[wp-trac] [WordPress Trac] #43437: Add way for registered users to request deletion or anonymization of their private data

Fri Sep 18 17:23:48 UTC 2020

#43437: Add way for registered users to request deletion or anonymization of their
private data
-------------------------------------------------+-------------------------
 Reporter:  azaozz                               |       Owner:  (none)
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  5.6
Component:  Privacy                              |     Version:  4.9.6
 Severity:  normal                               |  Resolution:
 Keywords:  dev-feedback needs-refresh has-      |     Focuses:
  patch needs-testing                            |
-------------------------------------------------+-------------------------

Comment (by carike):

 There was a discussion about this ticket in the #core-privacy channel on
 Slack and I'd just like to record a summary here so it does not get lost:

 1. Clicking the export or erasure buttons should send an e-mail to the
 user, in a similar way to how password changes from the user profile
 screen are handled (this means that we can remove the "enable privacy
 checkbox" on the UI ticket);

 2. We were discussing if the user should still be required to re-
 authenticate (log in again), since that is included in the Regulations for
 users that have password protected accounts.
 While I agree that needing to click on the link in the e-mail is a measure
 that confirms the user's identity, it is easy to require with the specific
 minimum requirement in the Regulations. On the other hand, it can
 sometimes be hard / time-consuming to explain to regulatory authorities
 that your measures are as good or better. I believe that we should
 consider doing both.

 There has been some concern on Slack during bug scrubs regarding the
 implication this ticket may have on larger sites.

 The scope of this ticket is just to expose the data export and erasure
 functions, which are already available in WordPress, to registered users
 on the user's profile page.
 We do not anticipate any breaking changes within this scope.

 There is a need for a simplified process for sites that do not have data
 from other sources that they need to collate and for which an automated
 process (no manual admin approval) would be appropriate.
 However, that is not within the scope of this ticket and could be handled
 through a constant or other such approach to allow for backwards-
 compatibility.

 There has also been discussion about bringing more attention to erasure
 during user deletion (a separate process which exists separate from data
 export and erasure). However, that is also not within the scope of this
 ticket.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43437#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform