WordPress.org

Make WordPress Core

Opened 5 days ago

Last modified 5 hours ago

#40794 new enhancement

WordPress needs a privacy policy

Reported by: johnbillion Owned by:
Milestone: 4.8.1 Priority: normal
Severity: normal Version:
Component: Help/About Keywords: needs-patch
Focuses: Cc:

Description

It's been many years since an installation of WordPress operated in isolation. The software sends data to various endpoints on api.wordpress.org, most visibly for update checks, but also for fetching translations, checking browser compatibility, and (since 4.8) determining the user's location and fetching nearby WordPress events.

WordPress needs a privacy policy which covers data that gets sent to wordpress.org. The wordpress.org website has a privacy policy, and it may be sufficient to link to this, or it may be required to extend this with information specifically regarding the data that installations of WordPress send to api.wordpress.org. I recommend the addition of a new Privacy tab on the About WordPress screen.

It's worth noting that the pending EU GDPR affects everyone because it covers the export of data outside of the EU.

Adding to the 4.8 milestone as the WordPress Events and News dashboard widget is a particularly visible example of data collection in WordPress.

Related: Long-running discussion on #16778.

Attachments (1)

privacy.diff (3.9 KB) - added by swissspidy 5 days ago.
Early patch for the about page as an inspiration

Download all attachments as: .zip

Change History (7)

@swissspidy
5 days ago

Early patch for the about page as an inspiration

#1 @swissspidy
5 days ago

Also related in terms of data collection: #38418

Too bad previous efforts for such a privacy policy on the about screen were kinda ignored (see https://make.wordpress.org/core/2017/02/24/dev-chat-summary-february-22nd-4-7-3-week-4/). @mattyrob and I even shared mockups and a patch there. Attaching this patch now here for further discussion.

#2 @SergeyBiryukov
5 days ago

  • Component changed from General to Help/About

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


14 hours ago

#4 @jbpaul17
13 hours ago

  • Milestone changed from 4.8 to 4.8.1

Punting to 4.8.1 per discussion in today's 4.8 rc1 bug scrub in #core.

#5 follow-up: @netweb
7 hours ago

If WordPress 4.8 is going to ship with a new data collection feature I think it should include a privacy policy in 4.8, not 4.8.1, privacy should not be considered an afterthought by the project, it should be front and centre IMHO.

#6 in reply to: ↑ 5 @mikeschroder
5 hours ago

Replying to netweb:

If WordPress 4.8 is going to ship with a new data collection feature I think it should include a privacy policy in 4.8, not 4.8.1, privacy should not be considered an afterthought by the project, it should be front and centre IMHO.

Agreed.

Note: See TracTickets for help on using tickets.