WordPress.org

Make WordPress Core

Opened 7 weeks ago

Last modified 7 weeks ago

#44010 new defect (bug)

GDPR: Add general filters for registering various privacy policy information (cookies) from plugins

Reported by: danieliser Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

I didn't see it mentioned but during testing of integrating a real plugin, I found that it seems extremely complicated and out of order without some explicit filters for listing things like cookies.

To be clear when a plugin adds additional suggested text it appears below the core text in a completely separate box. This is so detached it means if you have 10+ plugins this is gonna be an all-day process for any user to go through generating a policy for their needs.

If I just append our plugin suggested text to the end and it has cookies, they will be separate from the other "Cookies" sections further up.

I think the smarter approache is to implement something to the effect that we could register our cookies, analytics etc, just like the exporters.

<?php
add_filter( 'wp_privacy_policy_cookies_list', function ( $cookies = array() {
    $cookies['cookie_name'] = [
        'label' => __( 'Cookie Label' ),
        'reason' => __( 'Used for reason x, y & z' ),
    ];

    return $cookies;
});

Then it could automatically be output via a shortcode or block or whatever to a table of

| Cookie Name | Cookie Label - Cookie Description | | wp_cookie_test | WP Test Cookie - Used to determine if cookies are available for use. |

The same would apply to several other sections. I think outputting those into a simple 2 column table would be easy to work with, clean output and easy enough for plugins & themes to integrate with.

You could do similar and register user meta info collected, or even specific analytics plugins could output label and info on how they use the data directly under the Analytics heading.

Monster Insights, for instance, might add

Google Analytics: Tracks visitor engagement with the site anonymously for use in marketing & improvement.

Change History (2)

#1 @danieliser
7 weeks ago

  • Summary changed from Add general filters for registering various privacy policy information (cookies) from plugins to GDPR: Add general filters for registering various privacy policy information (cookies) from plugins

#2 @danieliser
7 weeks ago

I can probably write up a quick patch for this over the next few days, but I would first want to get some input from core team to decide how to work it in.

Should each section be output via blocks/shortcodes, or rendered into the existing suggested privacy html content.

Further should this tie into the "privacy policy needs have changed" admin notices when say a change is detected in $cookies array as plugins are added/removed.

In general I think this could go a long way to automating a huge portion of the requirements for privacy policy generation.

Note: See TracTickets for help on using tickets.