WordPress.org

Make WordPress Core

Opened 18 months ago

Last modified 14 months ago

#43933 reopened enhancement

Make the Privacy Policy page intro text shorter and more friendly

Reported by: iandunn Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch
Focuses: Cc:
PR Number:

Description

#43435 introduced the Privacy Policy page screen, which includes some intro text, intended to educate the user about their potential legal obligations, and some best practices for implementing and maintaining a privacy policy.

In the rush for the 4.9.6 string freeze, there wasn't enough time to fully discuss and iterate on the text, so I think it may be beneficial to continue the conversation.

Most recent discussion:

https://wordpress.slack.com/archives/C9695RJBW/p1525273783000517
https://wordpress.slack.com/archives/C9695RJBW/p1525274779000367

Attachments (5)

43933.patch (2.3 KB) - added by macbookandrew 18 months ago.
Tweaks existing text for clarity
43933.2.patch (1.9 KB) - added by macbookandrew 18 months ago.
43933.3.diff (3.0 KB) - added by iandunn 14 months ago.
Move details from intro to help tab, add short & friendly intro
Screen Shot 2018-09-11 at 10.45.40 AM.png (108.3 KB) - added by iandunn 14 months ago.
43933.3.diff before clicking link
Screen Shot 2018-09-11 at 10.46.21 AM.png (246.2 KB) - added by iandunn 14 months ago.
43933.3.diff after clicking link

Download all attachments as: .zip

Change History (34)

#1 @iandunn
18 months ago

Personally, I feel like there may be two issues with the current text:

Length/Intrusion

Aside from the (WXR) Export screen, there aren't any other screens in Core that have lengthy intros. Most have no text, and a few have 1 short sentence. With the Export screen, the text explains how to use the tool, rather than why it should be used.

I can see an argument for why this situation may be different, but the current approach and wording still feels a bit too verbose and intrusive to me, cluttering the page with documentation.

I'm wondering if there are better ways to achieve the goal of making sure the user knows what they need to. Maybe the majority of the text can be moved to a Help tab, and then a short intro sentence can be added that explains the very bare minimum, with a link to open the tab to learn more.

Here's an example of how that might look:

https://make.wordpress.org/community/files/2015/11/remote-css-basic.png
https://make.wordpress.org/community/files/2015/11/remote-css-help.png


Tone

The tone of the text doesn't feel entirely consistent with how the WordPress project typically tries to communicate with users. It feels kind of heavy-handed, like we're pushing the user to do what we want them to do, rather than offering them a tool to do what they want to do.

If we do want to promote an agenda, I feel like it should be done as a gentle encouragement, rather than a stern warning. We can focus on the positive aspects -- how a transparent privacy policy can help to build trust with users, and make them feel safe and informed -- rather than the negative -- what legal obligations the site owner may have. I think the About > Freedoms screen provides a good example.

Here's a very rough draft on what I think might be a better approach:

Creating a privacy policy helps your visitors understand what data you collect about them, and how it's used. A transparent policy can help them feel safe and informed, and also build trust between you and them.


I'd love to get some input from @melchoyce on the all of the above, as well as @idea15, @allendav, @azaozz, and anyone else who has any thoughts.

#2 @ocean90
18 months ago

  • Keywords needs-patch added
  • Milestone changed from 4.9.7 to 4.9.6

Thanks for the detailed ticket, @iandunn. String freeze is usually around RC, based on the schedule that's Tuesday, May 8th so there's plenty of time to try making that intro text better.

Moving to 4.9.6 to get more eyes on this. The earlier we make this clearer, the more users will understand and actually use the tools correctly.

This ticket was mentioned in Slack in #core by iandunn. View the logs.


18 months ago

#4 @xkon
18 months ago

I'm thinking of combining both cases if possible to make the best out of it.

Could we have the text under "Help" that would be permanent plus add "an 1 time dismissible notice?"

This way we'll have the text under Help permanently for further use but when a user enters this page when it's released he will see all that he needs for this page and dismiss it if he doesn't want it anymore. Does this make any sense?

This was an idea that I had for the Tools pages as well that don't have any help at all at the moment :D ...

For any further consideration please note that the users will have a seriously short amount of time to get prepared for all of this so the more we help them at the moment the better. That's why I would prefer to be somewhat 'intrusive' as it's for the better good.

Last edited 18 months ago by xkon (previous) (diff)

#5 @idea15
18 months ago

First, the tone reflects the fact that I wrote the intro text dovetailing with an article I've written separately for the privacy resource site, which is going live soon. The whole idea was that the two would be similar. If one is written speaking to the users like an adult and the other is written speaking to the user like it's a friend, that's going to be the gateway to a lot of problems.

Second, in the recent WordCamp talk I gave about creating GDPR-compliant privacy notices, I specifically warned against using hokey, over-familiar, sarcastic, attitudinal, or twee language. This is not "howdy" time. This is about providing a tool to support sites in providing accountability and transparency to ensure user trust in their services, and in accordance with what a regulator expects. It's somewhat incredible to me that the office hours discussion veered so far in the direction of the fear of the L-word that we now barely want to mention the notion that this process is about a business's legal compliance requirements at all.

From my own experience, when I see a privacy notice which is overfamiliar, overly nice, or hokey, it tells me to read over it with a fine tooth comb because they're hiding something.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


18 months ago

#7 @allendav
18 months ago

@iandunn wrote:

If we do want to promote an agenda, I feel like it should be done as a gentle encouragement, rather than a stern warning. We can focus on the positive aspects -- how a transparent privacy policy can help to build trust with users, and make them feel safe and informed -- rather than the negative -- what legal obligations the site owner may have.

And here's the pickle - this is for all practical purposes the first time that site owners have actual legal obligations when they throw a site up on the Internet. We shouldn't soft pedal that. The warning doesn't have to be stern, but imho it should be a clear warning to take their responsibilities as a site owner seriously. With GDPR, fun time now also comes with responsibility.

@macbookandrew
18 months ago

Tweaks existing text for clarity

#8 @andreamiddleton
18 months ago

I agree that whimsical, vague, or over-familiar language could dilute or distract from the core message here (which, if I understand correctly, is essentially "there are privacy laws and as a site owner you are probably subject to them").

I think we can probably find a way to maintain the friendly tone consistent with other admin notes in WordPress core while still communicating the information that we think users need in order to understand the tool and their broader responsibility as a site owner, though. :)

I'd suggest reducing the "you may need to"s in the original version and stick with facts, maybe like this:

Some international laws require website owners to create and display a privacy policy that tells visitors to your website what data you collect about them, and how it’s used.

Just my attempt. :) It's hard to strike that balance between serious and friendly, but I think it's worth trying.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


18 months ago

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


18 months ago

#11 @allendav
18 months ago

I prefer the wording as it stands today, plus @macbookandrew 's improvements. I think we should not softpedal the new responsibilities of web site ownership any more than we already have.

Wording as it stands today:

As a website owner, you may need to follow national or international privacy laws. For example, you may need to create and display a privacy policy. If you already have a privacy policy page, please select it below. If not, create one.

The new page will include help and suggestions for your privacy policy. However, it is your responsibility to use those resources correctly, to provide the information that your privacy policy requires, and to keep that information current and accurate.

After your privacy policy page is set, we suggest that you edit it. On the edit page screen you will find additional privacy information added by your themes and plugins. We would also suggest reviewing your privacy policy from time to time, especially after an update. There may be changes or new suggested information for you to consider adding to your policy.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


18 months ago

#13 @allendav
18 months ago

  • Keywords needs-refresh added

#14 @macbookandrew
18 months ago

  • Keywords has-patch added; needs-patch needs-refresh removed

Updated the patch file.

This ticket was mentioned in Slack in #gdpr-compliance by macbookandrew. View the logs.


18 months ago

#16 @allendav
18 months ago

Thanks @macbookandrew ! This applies with a little fuzz (so many commits today) and tests well.

I think this sentence is no longer appropriate since we have moved the "Snippets" to a separate page:

On the edit page screen, you will find additional privacy information added by your themes and plugins

I think we should just delete that sentence. What do you think @azaozz ?

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


18 months ago

#18 @pesieminski
18 months ago

I like it. It reads pretty well and a good balance of straightforward and accessible. Legally speaking, we're giving the right advice which is "you should know about this", without telling anyone specifically what they should do or not do for their specific site.

Total side note, but I don't mind using more familiar language. If done correctly, it's engaging and can keep a reader's attention more than dry, or scolding language can. And getting people to pay attention is the ultimate goal.

What do I know, though. I use a "Howdy!" in our A8C privacy policy, and heard some feedback on that, both good and bad. I've also heard from quite a few that it's the only privacy policy that they were able to read through from beginning to end w/o losing interest. That's a win in my book.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


18 months ago

#20 @SergeyBiryukov
18 months ago

In 43218:

Privacy: Tweak Privacy Policy page intro text for clarity.

Props macbookandrew, allendav.
See #43933.

#21 @SergeyBiryukov
18 months ago

In 43219:

Privacy: Tweak Privacy Policy page intro text for clarity.

Props macbookandrew, allendav.
Merges [43218] to the 4.9 branch.
See #43933.

#22 @SergeyBiryukov
18 months ago

  • Milestone changed from 4.9.6 to 4.9.7

Moving to 4.9.7 for further discussion on addressing the tone/intrusiveness.

#23 @desrosj
17 months ago

  • Milestone changed from 4.9.7 to Future Release

Moving gdpr tickets that are not bugs to Future Release until the next steps can be properly evaluated.

#24 @desrosj
17 months ago

  • Component changed from Administration to Privacy

Moving to the new Privacy component.

#25 @desrosj
16 months ago

  • Keywords gdpr removed

Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.

#26 @idea15
14 months ago

  • Resolution set to fixed
  • Status changed from new to closed

#27 @iandunn
14 months ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

As far as I know, there hasn't been a resolution here.

#28 @idea15
14 months ago

This ticket, from before the privacy notice tool was shipped, was based on personal and subjective views of the suggested language to be used in legal compliance. Any future iterations of the text should be based on the actual input and experiences of site administrators who have used the tool since it shipped. This could be an ideal project for the V3 roadmap.

With many draft US privacy laws beginning to take shape, there will be an ideal opportunity then to review the text for relevance, ease of use, and potential additions or clarifications, with an eye towards making the tool as universal as possible. Once again, we will need to achieve the balance we successfully found with the GDPR-focused guide between tone, clarity, and not softpedaling the administrator's legal obligations. For now, the text as it is provides a reasonable example of what US administrators can expect to have to document in the future, and will also inform other privacy projects, such as Drupal's core privacy work.

@iandunn
14 months ago

Move details from intro to help tab, add short & friendly intro

@iandunn
14 months ago

43933.3.diff before clicking link

@iandunn
14 months ago

43933.3.diff after clicking link

#29 @iandunn
14 months ago

I'm all for incorporating feedback from site admins, but I don't think that's the sole factor. It's our responsibility to make sure that the tone is consistent with the values of the project.

I don't think there's any reason to wait to improve the tone, it's independent of the content of the message. We can improve the tone now without hindering any future efforts to add or clarify legal requirements. In fact, improving the tone now will help provide guidance for the tone of any future copy, in addition to creating a more welcoming user experience.

43933.3.diff does these things to address the issues described comment:1:

  1. Moves the current intro text into a new Help tab.
  2. Use @andreamiddleton's friendly intro sentence from comment:8 as the new intro text.
  3. Adds a "Learn More" link to the intro text, to draw the user's attention to the detailed text in the Help tab.
  4. Tweaks the language in help tab to be friendlier.

The copy tweaks are just a start, I'm sure they need some refinement, but I'm curious to hear what everyone thinks. Screenshots of the new copy & help tab are attached above.

Note: See TracTickets for help on using tickets.