[wp-trac] [WordPress Trac] #51110: Create a UI for user-level privacy / consent management options on the profile page

WordPress Trac noreply at wordpress.org
Wed Aug 26 18:38:54 UTC 2020 

#51110: Create a UI for user-level privacy / consent management options on the
profile page
-------------------------+-------------------------------------------------
 Reporter:  carike       |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  5.6
Component:  Privacy      |     Version:  trunk
 Severity:  normal       |  Resolution:
 Keywords:  needs-       |     Focuses:  ui, accessibility, administration,
  privacy-review         |  privacy
-------------------------+-------------------------------------------------
Description changed by carike:

Old description:

> **Background:**
>
> The Consent API is an initiative that is currently underway in the
> Privacy team.
> The code is available in the repository here:
> https://wordpress.org/plugins/wp-consent-api/
>
> The code does not include any user interface.
> However, this is something that the Team feels could be very useful and
> would greatly improve user experience.
>
> **The Challenge:**
>
> Cookie banners provide very little useful information to users -
> increasingly so the more they pop up as as checking-the-box responses to
> various pieces of legislation throughout the world.
> It would thus be useful to provide website users, who are registered,
> with a better UI to manage their consent - and to do so on a more
> persistent basis.
>
> **The Solution:**
> This may be updated, based on input received below / P2 discussions / dev
> chat.
> This ticket represents a milestone for the Consent API.
>
> ''There should be an action to re-direct users to this page (e.g.''
> wp_prompt_consent_admin'') to re-affirm their consent choices when
> necessary.''
> {{{#!php
> <?php
> <h2> Your Privacy </h2>
>
> <h3> While logged in: </h3>
> }}}
>
> ''Plugins should be able to filter paragraph:''
> {{{#!php
> <?php
>
> <p> Your privacy choices while logged in are saved in the database and
> will persist until you change them.
> You may be prompted to update your consent from time to time.
> For example, you may be asked whether you still consent to marketing if
> you have previously opted in
> and the site added a new cookie.
> This is merely an example, as legislative requirements differ between
> jurisdictions.</p>
>
> <h4> Consent categories: </h4>
> }}}
>
> ''User_meta values should only be created once a user saves their privacy
> preferences, not once a new user is created, to not unnecessarily strain
> large sites.
> Plugins should be able to update the default values for the checkboxes
> (i.e. for when no user_meta value exists), as well as whether the
> checkboxes should be edit-able by the user or not, as obligations may
> vary depending on the jurisdictions involved.''
>
> {{{#!php
> <?php
>
> 5 checkboxes with the descriptions: Functional, Preferences, Anonymous
> Statistics, Statistics, Marketing.
> }}}
>
> ''There should be a filter here so that the Disclosure / Permissions tabs
> or consent management plugins can add more information if they need to,
> or to add more granular choices.''
>
> {{{#!php
> <?php
> <h3> While logged out: </h3>
> }}}
>
> ''Plugins should be able to filter this paragraph:''
> {{{#!php
> <?php
> <p> Your privacy choices while logged out are saved in a cookie
> and will only persist until the cookie expires, or is deleted.
> If this happens, these values will reset to the website's defaults.
>
> 5 checkboxes with the descriptions: Functional, Preferences, Anonymous
> Statistics, Statistics, Marketing.
> }}}
>
> ''There should be a filter here so that the Disclosure / Permissions tabs
> or consent management plugins can add more information if they need to,
> or to add more granular choices.''
>
> {{{#!php
> <?php
> <h4> Website defaults </h4>
>
> 5 checkboxes (not select-able) with the descriptions: Functional,
> Preferences, Anonymous Statistics, Statistics, Marketing. These should
> display the site's default values, which should be edit-able by plugins.
> }}}
>
> ''There should be a filter here so that the Disclosure / Permissions tabs
> or consent management plugins can add more information if they need to,
> or to add more granular choices.''
>
> This ticket was created in response to a request from Paaljoachim.

New description:

 **Background:**

 The Consent API is an initiative that is currently underway in the Privacy
 team.
 The code is available in the repository here:
 https://wordpress.org/plugins/wp-consent-api/

 The code does not include any user interface.
 However, this is something that the Team feels could be very useful and
 would greatly improve user experience.

 **The Challenge:**

 Cookie banners provide very little useful information to users -
 increasingly so the more they pop up as as checking-the-box responses to
 various pieces of legislation throughout the world.
 It would thus be useful to provide website users, who are registered, with
 a better UI to manage their consent - and to do so on a more persistent
 basis.

 **The Solution:**
 This may be updated, based on input received below / P2 discussions / dev
 chat.
 This ticket represents a milestone for the Consent API.

 ''There should be an action to re-direct users to this page (e.g.''
 wp_prompt_consent_admin'') to re-affirm their consent choices when
 necessary.''
 {{{#!php
 <?php
 <h2> Your Privacy </h2>

 <h3> While logged in: </h3>
 }}}

 ''Plugins should be able to filter paragraph:''
 {{{#!php
 <?php

 <p> Your privacy choices while logged in are saved in the database and
 will persist until you change them.
 You may be prompted to update your consent from time to time.
 For example, you may be asked whether you still consent to marketing if
 you have previously opted in
 and the site added a new cookie.
 This is merely an example, as legislative requirements differ between
 jurisdictions.</p>

 <h4> Consent categories: </h4>
 }}}

 ''User_meta values should only be created once a user saves their privacy
 preferences, not once a new user is created, to not unnecessarily strain
 large sites.
 Plugins should be able to update the default values for the checkboxes
 (i.e. for when no user_meta value exists), as well as whether the
 checkboxes should be edit-able by the user or not, as obligations may vary
 depending on the jurisdictions involved.''

 {{{#!php
 <?php

 5 checkboxes with the descriptions: Functional, Preferences, Anonymous
 Statistics, Statistics, Marketing.
 }}}

 ''There should be a filter here so that the Disclosure / Permissions tabs
 or consent management plugins can add more information if they need to, or
 to add more granular choices.''

 {{{#!php
 <?php
 <h3> While logged out: </h3>
 }}}

 ''Plugins should be able to filter this paragraph:''
 {{{#!php
 <?php
 <p> Your privacy choices while logged out are saved in a cookie
 and will only persist until the cookie expires, or is deleted.
 If this happens, these values will reset to the website's defaults.

 5 checkboxes with the descriptions: Functional, Preferences, Anonymous
 Statistics, Statistics, Marketing.
 }}}

 ''There should be a filter here so that the Disclosure / Permissions tabs
 or consent management plugins can add more information if they need to, or
 to add more granular choices.''

 {{{#!php
 <?php
 <h4> Website defaults </h4>

 5 checkboxes (not select-able) with the descriptions: Functional,
 Preferences, Anonymous Statistics, Statistics, Marketing. These should
 display the site's default values, which should be edit-able by plugins.
 }}}

 ''There should be a filter here so that the Disclosure / Permissions tabs
 or consent management plugins can add more information if they need to, or
 to add more granular choices.''

 Ideally, there would be a mechanism (e.g. two buttons) to request data
 export or erasure here.
 Thanks a lot to Ronnie Burt for bringing this up on Slack!
 It is important to note that the user should need to log again to make
 either an export or erasure request.
 Also, the request needs to be confirmed via e-mail for registered users.
 I imagine this would work best if it was similar to how password resets
 work at the moment.

 This ticket was created in response to a request from Paaljoachim.

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51110#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list