WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 36 hours ago

#44188 new defect (bug)

Error in the deployed update GDPR

Reported by: justnailedit Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: 2nd-opinion reporter-feedback
Focuses: Cc:

Description

Hi, I want to bring to your attention that in your last update "WordPress-4-9-6-privacy-and-maintenance-release" Is a technical error.

This is not a bug!

According to the GDPR, we must anonymize IP adresses and can not track them any longer in Google Tag Manager or Google analytics. I am not aware if a consent will eliminate this or not. However, I would either change or remove this paragraph in the rolled out update.

Keep up the good work Juergen Kuhlmann

Change History (8)

#1 @desrosj
5 weeks ago

  • Component changed from General to Privacy
  • Keywords reporter-feedback removed
  • Severity changed from major to normal

#2 follow-up: @SergeyBiryukov
5 weeks ago

Hi @justnailedit, welcome to WordPress Trac! Thanks for the report.

Which paragraph would you change or remove? It's not quite clear from the ticket description.

#3 @swissspidy
5 weeks ago

  • Keywords reporter-feedback added

#4 in reply to: ↑ 2 @justnailedit
5 weeks ago

Replying to SergeyBiryukov:

Hi @justnailedit, welcome to WordPress Trac! Thanks for the report.

Which paragraph would you change or remove? It's not quite clear from the ticket description.

Hello,

under settings>privacy>Information We Collect>Non-Personally Identifiable Information

"This information may include (but is not limited to) the URL that you just came from (whether this URL is on our site or not), what browser you are using, and your IP address."

The IP Address is handled under the GDPR as Personally Identifiable Information and therefore should not be tracked!

Juergen

#5 @desrosj
4 weeks ago

  • Keywords 2nd-opinion added; reporter-feedback removed

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


4 weeks ago

#7 @azaozz
4 weeks ago

The IP Address is handled under the GDPR as Personally Identifiable Information...

Where does it say so? Also, can you identify the person using 185.60.144.231 please? :)

As far as I've seen the notion that IP addresses are "personal information" is more or less a guess. Link to the court case this is based on: https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases.

Hoping that we will soon "know" one way or the other how "personal" IPs are :)

Last edited 4 weeks ago by azaozz (previous) (diff)

#8 @desrosj
36 hours ago

  • Keywords reporter-feedback added
Note: See TracTickets for help on using tickets.