WordPress.org

Make WordPress Core

Opened 2 months ago

Closed 3 weeks ago

Last modified 9 days ago

#43637 closed enhancement (fixed)

Add filters and ajax support for personal data erasure

Reported by: allendav Owned by: allendav
Milestone: 4.9.6 Priority: normal
Severity: normal Version: trunk
Component: Privacy Keywords: gdpr has-patch commit fixed-major
Focuses: Cc:

Description

Similar to #43438 but instead of for personal data export, this is for personal data erasure.

Like #43438, plugins (or core concerns) will need to be able to register callbacks which can erase (or at least anonymize) personal data (a "page" at a time) from where they've stored it. How much is processed by a plugin's exporter in the context of a page is up to the plugin but should target to finish in far less than PHP timeout on a typical host.

When a plugin no longer needs more "pages" it indicates it is done with erasure in the same manner as in #43438.

BTW - the rationale for ajax is to allow wp-admin to drive the process without timeouts that could occur on sites with lots of pages of objects to traverse. As with #43438, the ajax exporter-by-exporter, page-by-page approach will also lend itself to REST API endpoints down the road.

Attachments (5)

43637.diff (10.8 KB) - added by allendav 2 months ago.
Adds personal data eraser filtering and ajax supportr
43637.2.diff (7.0 KB) - added by allendav 6 weeks ago.
Updated to return the number of items removed, retained and any messages from the erasers
43637.3.diff (7.1 KB) - added by ericdaams 5 weeks ago.
Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter
43637.4.diff (6.0 KB) - added by desrosj 4 weeks ago.
43637.5.diff (5.1 KB) - added by desrosj 4 weeks ago.

Download all attachments as: .zip

Change History (29)

#1 @allendav
2 months ago

  • Keywords gdpr needs-patch added

@allendav
2 months ago

Adds personal data eraser filtering and ajax supportr

#2 @allendav
2 months ago

  • Keywords has-patch added; needs-patch removed

Requires #43442 to test. For testing instructions, see #43442.

#3 @Clorith
6 weeks ago

  • Owner set to allendav
  • Status changed from new to assigned

@allendav
6 weeks ago

Updated to return the number of items removed, retained and any messages from the erasers

#4 @allendav
6 weeks ago

Updated patch. Erasure ajax response now includes how many items were removed, how many were retained, and any messages personal data erasers wants to display to the administrator (e.g. "Personal data for this user was found in order 1324 but was not removed because the order has not yet shipped." )

Requires additional patches to test. Please standby for updated patches for #43442 and #43602 for testing.

cc @azaozz @mikejolley

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


6 weeks ago

@ericdaams
5 weeks ago

Updated to correct incorrect doc comment for wp_privacy_personal_data_erasers filter

#6 @desrosj
5 weeks ago

  • Milestone changed from Awaiting Review to 4.9.6

Moving to the 4.9.6 milestone after consensus was reached in the most recent GDPR chat (https://wordpress.slack.com/archives/C9695RJBW/p1524063200000304).

#7 @azaozz
5 weeks ago

In 42986:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
See #43637, #43602.

#8 follow-up: @coreymckrill
5 weeks ago

Should wp_ajax_wp_privacy_erase_personal_data() have a capability check? Seems like it should be delete_users like in https://core.trac.wordpress.org/ticket/43602#comment:21

#9 in reply to: ↑ 8 @azaozz
5 weeks ago

Replying to coreymckrill:

Yep, the cap check is there but see https://core.trac.wordpress.org/ticket/43602#comment:26.

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


4 weeks ago

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


4 weeks ago

#12 @desrosj
4 weeks ago

  • Keywords commit fixed-major added

#13 @joemcgill
4 weeks ago

This depends on functionality from #43438, specifically [42889] to be backported, before this can be merged to the 4.9 branch. Additionally, @ocean90's concerns on the original ticket need to be addressed before this can be completed.

This ticket was mentioned in Slack in #gdpr-compliance by joemcgill. View the logs.


4 weeks ago

@desrosj
4 weeks ago

#15 follow-up: @desrosj
4 weeks ago

In 43637.4.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).
  • Add missing placeholder descriptions for translators.
Last edited 4 weeks ago by desrosj (previous) (diff)

#16 in reply to: ↑ 15 @SergeyBiryukov
4 weeks ago

Replying to desrosj:

Change the %d placeholders for array indexes to %s (there was nothing ensuring arrays have numeric indexes only).

$eraser_index is specifically cast to int though:

$eraser_index = (int) $_POST['eraser'];

Let's just add translator comments and leave the placeholders as is, I don't see a need for changing them.

@desrosj
4 weeks ago

#17 @desrosj
4 weeks ago

In 43637.5.diff:

  • Ensure docblock for the wp_privacy_personal_data_erasers filter is properly formatted.
  • Add missing placeholder descriptions for translators.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


4 weeks ago

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


4 weeks ago

#20 @SergeyBiryukov
3 weeks ago

In 43075:

Privacy: add means to erase personal data by username or email address. First run.

Props allendav, coreymckrill, ericdaams, azaozz.
Merges [42986] to the 4.9 branch.
See #43637, #43602.

#21 @SergeyBiryukov
3 weeks ago

In 43104:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

See #43637.

#22 @SergeyBiryukov
3 weeks ago

In 43106:

Docs: Correct DocBlock formatting for wp_privacy_personal_data_erasers filter.

Merges [43104] to the 4.9 branch.
See #43637.

#23 @SergeyBiryukov
3 weeks ago

  • Resolution set to fixed
  • Status changed from assigned to closed

Looks like the changes from 43637.5.diff are already committed in [43060] and backported in [43105].

#24 @desrosj
9 days ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.