WordPress.org

Make WordPress Core

Opened 21 months ago

Closed 20 months ago

Last modified 20 months ago

#43389 closed feature request (wontfix)

Add a privacy policy page setting to options-reading.php

Reported by: allendav Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.1
Component: Administration Keywords:
Focuses: Cc:
PR Number:

Description

Proposed: Add a privacy policy page setting to options-reading.php or possibly options-general.php. The privacy policy page setting, like the home page setting, could default to un-set, and an admin could otherwise select from pages on the site.

The selected page would be saved in the site's options and available to themes and plugins via something like get_privacy_policy_url (similar to how get_home_url works)

We should also have a is_privacy_policy that returns true (similar to how is_home works)

May or may not want the result filterable like home_url supports.

Rationale for adding to core: with the EU GDPR coming into effect, more sites are required to have a published privacy policy. Having a standard means of fetching a site's privacy policy url will be great help to themes and widgets that need to expose that information.

Attachments (2)

43389.diff (2.5 KB) - added by allendav 21 months ago.
43389.2.diff (2.5 KB) - added by allendav 21 months ago.
Corrected duplicate HTML id

Download all attachments as: .zip

Change History (15)

#1 @swissspidy
21 months ago

Related: #43175

Before we jump the gun here I'd heavily suggest discussing stuff like that in the GDPR compliance chats.

See https://make.wordpress.org/core/2018/02/19/proposed-roadmap-tools-for-gdpr-compliance/ for more information.

#2 @johnjamesjacoby
21 months ago

This issue came out of the GDPR chats.

We should decide if we want 1 master ticket, several smaller tickets, both, or neither based on timing, etc...

#3 @allendav
21 months ago

I'm a fan of breaking work down - this piece seems fundamental to me and could actually be delivered early and independently of other GDPR related work.

Edit: I'll be sure to mention this particular ticket/idea in next week's .org slack gdpr office hours as well

Last edited 21 months ago by allendav (previous) (diff)

#4 @azaozz
21 months ago

  • Keywords gdpr needs-patch added
  • Milestone changed from Awaiting Review to 5.0

Related: #43435.

#5 @azaozz
21 months ago

I'm not convinced we need another "special" page for the privacy policy. These are too complex to implement, have too many edge cases, too many rules that don't make sense for most users that make them hard to set and use.

On the other hand having a WP page will ensure the theme displays it properly.

Perhaps we can use a standard page. It will be created automatically when the site owner creates a privacy policy, see #43435. We can set the title and the slug according to the site's language. Then we can have get_privacy_policy_content() that will output the policy text the user created. Can even do it with a shortcode :)

Last edited 21 months ago by azaozz (previous) (diff)

#6 @allendav
21 months ago

Perhaps we can use a standard page. It will be created automatically when the site owner creates a privacy policy, see #43435. We can set the title and the slug according to the site's language. Then we can have get_privacy_policy_content() that will output the policy text the user created. Can even do it with a shortcode :)

I like this. We could even provide a helper function for themes/plugins to fetch whatever page the privacy policy shortcode is on if we don't want to persist it to an option?

#7 @allendav
21 months ago

On further thought (and discussion in slack) I don't think we should automatically create a page, but I think we still allow the admin to designate a page as the privacy policy page.

I suggest we then use #43435 to, instead of having a separate settings page, have a wide meta box that appears when editing the privacy policy page into which plugins can filter their privacy policy items, which can then be cut and pasted into the site's actual privacy policy in the co-located page editor.

This makes the UX more of a single-page workflow (instead of having two places to work - in settings and in a page editor) and also might even pave the way for privacy policy Gutenberg-blocks down the road.

@allendav
21 months ago

#8 @allendav
21 months ago

  • Keywords has-patch added; needs-patch removed

Here's a patch that adds a new setting to Settings > Reading for the privacy policy. It saves it in a page_for_privacy_policy option. I did not create a url-getter function since standard practice is probably to use something like get_permalink( get_option( 'page_for_privacy_policy' ) ); instead anyways.

@allendav
21 months ago

Corrected duplicate HTML id

#9 @azaozz
21 months ago

Discussed this in Slack: https://wordpress.slack.com/archives/C9695RJBW/p1520271733000031?thread_ts=1520270079.000490&cid=C9695RJBW

The plan is:

  • Add "Privacy" page under Tools menu.
  • Then add to it:
    • A button to create a page and set it as the Privacy Policy.
    • A drop-down to designate an existing page as the PP page. Once one of these is done, show a link to edit the PP page.
    • A tool to anonymize comments by the email.
    • A tool to anonymize user by email (and/or login name).
    • Explanations what each tool does.

See #43435.

Last edited 21 months ago by azaozz (previous) (diff)

#10 @allendav
21 months ago

Agreed - I'll redo this and expose the setting on the Tools > Privacy page #43435 is adding instead

Will also add an affordance (link?) to create the page if no page is selected. Link will open post-new with the title filled in as "Privacy Policy". On save, the page_for_privacy_policy option will be updated

If a page is selected, will include a link to edit the privacy policy page that will open post.php to edit the page.

#12 @allendav
20 months ago

  • Resolution set to wontfix
  • Status changed from new to closed

We delivered this setting UI to a different screen in https://core.trac.wordpress.org/ticket/43435

This was discussed in Making WordPress gdpr-compliance office hours today and we all agreed that there was no need to duplicate this setting UI in options-reading as well. Closing this issue as wontfix.

#13 @ocean90
20 months ago

  • Keywords gdpr has-patch removed
  • Milestone 5.0 deleted
Note: See TracTickets for help on using tickets.