WordPress.org

Make WordPress Core

Opened 3 months ago

Closed 8 days ago

Last modified 7 days ago

#43491 closed enhancement (fixed)

Automatically create a Privacy Policy page when installing WordPress

Reported by: fclaussen Owned by: azaozz
Milestone: 4.9.6 Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr has-patch needs-testing ux-feedback fixed-major dev-reviewed
Focuses: Cc:

Description

  1. Install WordPress
  2. Add a Privacy Policy page just like Sample Page. Possibly add a special page status like 'front-page' 'blog posts'
  3. Add a privacy policy selector to options-reading or customizer like front page and blog posts
  4. Under tools we have the actual tools for exporting user data, anonymization of data and so on.

What I'm proposing is that this type of page is important. Specially now. So we need to pay proper attention to it.

Attachments (1)

43491.patch (1.7 KB) - added by azaozz 2 months ago.

Download all attachments as: .zip

Change History (26)

#1 @fclaussen
3 months ago

  • Keywords gdpr added

#2 follow-up: @mikejolley
3 months ago

This sounds like the same thing as https://core.trac.wordpress.org/ticket/43389?

#3 in reply to: ↑ 2 @fclaussen
3 months ago

Replying to mikejolley:

This sounds like the same thing as https://core.trac.wordpress.org/ticket/43389?

More or less.. the decision right now seems to be having the page picker under tools. #43389 also doesn't mention the possibility of having a privacy policy page being added on first install.

#4 @mikejolley
3 months ago

Hmm. I see. My question is what is worse for a new site.

a) A default privacy policy the user didn't write. b) No privacy policy at all.

If a policy is general enough to avoid legal issues it could be useful. If it *needs* admin input, it should be manual.

#5 @fclaussen
3 months ago

I'm against a default privacy policy. The admin should write it. But presenting it along with Sample Page maybe is saying "Hey, this is important. Write something here".

Go to your settings and select the front page, blog page, privacy page and so on.

#6 @azaozz
3 months ago

Think we should do that. Creating a new page titled "Privacy Policy", setting the option for it, but keep it a draft. The default content can be something like:

(Edit this page to create your privacy policy.)

Then the user will not have to select or create it from the Tools => Privacy screen, and can edit it straight away (it will be in the pages list table).

@azaozz
2 months ago

#7 @azaozz
2 months ago

  • Keywords has-patch needs-testing added

In 43491.patch: add a page for the privacy policy on install, similarly to the sample page.

#8 @allendav
2 months ago

  • Summary changed from Privacy Flow Proposal to Automatically create a Privacy Policy page when installing WordPress

Updating title to "Automatically create a Privacy Policy page when installing WordPress" per ticket scrub discussion in Making WordPress gdpr-compliance chat today.

#9 @dejliglama
2 months ago

  • The page could be pre-populated with the policy texts from WP core.
  • Using WP's standard page versioning system to inform website owners of changes to the page, when policy texts update from WP core - or other plugins for that matter, seems as a good idea. Though a bit of a new way of using the versioning system in this usecase:
  1. User sees new drafted policy page uppon install.
  2. User does litel or no changes and publish the page
  3. WP core updates policy text (page does not go back into draft)
  4. Updated text oges in to revision +1 (one step ahead of current version)
  5. Admin is alerted that a page holds a new version that is yet to be published
  6. Admin reviews changes, edits and publish.

One question: could step 4 be implemented using The Customizer feature: scheduling with no set date, but awaiting review ?

#10 @fclaussen
2 months ago

What @dejliglama suggested is important. Every time this page is published, we need to alert users of an updated privacy policy page and seek reconsent.

I already do that on the plugin with a notice that says something like "If this was just a typo fix you can dismiss this, if not you should seek reconsent"

But that goes into the consent management component, which we don't have for core and I don't know if we will ever have.

To me, this particular feature should be plugin based.

#11 @melchoyce
2 months ago

  • Keywords ux-feedback added

#12 @dejliglama
8 weeks ago

@melchoyce has some details going on in this trac : https://core.trac.wordpress.org/ticket/43620

#13 @azaozz
5 weeks ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 42981:

Privacy: automatically create a Privacy Policy page when installing WordPress.

Props fclaussen, azaozz.

Fixes #43491.

#14 @azaozz
5 weeks ago

In 42982:

Fix typo (missing !).

See #43491.

#15 @johnbillion
5 weeks ago

  • Milestone changed from Awaiting Review to 5.0
  • Version trunk deleted

#16 @azaozz
12 days ago

In 43243:

Privacy: make creating a privacy policy page on install multisite compatible.

See #43491.

#17 @azaozz
12 days ago

  • Milestone changed from 5.0 to 4.9.6
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopen for 4.9.6 consideration.

#18 @SergeyBiryukov
12 days ago

  • Keywords fixed-major added

#19 @desrosj
9 days ago

  • Keywords dev-feedback added

This ticket was mentioned in Slack in #core by desrosj. View the logs.


9 days ago

This ticket was mentioned in Slack in #core by azaozz. View the logs.


9 days ago

This ticket was mentioned in Slack in #gdpr-compliance by azaozz. View the logs.


9 days ago

#23 @SergeyBiryukov
8 days ago

  • Keywords dev-reviewed added; dev-feedback removed

#24 @SergeyBiryukov
8 days ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 43272:

Privacy: automatically create a Privacy Policy page when installing WordPress.

Props fclaussen, azaozz.
Merges [42981], [42982], [43243] to the 4.9 branch.
Fixes #43491.

#25 @desrosj
7 days ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.