WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 6 months ago

#46905 new defect (bug)

Erase Personal Data without verify enable erase option and change status issue

Reported by: mehulwpos Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-screenshots needs-testing 2nd-opinion
Focuses: Cc:
PR Number:

Description

Erase Personal Data

1) without verify request enable erase data option
2) Personal data but when erase data then display massage no personal data.
3) pending request change status completed when erase data without verify.

See attached images
1) No personal data issue.png
2) change status automatically without varify.png
3) completed status.png

Attachments (3)

No personal data issue.png (130.1 KB) - added by mehulwpos 6 months ago.
change status automatically without varify.png (129.5 KB) - added by mehulwpos 6 months ago.
completed status.png (91.0 KB) - added by mehulwpos 6 months ago.

Download all attachments as: .zip

Change History (6)

#1 @SergeyBiryukov
6 months ago

  • Component changed from General to Privacy

#2 @garrett-eclipse
6 months ago

  • Keywords close added

Hi @mehulwpos thank you for raising this issue to discuss.

The 'Force Personal Data Erasure' admin action is there to allow admins another process flow as they may have disabled the notification so they could control the communication with the requestor, or they may have been informed by the requestor to just erase their data asap and provided confirmation prior to the request being made. In these cases the action allows the admin to process the request immediately which is what the Force action is for. So the process currently is correct in my opinion.

That being said it's very similar to #44644 which was committed recently and will be part of the next major release (5.2). In that ticket it handled the Personal Data Export Request which had a similar action as you mentioned but for 'Download Personal Data'. Originally this download action would also move the request to the completed status. This flow matches what you're experiencing with the erasure flow and the 'Force Erase Personal Data'. However, these actions are vastly different in that the export was a way for the admin to preview the data so it made sense not to change the request state, while this force erasure action actually conducts to user action of erasure for them so there's no information left for them to erase making additional actions by them via the emails unnecessary. They also receive a confirmation email indicating their data erasure is complete.
*One sidenote: If they use the link after a Force Erasure they get a page stating 'This link has expired' which could be confusing.

With the Force Erasure triggered by Admins the erasure link expires and the user receives the fulfillment email completing the request cycle, which is why the status gets updated.
With the Export Download trigger by Admins the user may still want to view that export data so it makes sense not to have the Admin action change the status to complete.

I'm tempted to close this as invalid but will just label as close for now to leave the discussion open for the process flow here. I hope I understood your issue correctly here.

Cheers

#3 @mehulwpos
6 months ago

  • Keywords 2nd-opinion added; close removed

Hi,

Thanks for reply but "Erase Personal Data" in some place confusing.
If you see my image then there display my data related to media library it's before erase data.
When click on erase data then 2-3 thing confusing.
1) When click on "Send Request" then display massage "Confirmation request initiated successfully." & display next step status "Waiting for confirmation" it means erase data only after confirmation if not like this process then not need to display confirmation request massage.

2) After send it's in pending status and there if click "Force Erase Personal Data" at time display "No personal data was found for this user." and here my uploaded data available so nothing erase it.

3) After click on "Force Erase Personal Data" display request as pending not change status it's change when click on pending.

So as per flow it's confusing i thing it's like
1) If not required confirmation then not need to display massage it's display massage like "Request initiated successfully." and at last column "Next step" massage not display like "Waiting for confirmation" it's like "Request send".

2) Click on "Force Erase Personal Data" erase all data related to user request and change status automatically "Pending" to "Completed".

I hope you understand flow of erase data process it's some where confuse to client and also not delete data please check may be it's important because it's related to data so some client lost it.

Note: See TracTickets for help on using tickets.