[wp-trac] [WordPress Trac] #55346: Problem in GDPR regulations provided by core wordpress

WordPress Trac noreply at wordpress.org
Tue Mar 8 19:08:18 UTC 2022

#55346: Problem in GDPR regulations provided by core wordpress
 Reporter:  fs5ve         |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Privacy       |    Version:  5.9
 Severity:  major         |   Keywords:  needs-privacy-review
  Focuses:                |

 We, a group of researchers from University of virginia and John hopkins
 university are investigating the GDPR compliance issue for wordpress
 plugins. During the investigation,
 I have installed wordpresss 5.9 in my local machine. Later, I created one
 root and one regular user account in my local machine. After that, I
 installed profilepress (https://wordpress.org/plugins/wp-user-avatar/)
 plugin and activated it. By this time, I have some information (personal
 information) stored in the database. These days, to comply with GDPR,
 wordpress comes with data deletion and data access feature. So, to test
 that, I have made a request to delete my regular user from the database
 and approved it. In the request table, it showed the status to
 “completed”. But later when I select the data access, it exported that
 user’s data. I checked the database, I can still see all the information
 related to that user.

 Note that, I haven’t modified my code from the wordpress core, other than
 the configuration file.

 Can you please take a look at this issue? I can also share the screenshot
 of the whole process if needed. Please let me know if any other
 information needed.

Ticket URL: <https://core.trac.wordpress.org/ticket/55346>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list