WordPress.org

Make WordPress Core

Opened 8 weeks ago

Last modified 6 weeks ago

#43933 new enhancement

Make the Privacy Policy page intro text shorter and more friendly

Reported by: iandunn Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr has-patch
Focuses: Cc:

Description

#43435 introduced the Privacy Policy page screen, which includes some intro text, intended to educate the user about their potential legal obligations, and some best practices for implementing and maintaining a privacy policy.

In the rush for the 4.9.6 string freeze, there wasn't enough time to fully discuss and iterate on the text, so I think it may be beneficial to continue the conversation.

Most recent discussion:

https://wordpress.slack.com/archives/C9695RJBW/p1525273783000517 https://wordpress.slack.com/archives/C9695RJBW/p1525274779000367

Attachments (2)

43933.patch (2.3 KB) - added by macbookandrew 7 weeks ago.
Tweaks existing text for clarity
43933.2.patch (1.9 KB) - added by macbookandrew 7 weeks ago.

Download all attachments as: .zip

Change History (26)

#1 @iandunn
8 weeks ago

Personally, I feel like there may be two issues with the current text:

Length/Intrusion

Aside from the (WXR) Export screen, there aren't any other screens in Core that have lengthy intros. Most have no text, and a few have 1 short sentence. With the Export screen, the text explains how to use the tool, rather than why it should be used.

I can see an argument for why this situation may be different, but the current approach and wording still feels a bit too verbose and intrusive to me, cluttering the page with documentation.

I'm wondering if there are better ways to achieve the goal of making sure the user knows what they need to. Maybe the majority of the text can be moved to a Help tab, and then a short intro sentence can be added that explains the very bare minimum, with a link to open the tab to learn more.

Here's an example of how that might look:

https://make.wordpress.org/community/files/2015/11/remote-css-basic.png
https://make.wordpress.org/community/files/2015/11/remote-css-help.png


Tone

The tone of the text doesn't feel entirely consistent with how the WordPress project typically tries to communicate with users. It feels kind of heavy-handed, like we're pushing the user to do what we want them to do, rather than offering them a tool to do what they want to do.

If we do want to promote an agenda, I feel like it should be done as a gentle encouragement, rather than a stern warning. We can focus on the positive aspects -- how a transparent privacy policy can help to build trust with users, and make them feel safe and informed -- rather than the negative -- what legal obligations the site owner may have. I think the About > Freedoms screen provides a good example.

Here's a very rough draft on what I think might be a better approach:

Creating a privacy policy helps your visitors understand what data you collect about them, and how it's used. A transparent policy can help them feel safe and informed, and also build trust between you and them.


I'd love to get some input from @melchoyce on the all of the above, as well as @idea15, @allendav, @azaozz, and anyone else who has any thoughts.

#2 @ocean90
8 weeks ago

  • Keywords needs-patch added
  • Milestone changed from 4.9.7 to 4.9.6

Thanks for the detailed ticket, @iandunn. String freeze is usually around RC, based on the schedule that's Tuesday, May 8th so there's plenty of time to try making that intro text better.

Moving to 4.9.6 to get more eyes on this. The earlier we make this clearer, the more users will understand and actually use the tools correctly.

This ticket was mentioned in Slack in #core by iandunn. View the logs.


8 weeks ago

#4 @xkon
7 weeks ago

I'm thinking of combining both cases if possible to make the best out of it.

Could we have the text under "Help" that would be permanent plus add "an 1 time dismissible notice?"

This way we'll have the text under Help permanently for further use but when a user enters this page when it's released he will see all that he needs for this page and dismiss it if he doesn't want it anymore. Does this make any sense?

This was an idea that I had for the Tools pages as well that don't have any help at all at the moment :D ...

For any further consideration please note that the users will have a seriously short amount of time to get prepared for all of this so the more we help them at the moment the better. That's why I would prefer to be somewhat 'intrusive' as it's for the better good.

Last edited 7 weeks ago by xkon (previous) (diff)

#5 @idea15
7 weeks ago

First, the tone reflects the fact that I wrote the intro text dovetailing with an article I've written separately for the privacy resource site, which is going live soon. The whole idea was that the two would be similar. If one is written speaking to the users like an adult and the other is written speaking to the user like it's a friend, that's going to be the gateway to a lot of problems.

Second, in the recent WordCamp talk I gave about creating GDPR-compliant privacy notices, I specifically warned against using hokey, over-familiar, sarcastic, attitudinal, or twee language. This is not "howdy" time. This is about providing a tool to support sites in providing accountability and transparency to ensure user trust in their services, and in accordance with what a regulator expects. It's somewhat incredible to me that the office hours discussion veered so far in the direction of the fear of the L-word that we now barely want to mention the notion that this process is about a business's legal compliance requirements at all.

From my own experience, when I see a privacy notice which is overfamiliar, overly nice, or hokey, it tells me to read over it with a fine tooth comb because they're hiding something.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


7 weeks ago

#7 @allendav
7 weeks ago

@iandunn wrote:

If we do want to promote an agenda, I feel like it should be done as a gentle encouragement, rather than a stern warning. We can focus on the positive aspects -- how a transparent privacy policy can help to build trust with users, and make them feel safe and informed -- rather than the negative -- what legal obligations the site owner may have.

And here's the pickle - this is for all practical purposes the first time that site owners have actual legal obligations when they throw a site up on the Internet. We shouldn't soft pedal that. The warning doesn't have to be stern, but imho it should be a clear warning to take their responsibilities as a site owner seriously. With GDPR, fun time now also comes with responsibility.

@macbookandrew
7 weeks ago

Tweaks existing text for clarity

#8 @andreamiddleton
7 weeks ago

I agree that whimsical, vague, or over-familiar language could dilute or distract from the core message here (which, if I understand correctly, is essentially "there are privacy laws and as a site owner you are probably subject to them").

I think we can probably find a way to maintain the friendly tone consistent with other admin notes in WordPress core while still communicating the information that we think users need in order to understand the tool and their broader responsibility as a site owner, though. :)

I'd suggest reducing the "you may need to"s in the original version and stick with facts, maybe like this:

Some international laws require website owners to create and display a privacy policy that tells visitors to your website what data you collect about them, and how it’s used.

Just my attempt. :) It's hard to strike that balance between serious and friendly, but I think it's worth trying.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


7 weeks ago

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


7 weeks ago

#11 @allendav
7 weeks ago

I prefer the wording as it stands today, plus @macbookandrew 's improvements. I think we should not softpedal the new responsibilities of web site ownership any more than we already have.

Wording as it stands today:

As a website owner, you may need to follow national or international privacy laws. For example, you may need to create and display a privacy policy. If you already have a privacy policy page, please select it below. If not, create one.

The new page will include help and suggestions for your privacy policy. However, it is your responsibility to use those resources correctly, to provide the information that your privacy policy requires, and to keep that information current and accurate.

After your privacy policy page is set, we suggest that you edit it. On the edit page screen you will find additional privacy information added by your themes and plugins. We would also suggest reviewing your privacy policy from time to time, especially after an update. There may be changes or new suggested information for you to consider adding to your policy.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


7 weeks ago

#13 @allendav
7 weeks ago

  • Keywords needs-refresh added

#14 @macbookandrew
7 weeks ago

  • Keywords has-patch added; needs-patch needs-refresh removed

Updated the patch file.

This ticket was mentioned in Slack in #gdpr-compliance by macbookandrew. View the logs.


7 weeks ago

#16 @allendav
7 weeks ago

Thanks @macbookandrew ! This applies with a little fuzz (so many commits today) and tests well.

I think this sentence is no longer appropriate since we have moved the "Snippets" to a separate page:

On the edit page screen, you will find additional privacy information added by your themes and plugins

I think we should just delete that sentence. What do you think @azaozz ?

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


7 weeks ago

#18 @pesieminski
6 weeks ago

I like it. It reads pretty well and a good balance of straightforward and accessible. Legally speaking, we're giving the right advice which is "you should know about this", without telling anyone specifically what they should do or not do for their specific site.

Total side note, but I don't mind using more familiar language. If done correctly, it's engaging and can keep a reader's attention more than dry, or scolding language can. And getting people to pay attention is the ultimate goal.

What do I know, though. I use a "Howdy!" in our A8C privacy policy, and heard some feedback on that, both good and bad. I've also heard from quite a few that it's the only privacy policy that they were able to read through from beginning to end w/o losing interest. That's a win in my book.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


6 weeks ago

#20 @SergeyBiryukov
6 weeks ago

In 43218:

Privacy: Tweak Privacy Policy page intro text for clarity.

Props macbookandrew, allendav.
See #43933.

#21 @SergeyBiryukov
6 weeks ago

In 43219:

Privacy: Tweak Privacy Policy page intro text for clarity.

Props macbookandrew, allendav.
Merges [43218] to the 4.9 branch.
See #43933.

#22 @SergeyBiryukov
6 weeks ago

  • Milestone changed from 4.9.6 to 4.9.7

Moving to 4.9.7 for further discussion on addressing the tone/intrusiveness.

#23 @desrosj
6 weeks ago

  • Milestone changed from 4.9.7 to Future Release

Moving gdpr tickets that are not bugs to Future Release until the next steps can be properly evaluated.

#24 @desrosj
6 weeks ago

  • Component changed from Administration to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.