WordPress.org

Make WordPress Core

Opened 3 weeks ago

Closed 13 days ago

Last modified 7 days ago

#43954 closed enhancement (fixed)

Showing the privacy policy admin notice on all screens is intrusive

Reported by: iandunn Owned by: iandunn
Milestone: 4.9.6 Priority: high
Severity: normal Version: trunk
Component: Privacy Keywords: gdpr fixed-major
Focuses: ui Cc:

Description

When plugins update their privacy policy suggestions, the admin is shown a notice (introduced in r42980).

The suggested privacy policy text has changed. Edit the privacy policy.

The notice is shown on all admin screens, regardless of whether or not they're related to the policy. That behavior is discouraged by the plugin repository guidelines:

Upgrade prompts, notices, alerts, and the like must be limited in scope and used sparingly, be that contextually or only on the plugin’s setting page. Site wide notices or embedded dashboard widgets must be dismissible or self-dismiss when resolved. Error messages and alerts must include information on how to resolve the situation, and remove themselves when completed.

If the notice is dismissed, it comes back again on the next page load. It seems like Core might be setting a bad example here.

Attachments (5)

43954.diff (5.0 KB) - added by iandunn 2 weeks ago.
Rough WIP to introduce menu update bubble instead of admin notice
43954.2.diff (9.4 KB) - added by azaozz 13 days ago.
settings-bubble.png (42.5 KB) - added by azaozz 13 days ago.
43954.3.diff (9.9 KB) - added by iandunn 13 days ago.
Coding standards & diff noise cleanup
too-many.png (48.8 KB) - added by azaozz 13 days ago.

Download all attachments as: .zip

Change History (25)

This ticket was mentioned in Slack in #core by iandunn. View the logs.


3 weeks ago

#3 @idea15
2 weeks ago

I'm going to agree here and it's me who's been banging on about privacy notices for a year! We don't want to risk any form of consent fatigue for anyone.

#4 @desrosj
2 weeks ago

  • Keywords needs-patch added

Related #43953.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


2 weeks ago

@iandunn
2 weeks ago

Rough WIP to introduce menu update bubble instead of admin notice

#6 follow-up: @iandunn
2 weeks ago

  • Milestone changed from Awaiting Review to 4.9.6
  • Owner set to iandunn
  • Priority changed from normal to high
  • Status changed from new to accepted

43954.diff is a very rough work in progress that started as an attempt to limit which screens the notice was shown on, but then evolved into removing the notice entirely, and replacing it with update bubbles in the sidebar menu.

Discussion in Slack: https://wordpress.slack.com/archives/C9695RJBW/p1525923430000127

#7 @Luciano Croce
2 weeks ago

IMHO, also menu update bubble was intrusive: admin menu is not a Christmas Tree...

#8 in reply to: ↑ 6 @azaozz
13 days ago

Replying to iandunn:

...attempt to limit which screens the notice was shown on, but then evolved into removing the notice entirely, and replacing it with update bubbles in the sidebar menu.

Yeah, that should work too although the "bubbles" are somewhat "lower priority" warnings/notices. Thinking it is important to find the right balance between "in your face" and "there's something new to look at" notices. I mean, I'd hate it if a site owner gets sued because they installed a plugin that has extensive user tracking, etc. and didn't update their policy to reflect the changes.

In addition to the bubble, perhaps having an "under the screen title" notice on the Plugins screen (would show after a plugin has been updated) and on the Edit Page screen when editing the policy would be good enough?

menu update bubble was intrusive: admin menu is not a Christmas Tree...

Hehe, yep, running old versions of WP, themes and plugins would make it pretty... colorful. It would also make your WP install pretty unsafe. Best to update them! :)

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.


13 days ago

#10 follow-ups: @danieltj
13 days ago

I'm against showing a bubble next to the plugins menu item. That would make you think that a plugin requires another update and is a bad user experience which disrupts the workflow of a user as it's distracting.

Would it not be better to retain an admin notice and have it dismissed properly when closed? I'm concerned that it'll trick people into thinking they have plugins to update when they don't and in some cases won't even effect the Privacy Policy anyway.

#11 in reply to: ↑ 10 @Luciano Croce
13 days ago

Last edited 13 days ago by Luciano Croce (previous) (diff)

#12 in reply to: ↑ 10 @Luciano Croce
13 days ago

Replying to danieltj:

  • that would make you think that a plugin requires another update
  • bad user experience
  • user as it's distracting
  • it'll trick people into thinking they have plugins to update

Totally agree!

@azaozz
13 days ago

#13 @azaozz
13 days ago

  • Keywords has-patch added; needs-patch removed

In 43954.2.diff:

  • Show a warning when policy info has changed only on the Edit Page screen when editing the policy, and on the Settings => Privacy screen.
  • Add a "bubble" on the Settings menu item and on Settings => Privacy.
  • Remove unused functionality to cache when to check.

The above seems to work well with one caveat: the menu is ready before the admin_init action fires, so we can't check for changes then. Added a workaround that caches the check (in an option) and updates that cache on admin_init priority 100 (this means the bubbles will show up or disappear one page load later).

43954.2.diff also takes care of #43953 as it removes the change check on new install or after updating WP from an older version (the pointer will show in both cases anyway).

Last edited 13 days ago by azaozz (previous) (diff)

#14 in reply to: ↑ 10 @azaozz
13 days ago

Replying to danieltj:

I'm against showing a bubble next to the plugins menu item.

Nothing is shown there, the bubble is on the Settings menu item.

This ticket was mentioned in Slack in #core by desrosj. View the logs.


13 days ago

@iandunn
13 days ago

Coding standards & diff noise cleanup

#16 @iandunn
13 days ago

43954.3.diff does some minor cleanup. the menu bubbles are working nicely, and the notice is only shown where it should be now.

I'm having trouble getting the notice to disappear after visiting or updating the policy page, though. Still debugging.

@azaozz
13 days ago

This ticket was mentioned in Slack in #gdpr-compliance by azaozz. View the logs.


13 days ago

#18 @iandunn
13 days ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 43223:

Privacy: Replace intrusive policy update notice with menu bubbles.

Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

#19 @iandunn
13 days ago

  • Keywords fixed-major added; has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening for backport to 4.9.

#20 @azaozz
13 days ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 43225:

Privacy: Replace intrusive policy update notice with menu bubbles.

Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue.

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Merges [43223] to the 4.9 branch.
Fixes #43954. See #43953.

#21 @desrosj
7 days ago

  • Component changed from Administration to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.