1 | # How to Connect Your Plugin to Core's New Privacy Policy Content View |
---|
2 | |
---|
3 | ## Background |
---|
4 | |
---|
5 | In WordPress 4.9.x, new tools were added to make compliance easier with laws |
---|
6 | like the European Union's General Data Protection Regulation, or GDPR for |
---|
7 | short. Among the tools added is a means to create or designate a page |
---|
8 | on your site as a Privacy Policy page. |
---|
9 | |
---|
10 | In addition to being able to create or designate such a page, when you |
---|
11 | edit that page, a meta box will display suggested contributions to your |
---|
12 | site's privacy policy from WordPress and participating plugins. |
---|
13 | |
---|
14 | Each plugin's contributions includes a Copy button to make it easy to |
---|
15 | copy the text into the clipboard for pasting by the administrator into |
---|
16 | and appropriate spot in the site's privacy policy. |
---|
17 | |
---|
18 | ## How It Works |
---|
19 | |
---|
20 | Plugins can hook translated text using a new function, |
---|
21 | `wp_add_privacy_policy_content`, to inform administrators of how the plugin |
---|
22 | collects, accesses, retains and/or shares personal data and/or how it |
---|
23 | tracks users and visitors to the site. |
---|
24 | |
---|
25 | ## How To Phrase Your Plugin's Contributions |
---|
26 | |
---|
27 | To minimize the amount of editing administrators need to do, it is best |
---|
28 | to phrase your plugin's contributions as if they are appearing on the site's |
---|
29 | privacy policy and being read by the end user (i.e. not the admin.) |
---|
30 | |
---|
31 | For example: |
---|
32 | |
---|
33 | 'When you leave a comment on this site, we send your name, email address, |
---|
34 | IP address and comment text to the example.com spam detection service |
---|
35 | to prevent spam from appearing on this site. Example.com does not |
---|
36 | retain your personal data.' |
---|
37 | |
---|
38 | ## What to Do |
---|
39 | |
---|
40 | A plugin should call `wp_add_privacy_policy_content` in the context of an |
---|
41 | `admin_init` hook, e.g.: |
---|
42 | |
---|
43 | ``` |
---|
44 | function my_plugin_privacy_declarations() { |
---|
45 | if ( function_exists( 'wp_add_privacy_policy_content' ) ) { |
---|
46 | |
---|
47 | $content = sprintf( |
---|
48 | __( 'When you leave a comment on this site, we send your name, email |
---|
49 | address, IP address and comment text to the example.com spam detection |
---|
50 | service to prevent spam from appearing on this site. Example.com does |
---|
51 | not retain your personal data. |
---|
52 | |
---|
53 | The example.com privacy policy is <a href="%s">here</a>.', |
---|
54 | 'my_plugin_textdomain' ), |
---|
55 | 'https://example.com/' |
---|
56 | ); |
---|
57 | |
---|
58 | wp_add_privacy_policy_content( |
---|
59 | 'My Plugin Name', |
---|
60 | wp_kses_post( wpautop( $content ) ) |
---|
61 | ); |
---|
62 | } |
---|
63 | } |
---|
64 | |
---|
65 | add_action( 'admin_init', 'my_plugin_privacy_declarations' ); |
---|
66 | ``` |
---|
67 | |
---|
68 | The next thing the plugin needs to do is to register the callback by |
---|
69 | filtering the eraser array using the `wp_privacy_personal_data_erasers` |
---|
70 | filter. |
---|
71 | |
---|
72 | When registering you provide a friendly name for the eraser (to aid in |
---|
73 | debugging - this friendly name is not shown to anyone at this time) |
---|
74 | and the callback, e.g. |
---|
75 | |
---|
76 | ``` |
---|
77 | function register_my_plugin_eraser( $erasers ) { |
---|
78 | $erasers[] = array( |
---|
79 | 'eraser_friendly_name' => __( 'Comment Location Plugin' ), |
---|
80 | 'callback' => 'my_plugin_eraser', |
---|
81 | ); |
---|
82 | return $erasers; |
---|
83 | } |
---|
84 | |
---|
85 | add_filter( |
---|
86 | 'wp_privacy_personal_data_erasers', |
---|
87 | 'register_my_plugin_eraser', |
---|
88 | 10 |
---|
89 | ); |
---|
90 | ``` |
---|
91 | |
---|
92 | And that's all there is to it! Your plugin will now clean up its personal |
---|
93 | data! |
---|