Email user once removal request completed - GDPR

[garrett-eclipse]

Hello,

With the GDPR requests the export request generates an email for the confirmation w/ link to the export, however the removal requests don't generate a completed email so the user is never notified or aware that their request was completed.

Please add a completed email sent to the user once the removal request was complete similar to the one for export requests (screen to be attached).

Thanks

[garrett-eclipse]

Completion Email for Export Requests

[johnbillion]

There is some misleading text that's shown to the user when they confirm their data export action.

The site administrator has been notified and will fulfill your request as soon as possible.

Either this text should be changed, or the confirmation email should be sent to the site administrator (or ideally the requestor too).

Moving to 4.9.6 for visibility.

[allendav]

I like this idea - sending an email to the user after their data has been erased - we will want to consider how to handle any exception messages that surface during the erasure.

[allendav]

Hey @johnbillion - we have #43967 which will send an email to the admin prompting them to complete the request - this ticket is about notifying the user after the admin has completed the request.

Its a great idea, but not necessary i think for 4.9.6. Let's keep this for a subsequent release, ok?

​https://wordpress.slack.com/archives/C9695RJBW/p1525883484000643

[desrosj]

43973.diff​ introduces an email notification to a user when an administrator completes their data erasure request. It introduces the wp_privacy_personal_data_erased action, which fires after the erasure request completes successfully.

The patch also has two separate email bodies: one for when a site has a published privacy policy, and one for when a site does not.

[allendav]

@desrosj - this works nicely - I tried it with and without a published privacy policy and got both texts. I also tried successive ones and verified only the first erase for a given request generated an email.

I think we should hook this differently though. The wp_privacy_personal_data_erased do_action you've added to wp_ajax_wp_privacy_erase_personal_data will actually fire on every eraser and every page.

Instead, I recommend you 1) add the do_action to wp_privacy_process_personal_data_erasure_page in user.php instead (e.g. near the call to _wp_privacy_completed_request) and 2) don't bother with passing the $response to the action - the $request_id should be sufficient.

Lastly, there is inconsistent alignment in the email data array construction that i think violates WP coding standards, but otherwise this is good to go from my perspective.

[desrosj]

Thanks, @allendav. Adjustments made in 43973.2.diff​.

[allendav]

Looks good, tests well. Thanks for making the change. Just needs that array alignment cleaned up and then it is good to go.

[desrosj]

Fixes array alignment.

[SergeyBiryukov]

In 43230:

Privacy: Send an email notification to the user once their personal data erasure request is fulfilled.

Props desrosj, allendav, garrett-eclipse.
Fixes #43973.

[SergeyBiryukov]

In 43231:

Privacy: Send an email notification to the user once their personal data erasure request is fulfilled.

Props desrosj, allendav, garrett-eclipse.
Merges [43230] to the 4.9 branch.
Fixes #43973.

[iandunn]

In 43236:

Privacy: Expose erasure notification recipient to filter callbacks.

The previous user_email value was redundant, because it always matched $request_data->email. That value might be different from where the message is sent, though, if the user_erasure_fulfillment_email_to filter is used. If they are different, then callbacks for the user_confirmed_action_email_content filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.

Props desrosj, iandunn.
See #43973.

[SergeyBiryukov]

In 43237:

Privacy: Expose erasure notification recipient to filter callbacks.

The previous user_email value was redundant, because it always matched $request_data->email. That value might be different from where the message is sent, though, if the user_erasure_fulfillment_email_to filter is used. If they are different, then callbacks for the user_confirmed_action_email_content filter may want to distinguish between the email address of the user making the request, and the email address that the confirmation notification is being sent to.

Props desrosj, iandunn.
Merges [43236] to the 4.9 branch.
See #43973.

[desrosj]

Moving to the new Privacy component.