[wp-trac] [WordPress Trac] #51188: Create a structure for consent-related user meta value

WordPress Trac noreply at wordpress.org
Fri Sep 4 07:49:09 UTC 2020 

#51188: Create a structure for consent-related user meta value
-----------------------------+---------------------
 Reporter:  carike           |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  5.6
Component:  Privacy          |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  close            |     Focuses:
-----------------------------+---------------------
Changes (by azaozz):

 * keywords:  needs-privacy-review => close


Comment:

 Replying to [comment:10 carike]:> Just for clarification:
 > The Disclosures Tab deals with site-level privacy (by helping site
 owners / admins understand their privacy risk profile).
 > The Consent API deals with individual website visitor consent.

 Yes, that sounds good. Need to be very clear who are the people/roles
 targeted in both of these features.

 > Users who need to give consent can be registered users who are logged
 in, registered users who are not logged in, or website visitors who are
 not registered.

 Think this doesn't sound right. In WP (and on most websites) there are no
 "registered users who are not logged in". These people are treated as
 "visitors" to the site, have no access to any special areas, and are not
 exposed to anything more that "standard" visitors.

 In that terms there are two groups of people that should be asked for
 consent:
 - Logged-in (registered) users that are not site-owners/admins. This may
 include people that are buying something from an online store, however
 afaik the requirements there are different and a "consent API" will
 probably not work for these cases.
 - Site visitors.

 > (The Consent API could conceivably serve the needs of the repos as well,
 in which case the site admins would be the ones denying consent, but that
 would be a secondary, complementary purpose.)

 Sorry but not sure I understand what you mean. What repos? Do you mean
 trac and github? How these have anything to do with a production install
 of WP? Also what does it mean for a site admin to "deny consent"? What
 happens then? The visitor is "thrown out" of the website?

 > Those who need to ask for consent are effectively the plugin
 developers...

 I think this is incorrect. Plugin authors should disclose what their
 plugins do or use, but the people that need to ask for consent are the
 site owners. Could you please double check this with somebody with a
 law/legal background (perhaps other member of the privacy team)?

 Also, some "software development housekeeping": Generally trying to
 determine some kind of format to store some kind of data in some
 (undecided) place without knowing how that data is going to be used is a
 pretty bad idea. This ticket should not be considered by itself. A data
 structure can easily be chosen once it is known exactly how it is going to
 be used.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51188#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list