#46343 closed defect (bug) (invalid)
Legal issue on GDPR and WP "privacy" processes
Reported by: | arena | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Privacy | Keywords: | |
Focuses: | Cc: |
Description
As long as comment form is highly customizable,
As long as plugins may accept internally emails that comply the following RFC : RFC822 (year 1982), 2822 (year 2001), 532x (year 2010), 653x (year 2012),
As long as GDPR rules (year 2018) oblige us to process any request on personnal data,
Does the use of the function is_email()
- in wp_create_user_request()
for instance - that will reject some valid emails (see RFC references above) - is making the whole "privacy" processes useless, and WordPress NOT 100% GDPR compliant ?
May be a pluggable function called :
wp_privacy_is_email()
or a specific filter
if ( apply_filter( 'wp_privacy_is_email', is_email( $email ), $email ) ) ...
Regards
Attachments (1)
Change History (22)
#2
@
6 years ago
@arena, what exactly is the issue here? I don't see the link between a "[highly customizable] comment form" the is_email()
function (much less any resulting "legal issues").
#3
@
6 years ago
GDPR is not limited to registered users, but to anyone who is browsing your blog ...
#5
follow-up:
↓ 6
@
6 years ago
this
Dörte@example.com
or
θσερ@εχαμπλε.ψομ (greek)
could be a valid email
#7
follow-up:
↓ 8
@
6 years ago
well, due to wp current "privacy" processes, the request would be currently rejected .
I think the question should be escalated to the wordpress.org Data Protection Officer.
They have to have one.
Regards
#8
in reply to:
↑ 7
@
6 years ago
Replying to arena:
well, due to wp current "privacy" processes, the request would be currently rejected .
Let's start over. Are you concerned that anonymous comments made by certain emails cannot be deleted/discovered via at the builtin Privacy Request mechanism? Or, do you mean that people should have the right to make such requests via the Comment mechanism? Your initial description is ambiguous and not easy to parse.
I think the question should be escalated to the wordpress.org Data Protection Officer.
What has WP, the open source software, got to do with WP.org's infrastructure?
#9
@
6 years ago
@pputzer ...
1) i think you got it ... who wrote "posting a privacy request through comment form" ?
not me !
2) wordpress => wordpress foundation => website wordpress.org (or wikipedia is wrong) ... https://en.wikipedia.org/wiki/WordPress
#10
@
6 years ago
- Keywords needs-privacy-review removed
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Thanks @arena
I appreciate you raising the issue, but will close this as this isn't a privacy issue in core but rather an issue caused by customizations either via a plugin or your own code which has introduced email support beyond the existing support of is_email. If you've introduced emails to your system that fail the is_email check then you can customize the check via it's filter, as @swissspidy mentioned, documented here;
https://developer.wordpress.org/reference/hooks/is_email/
In a clean core setup the is_email check is run for both user registration and comment creation so users are prohibited from submitting data associated to an email that doesn't pass the is_email check meaning all valid information submitted to WP is exportable/erasable. If your customizations circumvent this check then you'll have to customize the GDPR tools to also circumvent this. I tested both of your examples (Dörte@… & θσερ@εχαμπλε.ψομ) in a clean install and they're both blocked from signups and commenting.
So the privacy concern you're raising is with your customizations and not core itself.
The only core concern here is the support of RFC compliant emails which I've re-opened #17491 to be addressed there.
#12
@
6 years ago
@garrett-eclipse
Thank you for your answer.
I have two other questions :
a) On wordpress.org site in https://wordpress.org/about/privacy/, you can read
"You may have certain rights under data protection law in relation to the personal information we hold about you. In particular, you may have a right to:
- request a copy of personal information we hold about you;"
Is there a request form ? and where is it ?
b) WordPress as a software (core) is using internally wordpress.org sites (and maybe others).
I am considering to put a disclosure on my website using wordpress.
draft : "This site is powered by wordpress. This site is sharing informations with wordpress sites that may be collecting data (to name a few : wordpress.org, w.org). Please refer to their DPO for any specific request."
Is there any "Records of processing activities" for wordpress as a software and a list of ALL sites (wordpress, js libraries, fonts, pictures, others ...) used by wordpress core ?
(GDPR articles 25 and 30)
Regards
This ticket was mentioned in Slack in #core-privacy by pepe. View the logs.
6 years ago
#14
follow-up:
↓ 16
@
6 years ago
Regarding a), what part of "If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement." did you not understand?
Regarding b) what visitor data are you sharing with wordpress.org/w.org and by which mechanism?
#15
@
6 years ago
@garrett-eclipse
GDPR is a never ending process aiming to build a chain of trust for each component whether it is a software or a service.
In my point of vue, it is important to separate
- wordpress as a software (core) using external software components and external services
- wordpress.org as a service provider for wordpress core, e.g. updates, plugins, themes.
1st anniversary of GDPR is in may, time to go a step further ?
Make mandatory a new section called Privacy in readme.txt file for every plugin or theme distributed by/through wordpress.org with a list of external components and services (could be also used by wordpress.org as a disclaimer)
Provide a list of external components and services providers used by wordpress (core) in a new section (let's call it ... Privacy) of the readme.html file included in wordpress zip download.
Regards
ps : as a remainder :
- uploading a js library from an external site is a service.
- that allows you to use it as a software.
#16
in reply to:
↑ 14
@
6 years ago
Replying to pputzer:
Regarding a), what part of "If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement." did you not understand?
Regarding b) what visitor data are you sharing with wordpress.org/w.org and by which mechanism?
a) dpo@… i have nothing to do with wordcamp.org, never been on this site !
b) see attached file !
#17
@
6 years ago
Hi @arena
Concerning data export from wordpress.org there's not currently a request form, but as the verbiage indicated at the bottom of that bullet list you can simply contact the dpo email.
"If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement."
"Please contact us if you have any questions about our privacy policy or information we hold about you by emailing dpo@…."
- Although currently the process is to use the dpo email for export requests I've opened a Meta ticket to prompt creation of a Data Export Request form/page. Ticket - https://meta.trac.wordpress.org/ticket/4224
Concerning why the dpo email is under wordcamp.org there's a meta ticket to address that - https://meta.trac.wordpress.org/ticket/3660
* Regarding request forms there's actually a Data Erasure Request form (https://wordpress.org/about/privacy/data-erasure-request/) and I've just opened a ticket to disclose it from within the Privacy Policy - https://meta.trac.wordpress.org/ticket/4223
Concerning a standard method for declaring plugin/theme privacy in the readme.txt that's being looked into here;
https://core.trac.wordpress.org/ticket/43750
And concerning the external components and service providers used by wordpress core... We're working on removing all third-party services. Most js has been bundled with core and the last outstanding item is a Google Font in the block editor which is being looked at here;
Block Editor - https://core.trac.wordpress.org/ticket/46169
Bundled Themes - https://core.trac.wordpress.org/ticket/46170
*Although the bundled themes ticket is closed we're looking to reopen it once we've ironed out an approach to bundle the fonts rather than removing them as that would negatively affect existing aethetics.
In general though core shouldn't have any external scripts/services to avoid any need to disclose them for GDPR and privacy concerns.
As to wp.org you can refer to it's Privacy Policy - https://wordpress.org/about/privacy/
And any specifics you can send to the DPO for wp.org sites and services - currently that's dpo@… but hopefully that'll change soon.
Hopefully I've addressed all of your concerns, most are in the works. But if I've overlooked anything let me know or if it's specific to wp.org and not wp core then please direct them to the DPO.
Cheers
P.S. Thanks @pputzer for your input here.
This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.
6 years ago
#19
@
6 years ago
@arena I missed one that @pputzer flagged to me on the use of s.w.org and emoji's
This is being looked at in V2 of the privacy roadmap to remove the dependency or internalize it. The specific ticket can be found here;
https://core.trac.wordpress.org/ticket/44001
IIRC
is_email()
is also run on user registration, so users should have valid email addresses anyway.If you need to customize that behavior, the function is already filterable.