WordPress.org

Make WordPress Core

Opened 18 months ago

Last modified 4 months ago

#43938 new enhancement

Make it clear to administrators that not all plugins support privacy policy content, personal data export and erasure

Reported by: allendav Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: needs-patch needs-design privacy-roadmap
Focuses: administration Cc:
PR Number:

Description

It is likely that there will be many plugins that will not implement the new privacy policy content hooks nor the personal data export and erasure hooks for some time (if ever).

It would be unfortunate for administrators to overlook privacy policy impacts from such plugins, or to assume that personal data export and erasure included personal data collected by such plugins.

As part of privacy policy content UX, as well as export and erasure UX, we should come up with a way to prompt administrators to take this into consideration.

Attachments (3)

erase.png (377.9 KB) - added by allendav 17 months ago.
Rough draft of erase notice
export.png (355.1 KB) - added by allendav 17 months ago.
Rough draft of export notice
privacy-policy-guide.png (523.6 KB) - added by allendav 17 months ago.
Rough draft of privacy policy guide notice

Download all attachments as: .zip

Change History (26)

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


18 months ago

#2 @idea15
18 months ago

I'd agree that we can strengthen the language we use to remind administrators that they are responsible for the accuracy of their privacy notices, but when you say "prompt" I think another dashboard admin notice. What did you have in mind?

#3 @desrosj
17 months ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

#4 @allendav
17 months ago

@idea15 - i was thinking less a notice and more a not-missable always-present blob o' text on the export and erasure management pages making it clear which exporters and erasers are present and calling to the admin's attention that they are responsible for separately managing exports/erasure for anything not listed.

#5 @idea15
17 months ago

Sure. Let's work on the text.

@allendav
17 months ago

Rough draft of erase notice

@allendav
17 months ago

Rough draft of export notice

@allendav
17 months ago

Rough draft of privacy policy guide notice

#6 @allendav
17 months ago

@idea15 @melchoyce rough draft ideas above (the blue barred sections added to the top of each of the three pages)

Last edited 17 months ago by allendav (previous) (diff)

#7 @idea15
17 months ago

I'd take out "please note" as it's a bit stiff from both.

When we say "this tool only erases the personal data stored by WordPress", remember that a lot of people have no understanding of what is and isn't of the box WP.

Also, when we say "non participating plugins", that could be interpreted as privacy shaming.


#8 @xkon
17 months ago

The participating plugins is a bit confusing to me. Even if I was to translate it on my native language it would still not make much sense all for a simple user 'all installed plugins are participating somehow since they are in there' if that makes sense.. Also the names of the exporters wouldn't mean anything to most people I guess as well.

@allendav would it be more wise to find to just show the names of the plugins that are using the erasure/export instead and leave it at that maybe?

This way we could say something like This tool only exports the personal data stored by WordPress and the plugins listed below. It is your responsibility to export any personal data from plugins that you might have installed and are not seen in this list. - [List of plugins names].

#9 @allendav
17 months ago

@xkon - I would love to just list the plugins that require manual export/erasure, but we don't have a way of getting the list of "participating" plugins... although plugins can register exporters and erasers, we can't work from that list back to the "participating" plugins - because we don't enforce/require plugin slugs during the current registration process.

Maybe we should fix that oversight.

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


17 months ago

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


17 months ago

#13 @desrosj
17 months ago

Related: #43750.

#14 @allendav
17 months ago

  • Keywords ui-feedback ux-feedback added

#15 @allendav
17 months ago

Hopefully we can use the plugin header work ( #43750 ) to make it so we can just present the plugins NOT participating - that will make it easier for the end-user to know what they need to do.

#16 @desrosj
16 months ago

  • Keywords privacy-roadmap added

#17 @desrosj
15 months ago

  • Keywords gdpr removed

Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


15 months ago

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


14 months ago

#20 @pento
9 months ago

  • Version trunk deleted

#21 @garrett-eclipse
9 months ago

  • Focuses administration added
  • Keywords changed from needs-patch, needs-design, ui-feedback, ux-feedback, privacy-roadmap to needs-patch needs-design ui-feedback ux-feedback privacy-roadmap
  • Version set to 4.9.6

#22 @karmatosed
5 months ago

  • Keywords ui-feedback ux-feedback removed

I think this still needs a design (if that's wrong please let me know), as a result removing the keyword for feedback until we have one.

#23 @garrett-eclipse
4 months ago

A quick thought at a glance... The notice feels almost overwhelming especially if lists of plugins also get introduced. I feel it would serve better as a 1-2 line paragraph with a link to trigger the help menu where more information is stored. In the additional help information, it can then become verbose and extendable without taking over the page.

A shorter notice getting across the point of the limitations of the tools is more likely to be read.

Note: See TracTickets for help on using tickets.