Export capabilities should allow the current user to export their own posts

[rileypaulsen]

Currently, exporting is restricted to users with the 'export' capability (Admins, Network Admins), which effectively locks Editors, Authors, and Contributors out of the the process. I am proposing that an implicit capability in the exporter be created whereby users without the 'export' capability can choose to export their own posts.

The functionality to select a single user's posts for exporting is already built-in for those with the capability, so there is no underlying exporter code that needs to change. Front-facing modifications would include adding a message to the Export screen for non-Admins explaining that they can only download their own posts, specifying the proper single-user form parameters by default, and a few checks on the back-end to avoid any forgery.

Functionally, this enhancement would free users to own and control their content, and may help prevent site owners from holding their contributors' content hostage.

[rileypaulsen]

This would probably need to have a corresponding option in options-writing.php (or similar) to allow Admins to turn off user exporting ability; though I think it should be on by default, since any dedicated author could always access all their content by going through the edit screens and copy/pasting to another WP instance.

[kraftner]

I am not fully convinced. Just because you wrote something doesn't necessarily mean you own it.

[MikeHansenMe]

Thanks for the report. I think that in most cases the site owner would own the content and not necessarily the author.

[netweb]

Interestingly I was reading about the ​Coral Project as I saw the notification for this ticket :

For contributors: We want you to own your contributions, manage your personal data, and understand how your work will be evaluated and used by publishers.

This also is a ​Data Portability thing, if site owners choose to allow a user to "own their own data" then allowing said user to export their own data is a good thing in my opinion, be it comments, posts or forum topics and replies etc.

[rileypaulsen]

Replying to netweb:

This also is a ​Data Portability thing, if site owners choose to allow a user to "own their own data" then allowing said user to export their own data is a good thing in my opinion, be it comments, posts or forum topics and replies etc.

That's kind of what I was getting at. As I mentioned above, if an Editor/Author/Contributor can still access the WP-Admin for the site (which would give them access to this proposed exporting functionality), there's nothing really stopping them from copy/pasting all of their content manually, so it's not really a security/copyright thing.

[netweb]

I just bumped into the following, this is the first time I've read anything about the EU's GDPR:

​https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Data_portability

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The regulation was adopted on 27 April 2016. It enters into application 25 May 2018.

​https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Data_portability

A person shall be able to transfer their personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller.

​https://en.wikipedia.org/wiki/Data_portability#European_Union

Data portability has become a new right in the European Union's General Data Protection Regulation GDPR passed in April 2016. The Regulation will apply to data processors in countries outside the EU as well under certain circumstances. "Controllers must make the data available in a structured, commonly used, machine-readable and interoperable format that allows the individual to transfer the data to another controller." Earlier the European Data Protection Supervisor had stated that data portability could "let individuals benefit from the value created by the use of their personal data".