WordPress.org

Make WordPress Core

Opened 10 months ago

Closed 10 months ago

Last modified 10 months ago

#46343 closed defect (bug) (invalid)

Legal issue on GDPR and WP "privacy" processes

Reported by: arena Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Privacy Keywords:
Focuses: Cc:
PR Number:

Description

As long as comment form is highly customizable,
As long as plugins may accept internally emails that comply the following RFC : RFC822 (year 1982), 2822 (year 2001), 532x (year 2010), 653x (year 2012),
As long as GDPR rules (year 2018) oblige us to process any request on personnal data,

Does the use of the function is_email() - in wp_create_user_request() for instance - that will reject some valid emails (see RFC references above) - is making the whole "privacy" processes useless, and WordPress NOT 100% GDPR compliant ?

May be a pluggable function called :

wp_privacy_is_email()

or a specific filter

if ( apply_filter( 'wp_privacy_is_email', is_email( $email ), $email ) ) ...

Regards

Attachments (1)

CELEX_32016R0679_EN_TXT.pdf (959.3 KB) - added by arena 10 months ago.
GDPR

Download all attachments as: .zip

Change History (22)

#1 @swissspidy
10 months ago

  • Severity changed from major to normal

IIRC is_email() is also run on user registration, so users should have valid email addresses anyway.

If you need to customize that behavior, the function is already filterable.

#2 @pputzer
10 months ago

@arena, what exactly is the issue here? I don't see the link between a "[highly customizable] comment form" the is_email() function (much less any resulting "legal issues").

#3 @arena
10 months ago

GDPR is not limited to registered users, but to anyone who is browsing your blog ...

#4 @pputzer
10 months ago

And? I'm still waiting for your reasoning on what the specific issue is.

#5 follow-up: @arena
10 months ago

this

Dörte@example.com

or

θσερ@εχαμπλε.ψομ   (greek)

could be a valid email

Last edited 10 months ago by arena (previous) (diff)

#6 in reply to: ↑ 5 @pputzer
10 months ago

Well yes, but you still have not described the issue.

#7 follow-up: @arena
10 months ago

well, due to wp current "privacy" processes, the request would be currently rejected .

I think the question should be escalated to the wordpress.org Data Protection Officer.
They have to have one.

Regards

#8 in reply to: ↑ 7 @pputzer
10 months ago

Replying to arena:

well, due to wp current "privacy" processes, the request would be currently rejected .

Let's start over. Are you concerned that anonymous comments made by certain emails cannot be deleted/discovered via at the builtin Privacy Request mechanism? Or, do you mean that people should have the right to make such requests via the Comment mechanism? Your initial description is ambiguous and not easy to parse.

I think the question should be escalated to the wordpress.org Data Protection Officer.

What has WP, the open source software, got to do with WP.org's infrastructure?

#9 @arena
10 months ago

@pputzer ...

1) i think you got it ... who wrote "posting a privacy request through comment form" ?
not me !

2) wordpress => wordpress foundation => website wordpress.org (or wikipedia is wrong) ... https://en.wikipedia.org/wiki/WordPress

#10 @garrett-eclipse
10 months ago

  • Keywords needs-privacy-review removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Thanks @arena

I appreciate you raising the issue, but will close this as this isn't a privacy issue in core but rather an issue caused by customizations either via a plugin or your own code which has introduced email support beyond the existing support of is_email. If you've introduced emails to your system that fail the is_email check then you can customize the check via it's filter, as @swissspidy mentioned, documented here;
https://developer.wordpress.org/reference/hooks/is_email/

In a clean core setup the is_email check is run for both user registration and comment creation so users are prohibited from submitting data associated to an email that doesn't pass the is_email check meaning all valid information submitted to WP is exportable/erasable. If your customizations circumvent this check then you'll have to customize the GDPR tools to also circumvent this. I tested both of your examples (Dörte@… & θσερ@εχαμπλε.ψομ) in a clean install and they're both blocked from signups and commenting.

So the privacy concern you're raising is with your customizations and not core itself.

The only core concern here is the support of RFC compliant emails which I've re-opened #17491 to be addressed there.

#11 @garrett-eclipse
10 months ago

  • Version trunk deleted

#12 @arena
10 months ago

@garrett-eclipse 

Thank you for your answer.

I have two other questions :

a) On wordpress.org site in https://wordpress.org/about/privacy/, you can read

"You may have certain rights under data protection law in relation to the personal information we hold about you. In particular, you may have a right to:

  • request a copy of personal information we hold about you;"

Is there a request form ? and where is it ?

b) WordPress as a software (core) is using internally wordpress.org sites (and maybe others).
I am considering to put a disclosure on my website using wordpress.
draft : "This site is powered by wordpress. This site is sharing informations with wordpress sites that may be collecting data (to name a few : wordpress.org, w.org). Please refer to their DPO for any specific request."
Is there any "Records of processing activities" for wordpress as a software and a list of ALL sites (wordpress, js libraries, fonts, pictures, others ...) used by wordpress core ?
(GDPR articles 25 and 30)

Regards

This ticket was mentioned in Slack in #core-privacy by pepe. View the logs.


10 months ago

#14 follow-up: @pputzer
10 months ago

Regarding a), what part of "If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement." did you not understand?

Regarding b) what visitor data are you sharing with wordpress.org/w.org and by which mechanism?

#15 @arena
10 months ago

@garrett-eclipse 

GDPR is a never ending process aiming to build a chain of trust for each component whether it is a software or a service.
In my point of vue, it is important to separate

  • wordpress as a software (core) using external software components and external services
  • wordpress.org as a service provider for wordpress core, e.g. updates, plugins, themes.

1st anniversary of GDPR is in may, time to go a step further ?

Make mandatory a new section called Privacy in readme.txt file for every plugin or theme distributed by/through wordpress.org (could be also used by wordpress.org as a disclaimer)

Provide a list of external components and services providers used by wordpress (core) in a new section (let's call it ... Privacy) of the readme.html file included in wordpress zip download.

Regards

ps : as a remainder :

  • uploading a js library from an external site is a service.
  • that allows you to use it as a software.
Version 0, edited 10 months ago by arena (next)

#16 in reply to: ↑ 14 @arena
10 months ago

Replying to pputzer:

Regarding a), what part of "If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement." did you not understand?

Regarding b) what visitor data are you sharing with wordpress.org/w.org and by which mechanism?

a) dpo@… i have nothing to do with wordcamp.org, never been on this site !
b) see attached file !

#17 @garrett-eclipse
10 months ago

Hi @arena

Concerning data export from wordpress.org there's not currently a request form, but as the verbiage indicated at the bottom of that bullet list you can simply contact the dpo email.
"If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement."
"Please contact us if you have any questions about our privacy policy or information we hold about you by emailing dpo@…."

Concerning why the dpo email is under wordcamp.org there's a meta ticket to address that - https://meta.trac.wordpress.org/ticket/3660
* Regarding request forms there's actually a Data Erasure Request form (https://wordpress.org/about/privacy/data-erasure-request/) and I've just opened a ticket to disclose it from within the Privacy Policy - https://meta.trac.wordpress.org/ticket/4223

Concerning a standard method for declaring plugin/theme privacy in the readme.txt that's being looked into here;
https://core.trac.wordpress.org/ticket/43750

And concerning the external components and service providers used by wordpress core... We're working on removing all third-party services. Most js has been bundled with core and the last outstanding item is a Google Font in the block editor which is being looked at here;
Block Editor - https://core.trac.wordpress.org/ticket/46169
Bundled Themes - https://core.trac.wordpress.org/ticket/46170
*Although the bundled themes ticket is closed we're looking to reopen it once we've ironed out an approach to bundle the fonts rather than removing them as that would negatively affect existing aethetics.

In general though core shouldn't have any external scripts/services to avoid any need to disclose them for GDPR and privacy concerns.

As to wp.org you can refer to it's Privacy Policy - https://wordpress.org/about/privacy/
And any specifics you can send to the DPO for wp.org sites and services - currently that's dpo@… but hopefully that'll change soon.

Hopefully I've addressed all of your concerns, most are in the works. But if I've overlooked anything let me know or if it's specific to wp.org and not wp core then please direct them to the DPO.

Cheers
P.S. Thanks @pputzer for your input here.

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


10 months ago

#19 @garrett-eclipse
10 months ago

@arena I missed one that @pputzer flagged to me on the use of s.w.org and emoji's
This is being looked at in V2 of the privacy roadmap to remove the dependency or internalize it. The specific ticket can be found here;
https://core.trac.wordpress.org/ticket/44001

#20 @arena
10 months ago

Thank you to everyone for your replies.

Can you also add in V2 the wordpress oembedding process (WP_oEmbed).

Have a nice day.

#21 @garrett-eclipse
10 months ago

Hi @arena

The OEmbed is already on the roadmap and flagged in the following tickets;
#43713
#44001

All the best,
Cheers

Note: See TracTickets for help on using tickets.