[wp-trac] [WordPress Trac] #51188: Create a structure for consent-related user meta value
noreply at wordpress.org
Fri Sep 4 07:49:09 UTC 2020
#51188: Create a structure for consent-related user meta value
Reporter: carike | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: 5.6
Component: Privacy | Version:
Severity: normal | Resolution:
Keywords: close | Focuses:
Changes (by azaozz):
* keywords: needs-privacy-review => close
Replying to [comment:10 carike]:> Just for clarification:
> The Disclosures Tab deals with site-level privacy (by helping site
owners / admins understand their privacy risk profile).
> The Consent API deals with individual website visitor consent.
Yes, that sounds good. Need to be very clear who are the people/roles
targeted in both of these features.
> Users who need to give consent can be registered users who are logged
in, registered users who are not logged in, or website visitors who are
Think this doesn't sound right. In WP (and on most websites) there are no
"registered users who are not logged in". These people are treated as
"visitors" to the site, have no access to any special areas, and are not
exposed to anything more that "standard" visitors.
In that terms there are two groups of people that should be asked for
- Logged-in (registered) users that are not site-owners/admins. This may
include people that are buying something from an online store, however
afaik the requirements there are different and a "consent API" will
probably not work for these cases.
- Site visitors.
> (The Consent API could conceivably serve the needs of the repos as well,
in which case the site admins would be the ones denying consent, but that
would be a secondary, complementary purpose.)
Sorry but not sure I understand what you mean. What repos? Do you mean
trac and github? How these have anything to do with a production install
of WP? Also what does it mean for a site admin to "deny consent"? What
happens then? The visitor is "thrown out" of the website?
> Those who need to ask for consent are effectively the plugin
I think this is incorrect. Plugin authors should disclose what their
plugins do or use, but the people that need to ask for consent are the
site owners. Could you please double check this with somebody with a
law/legal background (perhaps other member of the privacy team)?
Also, some "software development housekeeping": Generally trying to
determine some kind of format to store some kind of data in some
(undecided) place without knowing how that data is going to be used is a
pretty bad idea. This ticket should not be considered by itself. A data
structure can easily be chosen once it is known exactly how it is going to
Ticket URL: <https://core.trac.wordpress.org/ticket/51188#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac