WordPress.org

Make WordPress Core

Changes between Version 3 and Version 4 of Ticket #43492, comment 16


Ignore:
Timestamp:
03/12/2018 02:18:31 PM (3 years ago)
Author:
DavidAnderson
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #43492, comment 16

    v3 v4  
    11@azaozz Don't shoot the messenger. GDPR says that all data which is linked to a directly, or indirectly, identifiable person, falls under its definition of personal data. This is the law in Europe from May, whether we like it or not. Sites which belong to individual persons (e.g. personal websites, sole traderships), and which are identifiable (e.g. send their URLs in the referer string, or via a reverse IP look up), arguably are included within the meaning of "can be identified ... indirectly" and as such all such collected data must be GDPR-compliant.
    22
    3 Disclosure is only relevant for data legally collected... if it's not legally collected according to the GDPR, then all the disclosure in the world makes no difference.
     3Disclosure is only relevant for data legally collected... if it's not legally collected according to the GDPR, then all the disclosure in the world makes no difference. The GDPR as I understand it also distinguishes different purposes for processing the same data. Data collected for security purposes cannot be used for aggregating statistics just because it happened to be hanging around.
    44
    55I am not a lawyer and hence offer no legal position on whether the WP foundation would have a good case for arguing that 100% of the data being sent in updates checks is essential for site security. Prima facie that seems a very hard case to make given that some of it has (AFAIK) never been used in over a decade, but ultimately that's for the foundation and its lawyers to take a view on, I suppose.