[wp-trac] [WordPress Trac] #59445: Emoji Caching violates GDPR / CCPA

WordPress Trac noreply at wordpress.org
Tue Sep 26 11:24:26 UTC 2023 

#59445: Emoji Caching violates GDPR / CCPA
--------------------------+-----------------------------------
 Reporter:  antmg         |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  6.4
Component:  Emoji         |     Version:  6.3
 Severity:  major         |  Resolution:
 Keywords:                |     Focuses:  performance, privacy
--------------------------+-----------------------------------

Comment (by JavierCasares):

 There are 2 things here: Privacy (RGPD and others) and the usual "cookie-
 law" (so usually the banner-consent).

 In this case, the privacy is focused on "direct information" that can
 easily show who is using the cookie or data (email, name, etc.). In this
 case, it doesn't apply because "an external hacker" cannot cross
 information with your internal data (for example, a timestamp doesn't
 identify a user).

 About the consent for the cookies, same. You only need consent for saving
 information in cookies / data that can track you in any way. In this case,
 is not the situation because the data is only for the functionality and
 does not relate to anybody.


 Everything saved here is anonymous, it's functionality, does not relate to
 anybody, and does not track anybody, so there is no problem there.

 Plus
 https://ec.europa.eu/justice/article-29/documentation/opinion-
 recommendation/files/2012/wp194_en.pdf

 In summary, there are exceptions like:
 - access cookies (like the one WordPress uses to know if there are cookies
 enabled)
 - auth cookies (you are logged or not)
 - security cookies (hashes, etc.)
 - player / multimedia cookies
 - load balancer cookies (CDN, balancers, servers, but not IP)
 - interface personalization cookies (dark mode, using emojis, etc.)
 - browser and config / plugins cookies (usually device cookies only for
 that device)

 Again, in this case, the law doesn't apply because we are not using the
 cookies or data "for something wrong" (tracking people, exposing personal
 data, etc.) so there is no concern using this method.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/59445#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list