[wp-trac] [WordPress Trac] #59445: Emoji Caching violates GDPR / CCPA
WordPress Trac
noreply at wordpress.org
Mon Sep 25 23:19:42 UTC 2023
#59445: Emoji Caching violates GDPR / CCPA
--------------------------+-----------------------------------
Reporter: antmg | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Emoji | Version: 6.3
Severity: major | Resolution:
Keywords: | Focuses: performance, privacy
--------------------------+-----------------------------------
Changes (by westonruter):
* version: 6.3.1 => 6.3
Comment:
Replying to [ticket:59445 antmg]:
> Has resulted in WordPress, by default, writing to session storage on
page load, without the viewer's consent, this is a compliance issue for
GDPR (Europe) / CCPA (USA) as consent has to be obtained before storing
data on an end user's device (cookies, local storage, session storage and
anything similar).
For reference, the ticket this was introduced in is #58472.
The use of `sessionStorage` in the emoji loader here is purely as a cache.
It's to avoid re-computing expensive checks for whether a set of emoji are
supported by the user's platform. So I understand it to be similar to a
regular browser cache. Browser caching clearly can't be a violation of
GDPR, as otherwise every single resource would have to be sent with
`Cache-Control: no-cache, no-store`. If the concern is that
`sessionStorage` would leak that a user had been to the site before, this
can also be determined by whether page resources were cached. So I don't
see what the issue is here. It does seem to fall into the realm of
"essential".
I am also not a lawyer.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59445#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list