Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#51110 assigned enhancement

Create a UI for user-level privacy / consent management options on the profile page

Reported by: carike's profile carike Owned by: paaljoachim's profile paaljoachim
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: needs-privacy-review
Focuses: ui, administration Cc:

Description (last modified by carike)

Background:

The Consent API is an initiative that is currently underway in the Privacy team.
The code is available in the repository here: https://wordpress.org/plugins/wp-consent-api/

The code does not include any user interface.
However, this is something that the Team feels could be very useful and would greatly improve user experience.

The Challenge:

Cookie banners provide very little useful information to users - increasingly so the more they pop up as as checking-the-box responses to various pieces of legislation throughout the world.
It would thus be useful to provide website users, who are registered, with a better UI to manage their consent - and to do so on a more persistent basis.

The Solution:
This may be updated, based on input received below / P2 discussions / dev chat.
This ticket represents a milestone for the Consent API.

There should be an action to re-direct users to this page (e.g. wp_prompt_consent_admin) to re-affirm their consent choices when necessary.

<?php
<h2> Your Privacy </h2>

<h3> While logged in: </h3>

Plugins should be able to filter paragraph:

<?php

<p> Your privacy choices while logged in are saved in the database and will persist until you change them. 
You may be prompted to update your consent from time to time. 
For example, you may be asked whether you still consent to marketing if you have previously opted in 
and the site added a new cookie. 
This is merely an example, as legislative requirements differ between jurisdictions.</p>

<h4> Consent categories: </h4>

User_meta values should only be created once a user saves their privacy preferences, not once a new user is created, to not unnecessarily strain large sites.
Plugins should be able to update the default values for the checkboxes (i.e. for when no user_meta value exists), as well as whether the checkboxes should be edit-able by the user or not, as obligations may vary depending on the jurisdictions involved.

<?php

5 checkboxes with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing.

There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.

<?php
<h3> While logged out: </h3>

Plugins should be able to filter this paragraph:

<?php
<p> Your privacy choices while logged out are saved in a cookie 
and will only persist until the cookie expires, or is deleted.
If this happens, these values will reset to the website's defaults.

5 checkboxes with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing.

There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.

<?php
<h4> Website defaults </h4>

5 checkboxes (not select-able) with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing. These should display the site's default values, which should be edit-able by plugins.

There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.

Ideally, there would be a mechanism (e.g. two buttons) to request data export or erasure here.
Thanks a lot to Ronnie Burt for bringing this up on Slack!
It is important to note that the user should need to log again to make either an export or erasure request.
Also, the request needs to be confirmed via e-mail for registered users.
I imagine this would work best if it was similar to how password resets work at the moment.
More background here: https://core.trac.wordpress.org/ticket/43437

Suggested text for buttons:

<?php
Export my data*
<?php
Anonymize my account*

There should be text explaining the above:

<?php
* These actions are not automatic. 
You will be required to log in again to to confirm your request.
An e-mail will be sent to the e-mail address on your profile to confirm your identity.
A request will then be sent to an administrator to process.

This ticket was created in response to a request from Paaljoachim.

Attachments (2)

Profile-page-Privacy4.jpg (163.3 KB) - added by paaljoachim 4 years ago.
Profile screen Privacy controls.
Privacy permission buttons.PNG (51.1 KB) - added by carike 4 years ago.

Download all attachments as: .zip

Change History (24)

#1 @carike
4 years ago

  • Description modified (diff)

#2 @carike
4 years ago

  • Description modified (diff)

This ticket was mentioned in Slack in #core by carike. View the logs.


4 years ago

#4 @carike
4 years ago

  • Description modified (diff)

This ticket was mentioned in Slack in #core-privacy by carike. View the logs.


4 years ago

@paaljoachim
4 years ago

Profile screen Privacy controls.

#6 @paaljoachim
4 years ago

The above is a suggestion in regards to Privacy Controls in the profile page.

Text used (as it is a bit hard to read it from the image).

Permissions

Your privacy choices while logged in are saved in the database and will persist until you change them.
You may be prompted to update your consent from time to time.

Your privacy choices while logged out are saved in a cookie and will only persist until the cookie expires, or is deleted.
Your choices will be automatically synchronized once you log in again, but the website defaults will apply until that time.

-Checkboxes-
You have not made any privacy choices yet. For now the site defaults apply. Please update your choices now.

My Data

Enable Privacy Actions -checkbox-
Export my Data -button-
Erase my Data -button-

Your data is handled according to this website's Privacy Policy [link]. It is possible that not all data will be deleted,
but that some data may be pseudo-anonymized instead, or retained if there is another legitimate basis for processing.

Last edited 4 years ago by paaljoachim (previous) (diff)

This ticket was mentioned in Slack in #accessibility by afercia. View the logs.


4 years ago

#8 @carike
4 years ago

  • Owner set to @…
  • Status changed from new to assigned

#9 @carike
4 years ago

  • Owner changed from @… to paaljoachim

#10 @paaljoachim
4 years ago

We need the next version of this screen. If someone can add an updated text and let me know the controls needed either here in this ticket directly or on Slack that would be helpful.
Thank you!

This ticket was mentioned in Slack in #core by meaganhanes. View the logs.


4 years ago

This ticket was mentioned in Slack in #core by markparnell. View the logs.


4 years ago

This ticket was mentioned in Slack in #core-privacy by paaljoachim. View the logs.


4 years ago

#14 @carike
4 years ago

I've been trying to figure out for a while how we can move away from checkboxes to improve the UI / accessibility.
The interest that that team has shown is greatly appreciated.
Would it be possible for us to have buttons instead, where a filled button === "checked" and a button with only a borderline === "unchecked"?
We could then add screen reader text to the buttons?
Attaching a screenshot.

Edit: We might also consider changing the colour for the permission fill / borderlines to green and then changing the colours for the erasure button to orange (to indicate a possibly destructive action), as per Garrett's suggestion in Slack a while ago.

Last edited 4 years ago by carike (previous) (diff)

#15 @paaljoachim
4 years ago

Hello Carike

Buttons do look nice, but looking through the profile screen the only three buttons that exist today is Generate Password, Log Out Everywhere Else and the Update Profile buttons.
The screen has a lot of radio and checkboxes used for various options. To keep with consistency I believe that adding checkboxes might be the correct choice there. We already added buttons to Export my data and Erase my data. There is also a sense of hierarchy that buttons are on the top showing the most important options in the profile screen. Below it are all the various radio and checkboxes.

Here is a link to using checkboxes in regards to accessibility: https://webaim.org/techniques/forms/controls#checkbox

This ticket was mentioned in Slack in #core-privacy by paaljoachim. View the logs.


4 years ago

#17 @garrett-eclipse
4 years ago

  • Milestone changed from 5.6 to Future Release

5.6 beta is coming up quickly, will revisit in a future release.

#18 @garrett-eclipse
4 years ago

  • Focuses privacy removed

Dropping privacy focus as it's already in the Privacy component.

#19 @garrett-eclipse
4 years ago

  • Version trunk deleted

This ticket was mentioned in Slack in #accessibility by sabernhardt. View the logs.


4 years ago

#22 @joedolson
5 months ago

  • Focuses accessibility removed

Since there's no UI as of yet to address, I'm going to remove the accessibility focus on this ticket. Please do add the focus back in when there's an interface to look at!

Note: See TracTickets for help on using tickets.