[wp-trac] [WordPress Trac] #43473: Add default text for a privacy policy

Wed May 2 14:54:09 UTC 2018

#43473: Add default text for a privacy policy
-----------------------------------------------+-----------------------
 Reporter:  azaozz                             |       Owner:  idea15
     Type:  enhancement                        |      Status:  assigned
 Priority:  normal                             |   Milestone:  4.9.6
Component:  General                            |     Version:
 Severity:  normal                             |  Resolution:
 Keywords:  gdpr 2nd-opinion has-patch commit  |     Focuses:
-----------------------------------------------+-----------------------

Comment (by allendav):

 Feedback on privacy-policy-tutorial.txt

 > Please edit your privacy policy content, and add any information from
 your themes and plugins. You will find it under this tutorial.

 Not all plugins will hook privacy policy content, especially right away.
 Please add a sentence to the effect that “Not all themes and plugins will
 provide information here - you will want to review your active plugins and
 theme to make sure that you’ve covered them all.”

 > Who we are

 Would it be possible to highlight the section titles or make them
 headings? They kinda blend into the text right now.

 > In this section you should note what personal data you collect from
 users and site visitors. This may include transactional data, such as
 purchase information; technical data, such as information about cookies;
 and personal data, such as user account information.

 I would start the “may include” list with the most likely examples for a
 WordPress site, e.g. “a user’s name or email address…”

 > “You must also note any collection and retention of sensitive personal
 data…”

 I like how we’ve tended to use “you should” elsewhere. It sounds less
 legal - and we want to avoid appearing to give legal advice. Could we
 change “must” to “should?”

 > “In addition to listing what personal data you collect, you need to note
 why you collect it. These explanations must note…”

 “need to” to “should” and “must note” to “should note”

 > “By default WprdPress…”

 WrpdPress to WordPress

 > “and only collects the data shown on the User Profile screen fro
 registered users…”

 “fro” to “from”

 > “However some of your plugins may collect personal data, add the
 relevant information below.”

 “add” to “so, you should add”

 > Comments. In this subsection you should note what information is
 captured through comments.

 Please add “We have noted the data which WordPress collects by default.”

 > Embedded content

 Do we include the list o’ links I pulled together for embeds and if so,
 let’s add “We have noted the embeds which WordPress supports by default
 along with links to their respective privacy policies.”
  > In this subsection you should note what analytics package you use

 Change “what” to “any” - not everyone will have an analytics package

 > By default WordPress does not share any personal data with anybody.

 Change “anybody” to “anyone”

 > security measures such as 2FA

 I’d spell out 2FA as “two factor authentication”

 > and human measures such as staff training

 I’d drop the word human

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43473#comment:59>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform