[wp-trac] [WordPress Trac] #48486: Add compliance tab to plugin repository pages on WordPress.org

WordPress Trac noreply at wordpress.org
Tue Dec 17 10:54:45 UTC 2019 

#48486: Add compliance tab to plugin repository pages on WordPress.org
-------------------------+-------------------------------------------------
 Reporter:  katwhite     |       Owner:  (none)
     Type:  feature      |      Status:  new
  request                |
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Plugins      |     Version:  5.3
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  accessibility, docs, privacy,
                         |  coding-standards
-------------------------+-------------------------------------------------

Comment (by carike):

 Version 2 of the Example Readme.txt :)


 {{{
 === Disclosures and Permissions Tabs ===
 Contributors: Carike
 Tags: disclosures, permissions, privacy, security
 Requires at least: 4.9
 Requires PHP: 5.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Consent API: TRUE
 Disclosures Tab: TRUE
 External Network Calls PHP: FALSE
 External Network Calls JavaScript: FALSE
 External Network Calls CSS: FALSE
 SaaS: FALSE
 Calls to External APIs: FALSE
 Remote Assets: FALSE
 Sets Cookies: FALSE
 Writes to DB: FALSE
 Creates Custom Post Type: FALSE
 Creates Custom Table: FALSE
 Stores PPI: FALSE
 Sends e-mails: TRUE
 Advertising on Dashboard: FALSE
 Advertising on Plugins List: FALSE
 Advertising on Plugin Setting Page: FALSE
 Asks for Backlinks: FALSE
 Code Audited by Third Party: FALSE

 CODE IS NOT FUNCTIONAL YET.  Experimental plugin.  For discussion /
 development.  Intended as Feature as a Plugin.

 == Description ==

 VISION STATEMENT:

 * We believe that privacy is a strategic competitive advantage.
 * This Feature as a Plugin follows a risk-based, as opposed to a
 compliance-based approach to privacy choices.
 * We firmly believe that if your aim is informed consent and you act in
 good faith at all times, then you are almost certain to come down on the
 "right" side of legislation.

 MISSION STATEMENT:

 Thus far many site owners have relied solely on their user experience /
 visual elements created by a plugin when choosing which of the many
 plugins fulfilling a particular function to install. We aim to change
 that.

 * DPT seeks to allow website admins / owners to make more informed choices
 when comparing plugins by facilitating plugin developers' ability to
 disclose what information is collected from their site and / or their
 users in a format that makes it understandable for an average user.
 * DPT aims to do this by rationally standardizing privacy options within
 the WordPress ecosystem.
 * DPT was developed with the hope of leveraging unrealized synergies.
 * DPT does not directly address
 https://core.trac.wordpress.org/ticket/48486, which only addresses an
 additional tab to the plugin page on the WordPress.org repository;
 however, it does seek to compliment it.
 * DPT does not seek to replace the Consent API, however, it does seek to
 compliment it. You can find the Consent API at:
 https://github.com/rlankhorst/wp-consent-level-api/blob/master/readme.txt
 * DPT hopes to assist in implementing sensible guidelines for plugins to
 advertise premium offerings, to hopefully enable plugin developers to
 monetize their content without alienating the user-base.

 == Installation ==

 The code in this plugin is not yet functional.
 Intended for discussion / development only.
 Until such time as it is submitted to the WordPress plugin repository, you
 will need to download a .zip folder via GitHub and upload the .zip folder
 under your /wp-admin/ plugins menu.

 == Frequently Asked Questions ==

 = Is this plugin functional? =

 No.  This code is not yet functional.  It is intended for discussion and
 development.

 = What does this plugin do? =

 This plugin is intended as a Feature as a Plugin, which means it will
 hopefully be included in WordPress core some day soon.
 The DPT plugin creates two sub-menus under the Plugins tab in the /wp-
 admin/ area; namely Disclosures and Permissions.
 The Disclosures tab provides those with "manage options" capabilities with
 privacy related disclosures.
 A copy of such disclosures is also available on the plugin's WordPress.org
 repository page.
 The Permissions tab provides those with "manage options" capabilities with
 privacy related options.
 Site administrators / owners can turn off permissions for marketing;
 statistics; and / or anonymous statistics on a site-wide basis; or they
 can do so on a plugin-by-plugin basis; or they can manage individual
 permissions (e.g. an external network call to example.com by plugin XYZ)
 on a plugin-by-plugin basis.

 = Does this plugin guarantee GDPR compliance? =

 No.

 == Changelog ==

 = 0.0.1. =

 For discussion purposes only.  Code is not yet functional.

 Updated readme.txt:

 "Privacy", "Security", "Accessibility" and "Certifications" sections were
 removed in favour of headers.
 Headers should default to FALSE (when parsed), unless explicitly declared
 as TRUE.

 "Privacy" section:

 1. Declaring compatibility with privacy tools:
 1.1. Removed "Consent API Compatibility" section;
 1.1.1. Added header for "Consent API";
 1.2. Removed "Disclosures and Permissions Tabs compatibility" section;
 1.2.1. Added header for "Disclosures Tab";

 2. Helping the site administrator / owner understand how the plugin
 communicates with other sites:
 2.1. Removed "External Network Calls" sub-section;
 2.1.1. Added header for "External Network Calls PHP";
 2.1.2. Added header for "External Network Calls JavaScript";
 2.1.3. Added header for "External Network Calls CSS";
 These were split as they may generally be associated with varying levels
 of risk.

 3. Contractual Terms other than the GNU GPL License that may apply to use
 of the plugin:
 3.1. Removed "Contractual Terms" section;
 3.1.1. Added header for "SaaS";
 Intended for cases where the plugin requires an account with a third
 party.
 E.g. Accounting software
 3.1.2. Added header for "Calls to External APIs";
 Intended for cases where an account with the third party is not
 necessarily required.
 E.g. Add To Any Social Sharing Buttons
 3.1.3. Added header for "Remote Assets";
 Intended for cases where information is fetched from a third party domain.
 E.g. external loading of fonts / images / etc.

 If the plugin author sets any of these headers as TRUE, they need to
 provide a comma-separated list to the Terms of Service / license terms for
 each instance.

 4. Helping the site administrator / owner understand how the plugin
 collects user data:
 4.1. Removed "Cookies" sub-section / Added header for "Sets Cookies";

 5. Helping the site administrator / owner understand the ways in which the
 plugin processes / stores user data:
 5.1. Removed "Cron Jobs" sub-section;
 5.1.1. This remains relevant to the Disclosures and Permissions Tabs, but
 is excluded from the recommended readme.txt.
 5.2. Added header for "Writes to DB";
 5.2.1. This is intended for any instance in which the plugin writes to the
 MySQL / MariaDB database;
 5.3. Added header for "Creates Custom Post Type";
 5.4. Added header for "Creates Custom Table";
 5.5. Added header for "Stores PPI";
 Intended for plugins that store Personally Identifiable Information (e.g.
 creates entries in the user_meta table).

 6. Helping the site administrator / owner understand other ways in which
 the plugin can send user data:
 6.2. Removed "Mail" sub-section;
 6.2.1. Added header for "Sends e-mails";

 7. The site administrator / owner as a customer:
 7.1. Removed "Advertising" sub-section;
 7.1.1. Added header for "Advertising on Dashboard";
 7.1.2. Added header for "Advertising on Plugins List";
 7.1.3. Added header for "Advertising on Plugin Settings Page";
 7.2. Removed "Credits" sub-section;
 7.2.1. Added header for "Asks for Backlinks";

 8.1. Removed "Applicable Regulartory Standards" section
 8.1.1. Alternatives to be considered and discussed.

 "Security" section

 9.1. Removed "Security" section;
 9.1.1. "Report this Plugin" button in sidebar recommended (with
 appropriate measures to help prevent abuse);

 "Accessibility" section

 10.1. Removed "Accessibility section;
 10.1.1. Automated tools are not currently available.
 10.1.2. Alternatives to be considered and discussed.

 "Certifications" section

 11.1. Removed section regarding Certifications;
 11.1.1. Added header for "Code Audited by Third Party".

 = 0.0.0. =
 Version for discussion.  Code is not yet functional.
 }}}

 Cross-posted here: https://github.com/carike-codes/disclosures-and-
 permissions-tabs/blob/0.0.1/readme.txt for now.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48486#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list