[wp-trac] [WordPress Trac] #55346: Problem in GDPR regulations provided by core wordpress
WordPress Trac
noreply at wordpress.org
Tue Mar 8 19:08:18 UTC 2022
#55346: Problem in GDPR regulations provided by core wordpress
--------------------------+----------------------------------
Reporter: fs5ve | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 5.9
Severity: major | Keywords: needs-privacy-review
Focuses: |
--------------------------+----------------------------------
Hi,
We, a group of researchers from University of virginia and John hopkins
university are investigating the GDPR compliance issue for wordpress
plugins. During the investigation,
I have installed wordpresss 5.9 in my local machine. Later, I created one
root and one regular user account in my local machine. After that, I
installed profilepress (https://wordpress.org/plugins/wp-user-avatar/)
plugin and activated it. By this time, I have some information (personal
information) stored in the database. These days, to comply with GDPR,
wordpress comes with data deletion and data access feature. So, to test
that, I have made a request to delete my regular user from the database
and approved it. In the request table, it showed the status to
“completed”. But later when I select the data access, it exported that
user’s data. I checked the database, I can still see all the information
related to that user.
Note that, I haven’t modified my code from the wordpress core, other than
the configuration file.
Can you please take a look at this issue? I can also share the screenshot
of the whole process if needed. Please let me know if any other
information needed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55346>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list