WordPress.org

Make WordPress Core

Opened 7 months ago

Last modified 3 months ago

#49035 new feature request

Add Export & Erasure requests to a dashboard widget.

Reported by: xkon Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch 2nd-opinion has-screenshots needs-design-feedback
Focuses: ui, administration, privacy Cc:

Description

Splitting this up from #46424 as was requested to add some information on the Dashboard.

We briefly talked about it on the last #core-privacy meeting and we agreed that adding an extra widget just for Privacy wouldn't be a good take to avoid taking more space on the Dashboard for so little information.

Instead, we can add these on the existing "At a Glance" widget as simple counts of "Data Export requests" & "Data Erasure Requests"

Currently, the caps are a bit messy and reviewed at #44176. I used the "manage_privacy_options" for a starting point but we can re-do this if they are eventually split up into 3 different capabilities.

I'm also adding a "needs-design-feedback" for the Dashicons used as we don't have a Privacy-related icon so I just used the eye as it's the usual suspect for now :D.

Attachments (5)

49035.diff (2.4 KB) - added by xkon 7 months ago.
glance_requests.jpg (30.6 KB) - added by xkon 7 months ago.
49035.2_preview.png (12.1 KB) - added by xkon 5 months ago.
49035.2.diff (5.2 KB) - added by xkon 5 months ago.
re-uploaded correct patch.
GDPRess.PNG (42.7 KB) - added by arena 4 months ago.

Download all attachments as: .zip

Change History (17)

@xkon
7 months ago

@xkon
7 months ago

#1 @johnbillion
7 months ago

For clarity, what's the intention here? To increase the visibility of pending requests? If so, I would say that pending requests should be highlighted more than a regular post, page, or comment, because they're effectively a pending action item.

Maybe that should appear is a similar manner to pending comments?

#2 @xkon
7 months ago

Hey @johnbillion,

Yes, the original request from #46424 was to show all "active" requests as well as how much time there is left to fulfill them as a notice. Unfortunately, the time would depend on many things so it's not standard for all websites/locations/authorities and we chose to skip that part.

So the idea continued more into let's show at least how many active requests there are in total without blocking the whole dashboard as if you have a lot of comments also etc you wouldn't need another huge widget taking up that much space in my opinion so I kept it as simple as possible.

If we're ok on creating a separate widget (I wouldn't mind that) we can add a little bit more information again without taking up too much space from the Dashboard area something like:

50 Export Requests ( 20 confirmed, 30 pending )

Also, an extra widget can always be filtered out if someone wants to hide it completely so it might as well be a better option overall to split it up.

I can definitely work on an alternative patch with this idea if it sounds better :).

@xkon
5 months ago

#3 @xkon
5 months ago

  • Summary changed from Add Export & Erasure requests to At a Glance dashboard widget. to Add Export & Erasure requests to a dashboard widget.

49035.2.diff introduces a new Dashboard widget regarding privacy information. It will only be active for users with manage_privacy_options, export_others_personal_data or erase_others_personal_data caps and the information within will be displayed accordingly as well depending on the cap access.

After an extra discussion, it seems that adding them on the existing at A Glance might be a bit confusing so an extra widget focusing only on Privacy-related information would help better.

This provides an easy extra link to access the Privacy Policy Guide as well as information regarding the Exports/Erasures statistic similar to "At a Glance".

We can also expand this to work in a similar way as Comments currently do by also adding some "quick actions" to send e-mails for confirmation etc in a future patch.

@xkon
5 months ago

re-uploaded correct patch.

This ticket was mentioned in Slack in #design by karmatosed. View the logs.


5 months ago

#5 @karmatosed
5 months ago

I'm coming to this as part of core triage for design and would love to know a little more about the user need here. Is this something that's been requested by people? I am wondering along lines of what @johnbillion is also, why would this be great to add? I say this wanting to explore because the dashboard already has a lot of things at that level which adds to the confusion as a first experience.

#6 @xkon
5 months ago

I'm a bit on the gray area with this and the bubbles (#44000). I don't feel that it's necessary (but I'm not even using Dashboard overall as well on any of my sites so...I'm kinda not the best to decide for this).

To answer to your questions @karmatosed and give as much info possible in a compact way: There's no "easy" way at the moment to have a view of any Exports/Erasures that your website might have, the only way to know if anything has changed is by navigating to Tools and opening each page.

Two possible implementations (that have been asked & discussed in #core-privacy) are to show them in the Dashboard either as part of an existing widget or on their own (so this ticket explores both of those ways) and another discussion was raised for bubbles in the menu at #44000.

--

Now to give my 2c here as well (and not only slack). I can understand why this might be needed on big sites that could have a lot of requests, but in general, those sites IMHO would/should essentially have someone doing the specific "job" of taking care of requests (i.e. a Data Protection Officer) so opening 2 pages kinda seems like not such a big problem to me.

Also good to note is that when we're talking about requests, the last known valid timespan that I know of for fulfilling a request (under the GDPR) is within 1 month and that can be extended also on some occasions i.e. for technical reasons. So again I don't see how having notifications and stats would greatly help as essentially you have 1 full month to go to those 2 pages and act accordingly per request.

#7 @karmatosed
5 months ago

Thanks for this great context. I do wonder if the 'notifications' route is better but that seems to have issues with translations. Let's have these as talking points for this week's triage meeting to try and get eyes on it before beta.

This ticket was mentioned in Slack in #design by karmatosed. View the logs.


5 months ago

#9 follow-up: @nrqsnchz
5 months ago

@xkon how important or critical are these notices? are they only for admins? are they time-sensitive? Meaning, immediate action is required?

#10 in reply to: ↑ 9 @xkon
5 months ago

  • Milestone changed from 5.4 to Future Release

Replying to nrqsnchz:

how important or critical are these notices? are they only for admins? are they time-sensitive? Meaning, immediate action is required?

Until now and by default it was only for Administrator roles yes, but since we're trying to "release" the capabilities on #44176 owners will be able to create more roles with these caps i.e. for a Data Protection Officer for example or any other. So the widget will always follow any role that has any of the 3 privacy caps and display the information accordingly.

Now regarding the important/critical, opinions will always be 50-50 here I suppose, as I've explained on my previous reply personally I don't find it that important to always have a notice somewhere within the admin for the Requests and this is also something that can be easily achieved by any plugin as well to be honest :-). It takes 1 click to get to the Export/Erasure pages and view all the information you want.

Time-sensitive, I wouldn't say they are since you have ~30days according to GDPR to take any action needed (and that can be extended on some occasions).

--

Since 5.4 Beta is tomorrow, I'm marking this for a Future Release for now so we can discuss it further.

Since I'm somewhere in-between with this I would love to get more feedback as well from anyone that could actually benefit from this and see if it's worth being shipped with Core.

#11 @arena
4 months ago

or a menu in the admin bar just like GDPRess does
and displayed only if some requests are pending

for dashicons see #46535

Last edited 4 months ago by arena (previous) (diff)

@arena
4 months ago

#12 @arena
3 months ago

Related #46424 4)

Note: See TracTickets for help on using tickets.