[wp-trac] [WordPress Trac] #44464: Guide to write privacy policy: inexact point?

Sat Jan 12 00:28:58 UTC 2019

#44464: Guide to write privacy policy: inexact point?
-------------------------------+------------------------------
 Reporter:  Paride15           |       Owner:  garrett-eclipse
     Type:  defect (bug)       |      Status:  reviewing
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Privacy            |     Version:  4.9.6
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+------------------------------
Changes (by garrett-eclipse):

 * keywords:   => reporter-feedback
 * owner:  (none) => garrett-eclipse
 * focuses:  docs, administration, privacy =>
 * status:  new => reviewing
 * version:   => 4.9.6

Comment:

 Hi @Paride15 thank you for flagging to us here.

 There's alot of references to 'By default WordPress' in the current guide
 so wanted to be sure of which point specifically you're speaking of. If
 you could quote it that'd be helpful.

 Here's some options I found;

 - Under 'What personal data we collect and why we collect it'; "By default
 WordPress does not collect any personal data about visitors, and only
 collects the data shown on the User Profile screen from registered users.
 However some of your plugins may collect personal data. You should add the
 relevant information below."
 - Under 'Analytics'; "By default WordPress does not collect any analytics
 data. However, many web hosting accounts collect some anonymous analytics
 data. You may also have installed a WordPress plugin that provides
 analytics services. In that case, add information from that plugin here."
 - Under 'Who we share your data with'; "By default WordPress does not
 share any personal data with anyone."

 Please be as specific as you can not only on which verbiage but also what
 makes it invalid/inexact.

 Some notes on your points;
 - Integrated services - By default, only Gravatar is integrated. There are
 oEmbed capabilities but that requires the admin or an author/editor to add
 the embed.
 - CDN resources - By default WordPress doesn't have any CDN resources, all
 third-party scripts are localized.
 - pingback/trackback collect IP address - This is the server IP address
 and not a user IP so isn't considered Personally Identifiable Information.

 So correct me if I'm wrong but it seems by default only Gravatar collects
 Personal information in the form of IP. That's currently being looked at
 in #44067 and #14682 as well as is on the Privacy roadmap.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44464#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform