WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 4 weeks ago

#47794 new defect (bug)

EuGH ruling - opt-in obligation for cookies and social media

Reported by: DjPD Owned by:
Milestone: Awaiting Review Priority: normal
Severity: critical Version: 5.2.2
Component: Privacy Keywords:
Focuses: Cc:
PR Number:

Description (last modified by garrett-eclipse)

Hi.
I have a very important question.
The European Court of Justice has ruled that websites are now responsible for all internal and external cookies or affiliations (social media).

My question is whether WordPress now incorporates a management of cookies, making it easier for both WordPressadmin and website visitors to individually allow or block each cookie.

I think it will be very important that this feature comes from WordPress itself. Otherwise, every plugin will eventually have its own function, which makes WordPress just more vulnerable and bigger.
It would be best if Wordpress asks each plugin developer which cookies are collected and the system Wordpress can then recognize and manage.
In the privacy policy you can then write an explanation for each cookie or function and also insert a shortcut via shortcode. That would be the best and easiest way. Then a cookie-consents and actually everything should be done.

In addition, it also comes that an attractive core element "Embed function" comes directly from Wordpress. And for that you need an opt-in now.
This embed function must be deactivated until the visitor has specified that he wants to see it. It would be good if the first time a window is loaded, that the user has not yet allowed the display of this embed and that he can do it now in the privacy policy or in the Consents window.

It seems very important that people react very quickly.
The use of such functions is now illegal after this judgment.

Quelle:
https://datenschutz-generator.de/eugh-urteil-like-button-cookie-opt-in-abmahnbarkeit/ (german)

https://translate.google.de/translate?hl=de&tab=wT&authuser=0&sl=de&tl=en&u=https%3A%2F%2Fdatenschutz-generator.de%2Feugh-urteil-like-button-cookie-opt-in-abmahnbarkeit%2F (English Google translate)

Change History (4)

#1 @Clorith
3 months ago

  • Component changed from Security to Privacy
  • Description modified (diff)

This ticket was mentioned in Slack in #core-privacy by clorith. View the logs.


3 months ago

#3 @idea15
3 months ago

  • Description modified (diff)

One of the major items on the Core-Privacy team's roadmap is a consent and logging mechanism / system for administrators to use to secure active consent, and for users to provide and rescind their consent, across the myriad of a site's plugins, data captures, and passive data collection.

This work was looking ahead to the imminent revamp of the ePrivacy Directive, the main EU law dealing with cookies and consent, which is set for late this year/early next year. However, with the UK ICO issuing bridging guidance on consent to cover the interim between GDPR and the old cookie regulation last month, and with the CJEU decision this morning, it's obvious we are going to need to bring the work forward.

We need as many participants as possible to make this happen on the front end, design/UX, and back end levels. I would love to see the major enterprise-levels and VIP agencies getting involved here, as these issues impact their client needs at large scale.

#4 @garrett-eclipse
4 weeks ago

  • Description modified (diff)

The start of a discussion on a consent and logging mechanism for user privacy can be found on Make Core here;
https://make.wordpress.org/core/2019/08/07/feature-plugin-discussion-a-consent-and-logging-mechanism-for-user-privacy/

Note: See TracTickets for help on using tickets.