Opened 7 years ago
Last modified 4 years ago
#43938 assigned enhancement
Make it clear to administrators that not all plugins support privacy policy content, personal data export and erasure
Reported by: | allendav | Owned by: | xkon |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.9.6 |
Component: | Privacy | Keywords: | needs-patch needs-design privacy-roadmap |
Focuses: | administration | Cc: |
Description
It is likely that there will be many plugins that will not implement the new privacy policy content hooks nor the personal data export and erasure hooks for some time (if ever).
It would be unfortunate for administrators to overlook privacy policy impacts from such plugins, or to assume that personal data export and erasure included personal data collected by such plugins.
As part of privacy policy content UX, as well as export and erasure UX, we should come up with a way to prompt administrators to take this into consideration.
Attachments (3)
Change History (34)
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
7 years ago
#4
@
7 years ago
@idea15 - i was thinking less a notice and more a not-missable always-present blob o' text on the export and erasure management pages making it clear which exporters and erasers are present and calling to the admin's attention that they are responsible for separately managing exports/erasure for anything not listed.
#6
@
7 years ago
@idea15 @melchoyce rough draft ideas above (the blue barred sections added to the top of each of the three pages)
#7
@
7 years ago
I'd take out "please note" as it's a bit stiff from both.
When we say "this tool only erases the personal data stored by WordPress", remember that a lot of people have no understanding of what is and isn't of the box WP.
Also, when we say "non participating plugins", that could be interpreted as privacy shaming.
#8
@
7 years ago
The participating plugins
is a bit confusing to me. Even if I was to translate it on my native language it would still not make much sense all for a simple user 'all installed plugins are participating somehow since they are in there' if that makes sense.. Also the names of the exporters wouldn't mean anything to most people I guess as well.
@allendav would it be more wise to find to just show the names of the plugins that are using the erasure/export instead and leave it at that maybe?
This way we could say something like This tool only exports the personal data stored by WordPress and the plugins listed below. It is your responsibility to export any personal data from plugins that you might have installed and are not seen in this list. - [List of plugins names]
.
#9
@
7 years ago
@xkon - I would love to just list the plugins that require manual export/erasure, but we don't have a way of getting the list of "participating" plugins... although plugins can register exporters and erasers, we can't work from that list back to the "participating" plugins - because we don't enforce/require plugin slugs during the current registration process.
Maybe we should fix that oversight.
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
7 years ago
This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.
7 years ago
#15
@
7 years ago
Hopefully we can use the plugin header work ( #43750 ) to make it so we can just present the plugins NOT participating - that will make it easier for the end-user to know what they need to do.
#17
@
6 years ago
- Keywords gdpr removed
Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.
This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.
6 years ago
#21
@
6 years ago
- Focuses administration added
- Keywords changed from needs-patch, needs-design, ui-feedback, ux-feedback, privacy-roadmap to needs-patch needs-design ui-feedback ux-feedback privacy-roadmap
- Version set to 4.9.6
#22
@
6 years ago
- Keywords ui-feedback ux-feedback removed
I think this still needs a design (if that's wrong please let me know), as a result removing the keyword for feedback until we have one.
#23
@
5 years ago
A quick thought at a glance... The notice feels almost overwhelming especially if lists of plugins also get introduced. I feel it would serve better as a 1-2 line paragraph with a link to trigger the help menu where more information is stored. In the additional help information, it can then become verbose and extendable without taking over the page.
A shorter notice getting across the point of the limitations of the tools is more likely to be read.
I'd agree that we can strengthen the language we use to remind administrators that they are responsible for the accuracy of their privacy notices, but when you say "prompt" I think another dashboard admin notice. What did you have in mind?