Make WordPress Core

Opened 7 years ago

Last modified 7 years ago

#44268 new enhancement

GDPR concerns on the core commenting flow

Reported by: patricedefago's profile patricedefago Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: gdpr
Focuses: Cc:

Description

The checkbox on the comment template it's not GDPR compliant.

  1. The act of submitting content implied informed consent (possible to edit this message)
  2. It must be required
  3. It must be have a link to privacy policies (possible to edit this link)
  4. It must be to store the consent
  5. It must be possible to change, export and delete this data

Possible to edit this

Thanks.

Best regards.

Patrice

Change History (10)

#1 follow-up: @allendav
7 years ago

This is referring to the logged-out commentor prompt "Save my name, email, and website in this browser for the next time I comment." and opt-in checkbox.

But, as I understand it, @patricedefago is questioning whether commenting itself, logged out or otherwise, should require explicit opt-in consent from EU based commentors BEFORE allowing the comment to be sent, which wasn't the original intention of the logged-out commentor-prompt (that prompt was to safeguard the user's privacy if, for example, they were using a public computer to comment.)

It is worth noting that we have an open ticket for consent logging: #44043

It is worth nothing that comments can be edited, and that as of 4.9.6 can be exported and anonymized on request.

#2 @allendav
7 years ago

  • Summary changed from GDPR compliant to GDPR concerns on the core commenting flow

#3 @allendav
7 years ago

  • Keywords gdpr added

#4 in reply to: ↑ 1 ; follow-up: @patricedefago
7 years ago

Hi @allendav ,

Thanks for explain that and sorry for my bad ticket.

Effectively it's a misunderstanding what is for this checkbox.

But that doesn't take away the fact that you need a checkbox for the consent of data storage on the site, before the user comment.

Best regard.

Patrice

Replying to allendav:

This is referring to the logged-out commentor prompt "Save my name, email, and website in this browser for the next time I comment." and opt-in checkbox.

But, as I understand it, @patricedefago is questioning whether commenting itself, logged out or otherwise, should require explicit opt-in consent from EU based commentors BEFORE allowing the comment to be sent, which wasn't the original intention of the logged-out commentor-prompt (that prompt was to safeguard the user's privacy if, for example, they were using a public computer to comment.)

It is worth noting that we have an open ticket for consent logging: #44043

It is worth nothing that comments can be edited, and that as of 4.9.6 can be exported and anonymized on request.

Last edited 7 years ago by patricedefago (previous) (diff)

#5 in reply to: ↑ 4 ; follow-up: @allendav
7 years ago

Replying to patricedefago:

Hi @allendav ,

Thanks for explain that and sorry for my bad ticket.

Effectively it's a misunderstanding what is for this checkbox.

But that doesn't take away the fact that you need a checkbox for the consent of data storage on the site, before the user comment.

Best regard.

Patrice

There is no such thing as a bad ticket - well, at least this isn't one :)

I think it will be good to resolve this matter (either way) and this ticket will be a good thread to capture that discussion and resolution.

#6 follow-ups: @allendav
7 years ago

Providing a required checkbox and prompt concerning personal data processing before enabling the comment button presumes that a majority of site owners will be relying on consent as their lawful basis for processing comments. In core we are endeavoring to provide tools to assist the majority of sites with GDPR requirements, and it isn’t clear that a majority requires this basis. This particular use case might be better served by a plugin that extends the existing comment form.

On the other hand, I do wonder if the majority would be served by adding static text, with a link to the privacy policy, at the bottom of the comment form. The text would be filterable and could be un-hooked if desired, e.g.

"Before submitting your comment, please read our privacy policy."

#7 in reply to: ↑ 6 @patricedefago
7 years ago

WordPress has already begun its compliance with data export capability, as well as other data related functions, and the creation of a privacy policy page.

Why stop there?

Data management concerns comments (among others), but it is not complete without this consent management.

Replying to allendav:

Providing a required checkbox and prompt concerning personal data processing before enabling the comment button presumes that a majority of site owners will be relying on consent as their lawful basis for processing comments. In core we are endeavoring to provide tools to assist the majority of sites with GDPR requirements, and it isn’t clear that a majority requires this basis. This particular use case might be better served by a plugin that extends the existing comment form.

On the other hand, I do wonder if the majority would be served by adding static text, with a link to the privacy policy, at the bottom of the comment form. The text would be filterable and could be un-hooked if desired, e.g.

"Before submitting your comment, please read our privacy policy."

#8 in reply to: ↑ 5 @patricedefago
7 years ago

Thanks @allendav 😀

Replying to allendav:

Replying to patricedefago:

Hi @allendav ,

Thanks for explain that and sorry for my bad ticket.

Effectively it's a misunderstanding what is for this checkbox.

But that doesn't take away the fact that you need a checkbox for the consent of data storage on the site, before the user comment.

Best regard.

Patrice

There is no such thing as a bad ticket - well, at least this isn't one :)

I think it will be good to resolve this matter (either way) and this ticket will be a good thread to capture that discussion and resolution.

#9 in reply to: ↑ 6 @pputzer
7 years ago

Replying to allendav:

On the other hand, I do wonder if the majority would be served by adding static text, with a link to the privacy policy, at the bottom of the comment form. The text would be filterable and could be un-hooked if desired, e.g.

"Before submitting your comment, please read our privacy policy."

You can already do that by filtering the comment_form_defaults and adapting the comment_notes_before or adding comment_notes_after.

Last edited 7 years ago by pputzer (previous) (diff)

#10 @asadkn
7 years ago

There's a lot of misinformation around consent. There are six other lawful basis in EU GDPR law and legitimate interest does cover things like functional needs of software or network security.

Unless the email is going to be used for something else like marketing (bundled form), there’s simply no reason for consent for WordPress comments. Storing personal data in a cookie was more of a concern since it's not really a necessity but an enhancement, and stores the data in a less secure format that's a cookie - WordPress has that covered already now.

In many unbundled forms like these, submitting the form itself is consent. You obviously have to mention it in your Privacy Policy, but there's no need for consent. In the comment form:

  1. IP address is recorded for network security, spam etc. (Data retention shouldn’t be more than needed though)
  2. Name is basic functional need for comments.
  3. Email is needed for avatar, spam prevention, and perhaps duplication/flood checks etc. (Though, WordPress should have an option to make email optional here if the site owner decides not to use it for anything)

What I believe will be helpful:

  • A message to meet right to be informed. This can be a statement below the comment form with a link to privacy policy such as (just a quick example, not concrete): "When adding a comment, your email addresses will be used to display your Gravatar and your name will be displayed. Review our Privacy Policy."
  • Data retention policies on IP address for comments.
Note: See TracTickets for help on using tickets.