WordPress.org

Make WordPress Core

Opened 16 months ago

Closed 16 months ago

Last modified 14 months ago

#44066 closed feature request (duplicate)

Add a tool to test personal data without sending a mail to a user

Reported by: iprg Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: gdpr
Focuses: administration Cc:

Description

Hello, just testing RC1 and the GDPR tools...

Yes, it looks great, but I found a catch which will make all the stuff very complicated. It seems that it is impossible to simply test what data a site has on a user. Because, in the Export Request, you state that
"An email will be sent to the user at this email address asking them to verify the request."

But in real life, if a request is made, it is very useful (or even essential, I'd suggest) that an admin could to test the data and a simply see "what we have here"...

But since the email is send, there is, I believe, no way to check it privately... Please, consider including this tool... If it is already there, I apologise for not getting it...

Best,
Jan

Change History (11)

#1 @desrosj
16 months ago

  • Keywords gdpr added; needs-design removed

#2 @subrataemfluence
16 months ago

@iprg, I have a question. Since new GDPR compliance states that users have all the rights "to be forgotten" don't you think if admin steps in and checks user data manually before sending the email, that will violate the law and adding manual intervention to user's privacy?

Won't this become more like a real request "to be forgotten" and depends on admin's discretion whether or not that user will really be forgotten? In such a case, admin will have the opportunity to initiate the email but only after taking a backup of user's existing data for later use?

I may be wrong but just curious how admin will deal with this!

#3 @iprg
16 months ago

Hi!
Well, yes, you actually might be right and maybe, this is the reason why the core team did not include the functionality...
But still, I believe having this option actually means "less of two evils" ... I mean: it is really hard to imagine you allow somebody to erase some data without knowing what these data are, yes, you can download and see them as well, but probably only in the stage when the notification mail was sent... Could be perfect legall, but unusable for most of cases...

Do not get me wrong: I actually like (generally) all the stuff and I believe it is sort of great to give admins tools to collect data connected to a mail and erase them eventually... I am just now testing it and it is incredible how hard it is to get it from systems...

So yes, the direction is good, but in real life, I, as an admin of many sites, just want to have a tool to check it all first...

Best, Jan

#4 @subrataemfluence
16 months ago

I totally agree with you.

The law is there to protect the privacy of users and their personal from being misused. But that doesn't mean the users get the entire privilege of wiping out all their data by a single click at any given point.

Since admin intervention can/may violate the law, there needs to be at lest some sort of protective measures for webmasters as well in order to prevent users to just come and erase their stuffs!

In such a scenario, I don't see any use of having an admin if a user has the ability to directly dive into system's data :)

#6 @desrosj
16 months ago

  • Summary changed from Please, include a tool to test personal data without sending a mail to a user in 4.9.6 to Add a tool to test personal data without sending a mail to a user

#7 @desrosj
16 months ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

#8 @desrosj
16 months ago

  • Focuses administration added
  • Severity changed from major to normal
  • Version set to 4.9.6

Hi @iprg,

Thanks for the ticket, and welcome to Trac!

After reading through your request, I think that this would be solved by #43890, which discusses adding a way for an admin to skip the confirmation email when creating the export or erasure request. This should suit your use case.

Can you confirm that this is what you are trying to accomplish with this ticket? If so, this should be closed out as a duplicate so the conversation can take place in one location.

#9 @iprg
16 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #43890.

Hi @desrosj , yes, you are right, so please, mark it as duplicate!
I did try to it myself, but not sure if I am doing it in a right way...
Best,
jan

#10 @desrosj
16 months ago

@iprg Looks good to me!

#11 @netweb
14 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.