[wp-trac] [WordPress Trac] #59445: Emoji Caching violates GDPR / CCPA
WordPress Trac
noreply at wordpress.org
Tue Sep 26 12:45:00 UTC 2023
#59445: Emoji Caching violates GDPR / CCPA
--------------------------+-----------------------------------
Reporter: antmg | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Emoji | Version: 6.3
Severity: major | Resolution:
Keywords: | Focuses: performance, privacy
--------------------------+-----------------------------------
Comment (by antmg):
Remembering some data calculated client side that can be recalculated
easily client side can not be compared to load balancing (necessary to
keep a service live, or more likely to make sure people stay on the same
server for the duration of their session for non clustered architectures).
At best it's not clear, at worst many wordpress users are breaking laws
unknowingly.
Given the potential issues (potential is used as your interpretation is
that it's covered potentially by the exceptions) vs the benefit, this
should be off by default, and the user should be able to enable it in the
admin pages if they understand what it does and the relevant laws in their
countries.
I think the only way to validate for sure would be to point the ICO and EU
+ USA equivalents at some wordpress.com sites but I don't think that would
stop at them finding it non compliant without issuing fines so that's not
really an option.
In the face of lack of a lawyer able to interpret all the relevant laws
for each and every country I'd assume it's not compliant somewhere as
that's the safest option and enabling it passes the risk and liability /
responsibility on to the individual as it's their admins choice to enable
it vs a wordpress project default
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59445#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list