WordPress.org

Make WordPress Core

Opened 6 weeks ago

Last modified 5 weeks ago

#40794 new enhancement

WordPress needs a privacy policy

Reported by: johnbillion Owned by:
Milestone: 4.8.1 Priority: normal
Severity: normal Version:
Component: Help/About Keywords: needs-patch
Focuses: Cc:

Description

It's been many years since an installation of WordPress operated in isolation. The software sends data to various endpoints on api.wordpress.org, most visibly for update checks, but also for fetching translations, checking browser compatibility, and (since 4.8) determining the user's location and fetching nearby WordPress events.

WordPress needs a privacy policy which covers data that gets sent to wordpress.org. The wordpress.org website has a privacy policy, and it may be sufficient to link to this, or it may be required to extend this with information specifically regarding the data that installations of WordPress send to api.wordpress.org. I recommend the addition of a new Privacy tab on the About WordPress screen.

It's worth noting that the pending EU GDPR affects everyone because it covers the export of data outside of the EU.

Adding to the 4.8 milestone as the WordPress Events and News dashboard widget is a particularly visible example of data collection in WordPress.

Related: Long-running discussion on #16778.

Attachments (1)

privacy.diff (3.9 KB) - added by swissspidy 6 weeks ago.
Early patch for the about page as an inspiration

Download all attachments as: .zip

Change History (9)

@swissspidy
6 weeks ago

Early patch for the about page as an inspiration

#1 @swissspidy
6 weeks ago

Also related in terms of data collection: #38418

Too bad previous efforts for such a privacy policy on the about screen were kinda ignored (see https://make.wordpress.org/core/2017/02/24/dev-chat-summary-february-22nd-4-7-3-week-4/). @mattyrob and I even shared mockups and a patch there. Attaching this patch now here for further discussion.

#2 @SergeyBiryukov
6 weeks ago

  • Component changed from General to Help/About

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


5 weeks ago

#4 @jbpaul17
5 weeks ago

  • Milestone changed from 4.8 to 4.8.1

Punting to 4.8.1 per discussion in today's 4.8 rc1 bug scrub in #core.

#5 follow-up: @netweb
5 weeks ago

If WordPress 4.8 is going to ship with a new data collection feature I think it should include a privacy policy in 4.8, not 4.8.1, privacy should not be considered an afterthought by the project, it should be front and centre IMHO.

#6 in reply to: ↑ 5 @mikeschroder
5 weeks ago

Replying to netweb:

If WordPress 4.8 is going to ship with a new data collection feature I think it should include a privacy policy in 4.8, not 4.8.1, privacy should not be considered an afterthought by the project, it should be front and centre IMHO.

Agreed.

This ticket was mentioned in Slack in #core by iandunn. View the logs.


5 weeks ago

Note: See TracTickets for help on using tickets.