WordPress.org

Make WordPress Core

#44518 closed defect (bug) (duplicate)

GDPR Functions 4.9.6 need improvements & customisation

Reported by: lifeforceinst Owned by:
Milestone: Priority: normal
Severity: major Version: 4.9.6
Component: Privacy Keywords:
Focuses: Cc:
PR Number:

Description

When attempting to use the GDPR enhancements such as Export Personal Data & Erase Personal Data in WordPress 4.9.6 they create more issues than that address. It seems to have good intent but seems to have been rushed into implementation.

As has been discussed in a number of forums...

ISSUE 1 - GDPR EMAILS sending address


They are sent from wordpress@sitename, this is diabolical and should as a minimum use the admin configured email address. More significantly the core function must support a customised email address which is stored in _options, that way the email could come from a configurable address such as privacy@sitename.

Using the email address wordpress@sitename will often result in may email systems and gateways marking the email as spam. The sending address must be configurable.

ISSUE 2 - GDPR EMAILS content


The default email messages are also poor in terms of wording, style etc and look like someone has hacked a site to generate some prank as they contain no styling elements from the site. Ideally these should be customised, but as a minimum there should be a hook so that a theme or plugin can change the email content. This needs to be properly documented so that it is then clear what needs to be returned to ensure that the email is appropriately customised.

As have been noted in a number of forums, the ability to Brand the emails are essential to enable recipients to affirm the authenticity of the sender and not mark it as spam. This needs to be configurable or hooks with proper documented use and examples provided.

Issue 3 - Security - Exposing admin URL


The confirmation emails exposes the WordPress admin login URL, which is detrimental for security reasons. Also it looks much less professional and may lead some people to think the message is spam. You should create a custom landing page for such requests which is not associated to the admin URL, this could be something such as sitename/gdpr-confirmation-request.

Due to the use of admin URL, the confirmation email links will often fail when used with various security plugins, especially if those plugins hide the WordPress admin login. The confirmation emails should not use a wp-admin URL.

This is security 101 and needs to be addressed to not use the admin URL.

Issue 4 - only accessible by admin


These tools are only accessible by the supersite admin, good practice should limit the use of this admin account. These functions should also be available to a lower level authority such as Editor or you may need a new user level account called Data Administrator (which again ties back into the GDPR legislation requirements to have an identified Data Administrator).

Need the ability to access GDPR functions from other WordPress user levels.

Sundry other issues or improvements


  • The functionality should provide the ability to send the zip file as an attachment to the customer when the send email button is pressed, this saves the customer having to connect tot he site again to retrieve their requested data.
  • In the admin interface, sometimes after clicking on the send request button sometimes you receive a message link expired.

Change History (2)

#1 @idea15
17 months ago

Hi there,

Most of these issues have already been raised in individual trac tickets:
https://make.wordpress.org/core/components/privacy/

Please feel free to open new tickets on individual issues you feel aren't being addressed.

On issue 4:
"You may need a new user level account called Data Administrator (which again ties back into the GDPR legislation requirements to have an identified Data Administrator). "

This is incorrect. There is no requirement within GDPR or any national implementation to have an identified "Data Administrator". I believe you may be conflating data curation with the oversight functions of a DPO, which is not required in all circumstances.

Last edited 17 months ago by idea15 (previous) (diff)

#2 @idea15
17 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #44047.

Note: See TracTickets for help on using tickets.