WordPress.org

Make WordPress Core

Ticket #43473: PRIVACY-POLICY-CONTENT-HOOK.md

File PRIVACY-POLICY-CONTENT-HOOK.md, 3.0 KB (added by allendav, 13 months ago)

Docs for end user / plugin handbook on how to use wp_add_privacy_policy_content

Line 
1# How to Connect Your Plugin to Core's New Privacy Policy Content View
2
3## Background
4
5In WordPress 4.9.x, new tools were added to make compliance easier with laws
6like the European Union's General Data Protection Regulation, or GDPR for
7short. Among the tools added is a means to create or designate a page
8on your site as a Privacy Policy page.
9
10In addition to being able to create or designate such a page, when you
11edit that page, a meta box will display suggested contributions to your
12site's privacy policy from WordPress and participating plugins.
13
14Each plugin's contributions includes a Copy button to make it easy to
15copy the text into the clipboard for pasting by the administrator into
16and appropriate spot in the site's privacy policy.
17
18## How It Works
19
20Plugins can hook translated text using a new function,
21`wp_add_privacy_policy_content`, to inform administrators of how the plugin
22collects, accesses, retains and/or shares personal data and/or how it
23tracks users and visitors to the site.
24
25## How To Phrase Your Plugin's Contributions
26
27To minimize the amount of editing administrators need to do, it is best
28to phrase your plugin's contributions as if they are appearing on the site's
29privacy policy and being read by the end user (i.e. not the admin.)
30
31For example:
32
33'When you leave a comment on this site, we send your name, email address,
34IP address and comment text to the example.com spam detection service
35to prevent spam from appearing on this site. Example.com does not
36retain your personal data.'
37
38## What to Do
39
40A plugin should call `wp_add_privacy_policy_content` in the context of an
41`admin_init` hook, e.g.:
42
43```
44function my_plugin_privacy_declarations() {
45        if ( function_exists( 'wp_add_privacy_policy_content' ) ) {
46
47                $content = sprintf(
48                        __( 'When you leave a comment on this site, we send your name, email
49                                address, IP address and comment text to the example.com spam detection
50                                service to prevent spam from appearing on this site. Example.com does
51                                not retain your personal data.
52
53                                The example.com privacy policy is <a href="%s">here</a>.',
54                                'my_plugin_textdomain' ),
55                        'https://example.com/'
56                );
57
58                wp_add_privacy_policy_content(
59                        'My Plugin Name',
60                        wp_kses_post( wpautop( $content ) )
61                );
62        }
63}
64
65add_action( 'admin_init', 'my_plugin_privacy_declarations' );
66```
67
68The next thing the plugin needs to do is to register the callback by
69filtering the eraser array using the `wp_privacy_personal_data_erasers`
70filter.
71
72When registering you provide a friendly name for the eraser (to aid in
73debugging - this friendly name is not shown to anyone at this time)
74and the callback, e.g.
75
76```
77function register_my_plugin_eraser( $erasers ) {
78  $erasers[] = array(
79    'eraser_friendly_name' => __( 'Comment Location Plugin' ),
80    'callback'             => 'my_plugin_eraser',
81    );
82  return $erasers;
83}
84
85add_filter(
86  'wp_privacy_personal_data_erasers',
87  'register_my_plugin_eraser',
88  10
89);
90```
91
92And that's all there is to it! Your plugin will now clean up its personal
93data!