Make WordPress Core

Opened 18 months ago

Last modified 9 months ago

#43921 reviewing enhancement

Include community-events-location user meta value in Personal Data Export

Reported by: coreymckrill Owned by: garrett-eclipse
Milestone: Future Release Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: has-patch 2nd-opinion
Focuses: Cc:
PR Number:


Any user who visits the Dashboard screen will have a row in the usermeta table with location information, which is used by the WordPress Events and News widget to show relevant WP community events. The location information may include an IP address, location description, and/or lat/lon coordinates. This seems like personally identifiable information that should be included in a Personal Data Export.

Attachments (1)

43921.diff (2.0 KB) - added by coreymckrill 18 months ago.
Add community-events-location to exported data, update unit test

Download all attachments as: .zip

Change History (11)

#1 @coreymckrill
18 months ago

As noted here, the IP address is partially anonymized already, so it may not be completely necessary in the data export. However, if the user customizes the location in the widget UI, the database value will contain a location description (city name) and lat/lon, which is potentially much more specific than the IP.

18 months ago

Add community-events-location to exported data, update unit test

#2 @coreymckrill
18 months ago

  • Keywords has-patch 2nd-opinion added; needs-patch removed

In 43921.diff:

  • Add a case in the exporter function to grab the value of the community-events-location key for the given user and convert the array into a human-readable string.
  • Update the unit test for the data exporter function. It was already failing with an incorrect number of exported user properties. This adds the location data so that every possible piece of exportable data is included for the test.

Given that the comment exporter includes the Commenter IP value, I decided to go ahead and include it here along with the other possible location values, even though it's already partially anonymized.

The function that converts the exported user data into HTML doesn't handle values that are arrays, which is why this converts it to a string.

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.

18 months ago

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.

18 months ago

#5 @iandunn
17 months ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 4.9.7
  • Status changed from new to assigned
  • Version set to trunk

#6 @desrosj
17 months ago

  • Milestone changed from 4.9.7 to Future Release

Moving gdpr tickets that are not bugs to Future Release until the next steps can be properly evaluated.

#7 @desrosj
17 months ago

  • Component changed from Administration to Privacy

Moving to the new Privacy component.

#8 @desrosj
16 months ago

  • Keywords gdpr removed

Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.

#9 @garrett-eclipse
9 months ago

  • Keywords changed from has-patch, 2nd-opinion to has-patch 2nd-opinion
  • Owner set to garrett-eclipse
  • Status changed from assigned to reviewing
  • Version changed from trunk to 4.9.6

Thanks for the patch @coreymckrill this sounds like a great idea and was recently re-raised in our #core-privacy office hours. As this ticket already has a patch we'll continue the work here so I've owned it to review when I can. The other related ticket #45889 recently raised I've updated to have it handle just the Session data.

#10 @garrett-eclipse
9 months ago

Just for my personal reference while reviewing there is a Community Events Privacy plugin, which specifically prevents the Events Widget from sending the user's IP address:
*And fancy that... looks like it's even your plugin Corey ;)

Note: See TracTickets for help on using tickets.