Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#43721 closed enhancement (fixed)

Adding links to imprint and privacy policy pages on WP login screens

Reported by: voneff's profile voneff Owned by: desrosj's profile desrosj
Milestone: 4.9.6 Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr commit fixed-major
Focuses: Cc:

Description

As the GDPR asks for links to Imprint/Legal Notice and Privacy Policy pages on every page a website vistor could possibly land on – would it not be necessary to easily being able to include respective links to the WP login and logout pages?

Maybe this could be done via the customizer where website owners could be given the option to enter names and links to aforementioned pages and then have them displayed at the bottom of the login screens.

(This is my first core ticket so please bear with me if this is the wrong way to address this! ;-P)

Attachments (9)

43721.preview.jpg (102.3 KB) - added by xkon 7 years ago.
43721.diff (999 bytes) - added by xkon 7 years ago.
login-register_privacy.png (76.8 KB) - added by melchoyce 7 years ago.
43721.2.diff (999 bytes) - added by xkon 7 years ago.
43721.3.diff (1.2 KB) - added by xkon 7 years ago.
43721.4.diff (1.0 KB) - added by chetan200891 7 years ago.
43721.5.diff (1.2 KB) - added by xkon 7 years ago.
43721.6.diff (998 bytes) - added by xkon 7 years ago.
43721.7.diff (987 bytes) - added by desrosj 7 years ago.

Download all attachments as: .zip

Change History (39)

#1 @swissspidy
7 years ago

  • Keywords gdpr added

@xkon
7 years ago

@xkon
7 years ago

#2 follow-up: @xkon
7 years ago

Hello @voneff and welcome to core trac!

In my opinion you're absolutely correct, websites that do use the default registration/login pages should include a link to their Privacy Policy page if that exists as well.

In 43721.diff as we now have the handy get_privacy_policy_url() it adds the links in the current nav if a policy page link exists.

@melchoyce would you be ok with this added in the nav as seen in 43721.preview.jpg ?

@azaozz after taking a look at this do you think we could enhance the get_privacy_policy_url() to check if the page defined is of status Publish as well? Since the function returns just the url at the moment without the Publish check, if it still a 'draft' you end up having a 404 link basically if used for Front End as here. Or should the check be made manually in the template itself?

#3 in reply to: ↑ 2 @azaozz
7 years ago

Replying to xkon:

@azaozz after taking a look at this do you think we could enhance the get_privacy_policy_url() to check if the page defined is of status Publish as well?

Ah, good catch! Will fix that shortly.

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.


7 years ago

#5 @melchoyce
7 years ago

That list of links is specifically geared towards helping people sign up or log in, so adding the Privacy Policy link there wouldn't be appropriate.

If this is absolutely legally necessary, I'd recommend sticking a smaller link (13px or smaller) to the bottom of the screen. See attached image.

#6 @desrosj
7 years ago

  • Owner set to xkon
  • Status changed from new to assigned

@xkon
7 years ago

@xkon
7 years ago

#7 @xkon
7 years ago

  • Keywords has-patch 2nd-opinion added

43721.2.diff was a false upload, sorry wrong click.

In 43721.3.diff moved the Privacy Policy link on the bottom of the page as @melchoyce suggested above.

@chetan200891
7 years ago

#8 @chetan200891
7 years ago

@xkon I have tested your patch and made some changes, and added new patch 43721.4.diff. Removed 'login_link_separator'. Also made some changes to CSS.

#9 @xkon
7 years ago

Oh good catch @chetan200891 I forgot about the separator from moving the code :) thank you!

@xkon
7 years ago

#10 @xkon
7 years ago

43721.5.diff updates the code to be more consistent as used in #43715 as well.

This ticket was mentioned in Slack in #core by chetan200891. View the logs.


7 years ago

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.


7 years ago

#13 @desrosj
7 years ago

  • Milestone changed from Awaiting Review to 4.9.6

#14 follow-up: @allendav
7 years ago

@voneff - please cite the article and paragraph where this is required - thanks!

#15 in reply to: ↑ 14 @voneff
7 years ago

Replying to allendav:

@voneff - please cite the article and paragraph where this is required - thanks!

Sure, I should probably have included this from the start.

I think Chapter 3, Section 2, Article 13 of the GDPR applies to every public-facing site of a website:
"Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: …" [Emphasis my own, source: https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/]

This is quite obvious when you allow people to register on your site, such as:

https://login.wordpress.org/register?locale=en_US
http://videos.wpbeginner.com/
https://css-tricks.com/wp-login.php?action=register

But also the /admin and /wp-login.php pages are public-facing – especially as they are linked to from the meta section in the sidebar on any fresh install. And if you collect personal data such as the IP address with your website this data will be collected here as well.

Is that sufficient? If not, let me know and I'll dig deeper...

Version 3, edited 7 years ago by voneff (previous) (next) (diff)

@xkon
7 years ago

#16 @xkon
7 years ago

  • Keywords needs-testing added; 2nd-opinion removed

43721.6.diff updates previous patches, using the_privacy_policy_link().

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


7 years ago

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


7 years ago

#19 @desrosj
7 years ago

  • Owner changed from xkon to desrosj
  • Status changed from assigned to reviewing

@desrosj
7 years ago

#20 @desrosj
7 years ago

  • Keywords needs-testing removed

43721.7.diff just makes an adjustment to when the link becomes pinned to the bottom.

This is good to go. I just want confirmation from @allendav that this is necessary and that we are interpreting the guidelines correctly before adding commit.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


7 years ago

#22 @desrosj
7 years ago

  • Keywords 2nd-opinion added

If necessary, this needs to be backported after #43850.

#23 @allendav
7 years ago

This makes sense - since personal data collection is more likely for registered users, and the privacy policy might have updates which impact registered user personal data collection, it makes sense to provide a link to the privacy policy at this screen BEFORE they login.

#24 @desrosj
7 years ago

  • Keywords commit added; 2nd-opinion removed

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


7 years ago

#26 @iandunn
7 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 43120:

Privacy: Add policy link to login screen.

Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.

Props voneff, xkon, melchoyce, chetan200891, desrosj.
Fixes #43721.

#27 @iandunn
7 years ago

  • Keywords fixed-major added; has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening for backport to 4.9 branch.

#28 @SergeyBiryukov
7 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 43124:

Privacy: Add policy link to login screen.

Personal data collection is more likely for registered users than casual visitors, and the privacy policy might have been updated since a user last logged in. Those changes could impact the collection of personal data from registered users, so it makes sense to provide a link to the policy before users log in.

Props voneff, xkon, melchoyce, chetan200891, desrosj.
Merges [43120] to the 4.9 branch.
Fixes #43721.

#29 @voneff
7 years ago

Wow, we're in the beta – thanks everybody!

Pretty exciting for me as this really was my first core contribution whatsoever.

Credit also goes to Tanya R. Quintieri who raised this issue in a Facebook group and really got me thinking that it should be a core feature.

Cheers!

#30 @desrosj
7 years ago

  • Component changed from Login and Registration to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.