

 Some of these are strictly plugin related. We can "mention" that "in most
 cases" data may be used for .... purposes and sent to third party sites,
 but ultimately the plugins that do this should provide the exact info.

 > - Registered user data
 > - Account creation

 These are the same and concern only users that want to register. All of
 the data in listed on the Profile screen, not sure what exactly to mention
 about it, perhaps that only username and email are mandatory?

 > - Oembeds

 We have a list of the default oEmbed providers, however other sites can be
 added by plugins and any WP site is also a provider. Thinking we need some
 generic text here, perhaps like "Some pages may contain embedded sections
 from other websites like videos, images, etc. In these cases the other
 site may collect personal data like IP addresses and may set browser
 cookies".

 > - Visitor cookies

 No such thing in WP.

 > - Registered user cookies

 All of these are strictly "functional", used for logging in, etc. None is
 used for any tracking.

 > - Post data (posts?)

 Only registered users with sufficient capabilities can publish posts. Not
 sure that needs to be in the front-end visitor facing privacy policy,
 probably nothing. Perhaps can mention that posts contain the user ID on
 the Profile screen?

 > - Comments

 WP stores the commenter IP address and browser version string in addition
 to what the commenter provides in the comments form.

 > - Spam checks

 Nothing in WP by default, but can mention that all comment data may be
 sent to a "third party security check provider"?

 > - Analytics
 > - Telemetry

 There two are the same. Can probably mention that most sites store some
 visitor data to help them improve their service (Google Analytics of
 local/CPanel).

 > - Contact forms
 > - Order fulfilment
 > - Message boards

 Nothing in WP. Can leave for plugins that add the forms.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43473#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list