#43721 closed enhancement (fixed)
Adding links to imprint and privacy policy pages on WP login screens
Reported by: | voneff | Owned by: | desrosj |
---|---|---|---|
Milestone: | 4.9.6 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Privacy | Keywords: | gdpr commit fixed-major |
Focuses: | Cc: |
Description
As the GDPR asks for links to Imprint/Legal Notice and Privacy Policy pages on every page a website vistor could possibly land on – would it not be necessary to easily being able to include respective links to the WP login and logout pages?
Maybe this could be done via the customizer where website owners could be given the option to enter names and links to aforementioned pages and then have them displayed at the bottom of the login screens.
(This is my first core ticket so please bear with me if this is the wrong way to address this! ;-P)
Attachments (9)
Change History (39)
#3
in reply to:
↑ 2
@
7 years ago
Replying to xkon:
@azaozz after taking a look at this do you think we could enhance the
get_privacy_policy_url()
to check if the page defined is of statusPublish
as well?
Ah, good catch! Will fix that shortly.
This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.
7 years ago
#5
@
7 years ago
That list of links is specifically geared towards helping people sign up or log in, so adding the Privacy Policy link there wouldn't be appropriate.
If this is absolutely legally necessary, I'd recommend sticking a smaller link (13px or smaller) to the bottom of the screen. See attached image.
#7
@
7 years ago
- Keywords has-patch 2nd-opinion added
43721.2.diff was a false upload, sorry wrong click.
In 43721.3.diff moved the Privacy Policy link on the bottom of the page as @melchoyce suggested above.
#8
@
7 years ago
@xkon I have tested your patch and made some changes, and added new patch 43721.4.diff. Removed 'login_link_separator'. Also made some changes to CSS.
#9
@
7 years ago
Oh good catch @chetan200891 I forgot about the separator from moving the code :) thank you!
This ticket was mentioned in Slack in #core by chetan200891. View the logs.
7 years ago
This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.
7 years ago
#14
follow-up:
↓ 15
@
7 years ago
@voneff - please cite the article and paragraph where this is required - thanks!
#15
in reply to:
↑ 14
@
7 years ago
Replying to allendav:
@voneff - please cite the article and paragraph where this is required - thanks!
Sure, I should probably have included this from the start.
I think Chapter 3, Section 2, Article 13 of the GDPR applies to every public-facing site of a website:
"Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: …" [Emphasis my own, source: https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/]
This is quite obvious when you allow people to register on your site, such as:
https://login.wordpress.org/register?locale=en_US
http://videos.wpbeginner.com/
https://css-tricks.com/wp-login.php?action=register
But also the /admin and /wp-login.php pages are public-facing – especially as they are linked to from the meta section in the sidebar on any fresh install. And if you collect personal data such as the IP address with your website this data will be collected here as well.
Is that sufficient? If not, let me know and I'll dig deeper...
#16
@
7 years ago
- Keywords needs-testing added; 2nd-opinion removed
43721.6.diff updates previous patches, using the_privacy_policy_link()
.
This ticket was mentioned in Slack in #core by jeffpaul. View the logs.
7 years ago
This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.
7 years ago
#20
@
7 years ago
- Keywords needs-testing removed
43721.7.diff just makes an adjustment to when the link becomes pinned to the bottom.
This is good to go. I just want confirmation from @allendav that this is necessary and that we are interpreting the guidelines correctly before adding commit
.
This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.
7 years ago
#22
@
7 years ago
- Keywords 2nd-opinion added
If necessary, this needs to be backported after #43850.
#23
@
7 years ago
This makes sense - since personal data collection is more likely for registered users, and the privacy policy might have updates which impact registered user personal data collection, it makes sense to provide a link to the privacy policy at this screen BEFORE they login.
This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.
7 years ago
#27
@
7 years ago
- Keywords fixed-major added; has-patch removed
- Resolution fixed deleted
- Status changed from closed to reopened
Reopening for backport to 4.9 branch.
Hello @voneff and welcome to core trac!
In my opinion you're absolutely correct, websites that do use the default registration/login pages should include a link to their Privacy Policy page if that exists as well.
In 43721.diff as we now have the handy
get_privacy_policy_url()
it adds the links in the currentnav
if a policy page link exists.@melchoyce would you be ok with this added in the
nav
as seen in 43721.preview.jpg ?@azaozz after taking a look at this do you think we could enhance the
get_privacy_policy_url()
to check if the page defined is of statusPublish
as well? Since the function returns just the url at the moment without the Publish check, if it still a 'draft' you end up having a 404 link basically if used for Front End as here. Or should the check be made manually in the template itself?