WordPress.org

Make WordPress Core

Opened 13 months ago

Closed 5 months ago

Last modified 5 months ago

#44464 closed defect (bug) (invalid)

Guide to write privacy policy: inexact point?

Reported by: Paride15 Owned by: garrett-eclipse
Milestone: Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: reporter-feedback
Focuses: Cc:

Description

Hi,
i'm not sure to be in the right place, the assistance from dpo[at]wordcamp.org send me here...

In the privacy tool, on the guide for write a privacy policy page, it said that WordPress won't collect data by default, i think this is inexact. Integrated services by default, like CDN resources, pingback/trackback collect IP address, this is considered a personal data from European Court...

Change History (4)

#1 @garrett-eclipse
6 months ago

  • Focuses docs administration privacy removed
  • Keywords reporter-feedback added
  • Owner set to garrett-eclipse
  • Status changed from new to reviewing
  • Version set to 4.9.6

Hi @Paride15 thank you for flagging to us here.

There's alot of references to 'By default WordPress' in the current guide so wanted to be sure of which point specifically you're speaking of. If you could quote it that'd be helpful.

Here's some options I found;

  • Under 'What personal data we collect and why we collect it'; "By default WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. However some of your plugins may collect personal data. You should add the relevant information below."
  • Under 'Analytics'; "By default WordPress does not collect any analytics data. However, many web hosting accounts collect some anonymous analytics data. You may also have installed a WordPress plugin that provides analytics services. In that case, add information from that plugin here."
  • Under 'Who we share your data with'; "By default WordPress does not share any personal data with anyone."

Please be as specific as you can not only on which verbiage but also what makes it invalid/inexact.

Some notes on your points;

  • Integrated services - By default, only Gravatar is integrated. There are oEmbed capabilities but that requires the admin or an author/editor to add the embed.
  • CDN resources - By default WordPress doesn't have any CDN resources, all third-party scripts are localized.
  • pingback/trackback collect IP address - This is the server IP address and not a user IP so isn't considered Personally Identifiable Information.

So correct me if I'm wrong but it seems by default only Gravatar collects Personal information in the form of IP. That's currently being looked at in #44067 and #14682 as well as is on the Privacy roadmap.

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


6 months ago

#3 follow-up: @garrett-eclipse
5 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from reviewing to closed

Hello @Paride15 I'm going to close this thread for now.

As mentioned in my previous post the references have changed so inexact point is most likely moot now.
But aside from that;

  • the integrated services are being addressed in other tickets.
  • CDN resources get internalized
  • pingback/trackbacks collect server IP which isn't personal information

Feel free to raise any additional points.
Cheers

#4 in reply to: ↑ 3 @Paride15
5 months ago

Replying to garrett-eclipse:

Hello @Paride15 I'm going to close this thread for now.

As mentioned in my previous post the references have changed so inexact point is most likely moot now.
But aside from that;

  • the integrated services are being addressed in other tickets.
  • CDN resources get internalized
  • pingback/trackbacks collect server IP which isn't personal information

Feel free to raise any additional points.
Cheers

Thanks for answer Garrett

Note: See TracTickets for help on using tickets.