Make WordPress Core

Opened 5 years ago

Last modified 4 years ago

#47794 new enhancement

EuGH ruling - opt-in obligation for cookies and social media

Reported by: djpd's profile DjPD Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords:
Focuses: javascript Cc:

Description (last modified by garrett-eclipse)

I have a very important question.
The European Court of Justice has ruled that websites are now responsible for all internal and external cookies or affiliations (social media).

My question is whether WordPress now incorporates a management of cookies, making it easier for both WordPressadmin and website visitors to individually allow or block each cookie.

I think it will be very important that this feature comes from WordPress itself. Otherwise, every plugin will eventually have its own function, which makes WordPress just more vulnerable and bigger.
It would be best if WordPress asks each plugin developer which cookies are collected and the system WordPress can then recognize and manage.
In the privacy policy you can then write an explanation for each cookie or function and also insert a shortcut via shortcode. That would be the best and easiest way. Then a cookie-consents and actually everything should be done.

In addition, it also comes that an attractive core element "Embed function" comes directly from Wordpress. And for that you need an opt-in now.
This embed function must be deactivated until the visitor has specified that he wants to see it. It would be good if the first time a window is loaded, that the user has not yet allowed the display of this embed and that he can do it now in the privacy policy or in the Consents window.

It seems very important that people react very quickly.
The use of such functions is now illegal after this judgment.

Quelle: (german) (English Google translate)

Change History (6)

#1 @Clorith
5 years ago

  • Component changed from Security to Privacy
  • Description modified (diff)

This ticket was mentioned in Slack in #core-privacy by clorith. View the logs.

5 years ago

#3 @idea15
5 years ago

  • Description modified (diff)

One of the major items on the Core-Privacy team's roadmap is a consent and logging mechanism / system for administrators to use to secure active consent, and for users to provide and rescind their consent, across the myriad of a site's plugins, data captures, and passive data collection.

This work was looking ahead to the imminent revamp of the ePrivacy Directive, the main EU law dealing with cookies and consent, which is set for late this year/early next year. However, with the UK ICO issuing bridging guidance on consent to cover the interim between GDPR and the old cookie regulation last month, and with the CJEU decision this morning, it's obvious we are going to need to bring the work forward.

We need as many participants as possible to make this happen on the front end, design/UX, and back end levels. I would love to see the major enterprise-levels and VIP agencies getting involved here, as these issues impact their client needs at large scale.

#4 @garrett-eclipse
5 years ago

  • Description modified (diff)

The start of a discussion on a consent and logging mechanism for user privacy can be found on Make Core here;

#5 @garrett-eclipse
4 years ago

  • Description modified (diff)
  • Focuses javascript added
  • Milestone changed from Awaiting Review to Future Release
  • Severity changed from critical to normal
  • Type changed from defect (bug) to enhancement
  • Version changed from 5.2.2 to 4.9.6

Quick Update

The Consent API is currently being worked on here -
*Feel free to play along ;)

The original Feature plugin discussion was posted to Make Core here;

Discussions have occurred in the #core-privacy office hours, their Slack logs can be found here;

#6 @garrett-eclipse
4 years ago

  • Description modified (diff)

Related - #43797

Note: See TracTickets for help on using tickets.