[wp-trac] [WordPress Trac] #43809: Add personal data from posts to personal data export

WordPress Trac noreply at wordpress.org
Tue May 1 10:25:11 UTC 2018 

#43809: Add personal data from posts to personal data export
-------------------------------------------------+-------------------------
 Reporter:  TZ Media                             |       Owner:  tz-media
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  General                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  gdpr has-patch needs-testing has-    |     Focuses:
  unit-tests                                     |
-------------------------------------------------+-------------------------
Changes (by azaozz):

 * milestone:  4.9.6 => Future Release


Comment:

 Replying to [comment:15 mnelson4]:

 I think we already discussed this a month ago and decided that posts are
 **NOT** personal data that needs to be exported.

 > > Looking more at this: don't think there is any personal data in
 posts... We are trying to export parts of the post instead of any user
 data as there is no user data in there :)
 >
 > Right, there usually isn't any user data in posts. But the text of the
 GDPR says "‘personal data’ means any information relating to an identified
 or identifiable natural person" (https://gdpr-info.eu/art-4-gdpr/) That
 sounds like its a bit more extensive than JUST personally-identifiable
 data.

 Right, but that doesn't mean we should export post content. If we follow
 that logic, attachments to the post are also associated with the post
 author, right? But someone else may have uploaded an image and the post
 author just used it. So why are we giving another person's data to the
 post author? What about comments? They are also associated with the post,
 do we include them too?

 Another relatively common case is that posts are authored by more than one
 person. Again, do we want to give someone else's "personal data" to the
 post author? What about copyright laws, do we have to break them? :)

 Also: which exact part of the GDPR is this complying with?
 - The right to see your data? Nope, any registered user can see all of
 their posts at any time in (at least) couple of ways: as an archive on the
 front-end, and in a list-table in the admin. Please keep in mind that
 registered users are "controllers" of their own data.
 - The right to reuse your data? Nope, that export cannot be reused as the
 post content is not complete. It misses any changes that may have happened
 on different actions and filters. The user will be able to get much better
 content if copying from an author archive view on the front-end.

 IMHO the right thing to do here is punt this for now and eventually come
 back to it when it is proven that we **MUST** introduce yet another
 (forth?) method of exporting posts.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43809#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list