[wp-trac] [WordPress Trac] #49357: Admin intervention for personal data export really needed?
WordPress Trac
noreply at wordpress.org
Thu Feb 6 11:50:54 UTC 2020
#49357: Admin intervention for personal data export really needed?
-------------------------+--------------------------------------
Reporter: rconde | Owner: xkon
Type: enhancement | Status: accepted
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: administration, privacy
-------------------------+--------------------------------------
Changes (by xkon):
* owner: (none) => xkon
* status: new => accepted
* focuses: => administration, privacy
Comment:
Replying to [comment:5 rconde]:
> For the "As far as 3/4 goes" and "a higher level of automation may be
highly desirable.", do you think a medium to large organizations, say a WP
installation with 100.000 users where 5% of them request their data
download out of curiosity, a DPO is checking manually 5.000 request just
in case something is missing? I don't really think that. 5.000 manual
clicks for sending the export link to each user? Nah.
I'm not disagreeing with this, that's why as mentioned we already talked
about it during our weekly meetings and we agreed that we will be looking
into this as it will surely help take some load of plenty of Admins or
DPOs that don't have any extra source of data to check & gather.
Not all exports require manual inspections and cross-checking external
sources so we can adjust the code and provide this functionality to any
website that might need it.
----
> And about multiple sources of personal data. Why would something be
missing? This would means that the plugin is poorly written/developed.
>
> A DPO inserting/modifying personal data into a zip file puts in danger
the data itself. A DPO is a human and can mix personal data from another
users maybe, where a well structured SQL query and code don't.
That's not entirely correct. And we have to define what "Export Request"
really means here as I think there was a misunderstanding.
On one side we have the implemented WordPress Export Personal Data
functionality and on the other we also have the actual "Export Request"
that any of your members/clients are sending.
I'm pretty sure that @carike was mentioning the latter and in that case
data would/could be missing from an "Export Request" exactly because there
might be "multiple sources" and that means sources outside of WordPress
that we can't handle or know about in Core.
This is why we also gave the option to Download the packaged export .zip
for cases that there might be a need to gather data from other sources as
well and bundle them all together in a file to send an e-mail manually by
a DPO or Admin etc.
As an example:
I am using WordPress as my website so my clients can send me their export
requests there (this takes care of the "request" action itself and all the
data that are kept within WordPress.
But I also have 10 extra software running in parallel that are not
connected with WordPress and I keep data for these clients there also.
I would prefer to manually send 1 email that contains 10 different
packaged export files from various sources than send 10 different emails
to a user per source.
Still I'm not editing anything here, I'm just gathering the exports from
all the various software that I have :-).
Does this make sense in this context?
----
> As I've said, **I think we are creating an artificial and avoidable
workload in most cases.**
>
> I think that by adding **at least** a bulk "Send Export Link" to all
user-confirmed requests is the minimum implementation to facilitate the
task of the administrator in this case.
A bulk send can be discussed as well to see it's pros and cons.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49357#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list