WordPress.org

Make WordPress Core

Opened 4 weeks ago

Last modified 5 hours ago

#51110 assigned enhancement

Create a UI for user-level privacy / consent management options on the profile page

Reported by: carike Owned by: paaljoachim
Milestone: 5.6 Priority: normal
Severity: normal Version: trunk
Component: Privacy Keywords: needs-privacy-review
Focuses: ui, accessibility, administration, privacy Cc:

Description (last modified by carike)

Background:

The Consent API is an initiative that is currently underway in the Privacy team.
The code is available in the repository here: https://wordpress.org/plugins/wp-consent-api/

The code does not include any user interface.
However, this is something that the Team feels could be very useful and would greatly improve user experience.

The Challenge:

Cookie banners provide very little useful information to users - increasingly so the more they pop up as as checking-the-box responses to various pieces of legislation throughout the world.
It would thus be useful to provide website users, who are registered, with a better UI to manage their consent - and to do so on a more persistent basis.

The Solution:
This may be updated, based on input received below / P2 discussions / dev chat.
This ticket represents a milestone for the Consent API.

There should be an action to re-direct users to this page (e.g. wp_prompt_consent_admin) to re-affirm their consent choices when necessary.

<?php
<h2> Your Privacy </h2>

<h3> While logged in: </h3>

Plugins should be able to filter paragraph:

<?php

<p> Your privacy choices while logged in are saved in the database and will persist until you change them. 
You may be prompted to update your consent from time to time. 
For example, you may be asked whether you still consent to marketing if you have previously opted in 
and the site added a new cookie. 
This is merely an example, as legislative requirements differ between jurisdictions.</p>

<h4> Consent categories: </h4>

User_meta values should only be created once a user saves their privacy preferences, not once a new user is created, to not unnecessarily strain large sites.
Plugins should be able to update the default values for the checkboxes (i.e. for when no user_meta value exists), as well as whether the checkboxes should be edit-able by the user or not, as obligations may vary depending on the jurisdictions involved.

<?php

5 checkboxes with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing.

There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.

<?php
<h3> While logged out: </h3>

Plugins should be able to filter this paragraph:

<?php
<p> Your privacy choices while logged out are saved in a cookie 
and will only persist until the cookie expires, or is deleted.
If this happens, these values will reset to the website's defaults.

5 checkboxes with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing.

There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.

<?php
<h4> Website defaults </h4>

5 checkboxes (not select-able) with the descriptions: Functional, Preferences, Anonymous Statistics, Statistics, Marketing. These should display the site's default values, which should be edit-able by plugins.

There should be a filter here so that the Disclosure / Permissions tabs or consent management plugins can add more information if they need to, or to add more granular choices.

Ideally, there would be a mechanism (e.g. two buttons) to request data export or erasure here.
Thanks a lot to Ronnie Burt for bringing this up on Slack!
It is important to note that the user should need to log again to make either an export or erasure request.
Also, the request needs to be confirmed via e-mail for registered users.
I imagine this would work best if it was similar to how password resets work at the moment.
More background here: https://core.trac.wordpress.org/ticket/43437

Suggested text for buttons:

<?php
Export my data*
<?php
Anonymize my account*

There should be text explaining the above:

<?php
* These actions are not automatic. 
You will be required to log in again to to confirm your request.
An e-mail will be sent to the e-mail address on your profile to confirm your identity.
A request will then be sent to an administrator to process.

This ticket was created in response to a request from Paaljoachim.

Attachments (2)

Profile-page-Privacy4.jpg (163.3 KB) - added by paaljoachim 13 days ago.
Profile screen Privacy controls.
Privacy permission buttons.PNG (51.1 KB) - added by carike 5 hours ago.

Download all attachments as: .zip

Change History (16)

#1 @carike
3 weeks ago

  • Description modified (diff)

#2 @carike
3 weeks ago

  • Description modified (diff)

This ticket was mentioned in Slack in #core by carike. View the logs.


3 weeks ago

#4 @carike
3 weeks ago

  • Description modified (diff)

This ticket was mentioned in Slack in #core-privacy by carike. View the logs.


13 days ago

@paaljoachim
13 days ago

Profile screen Privacy controls.

#6 @paaljoachim
13 days ago

The above is a suggestion in regards to Privacy Controls in the profile page.

Text used (as it is a bit hard to read it from the image).

Permissions

Your privacy choices while logged in are saved in the database and will persist until you change them.
You may be prompted to update your consent from time to time.

Your privacy choices while logged out are saved in a cookie and will only persist until the cookie expires, or is deleted.
Your choices will be automatically synchronized once you log in again, but the website defaults will apply until that time.

-Checkboxes-
You have not made any privacy choices yet. For now the site defaults apply. Please update your choices now.

My Data

Enable Privacy Actions -checkbox-
Export my Data -button-
Erase my Data -button-

Your data is handled according to this website's Privacy Policy [link]. It is possible that not all data will be deleted,
but that some data may be pseudo-anonymized instead, or retained if there is another legitimate basis for processing.

Last edited 13 days ago by paaljoachim (previous) (diff)

This ticket was mentioned in Slack in #accessibility by afercia. View the logs.


7 days ago

#8 @carike
7 days ago

  • Owner set to @…
  • Status changed from new to assigned

#9 @carike
7 days ago

  • Owner changed from @… to paaljoachim

#10 @paaljoachim
7 days ago

We need the next version of this screen. If someone can add an updated text and let me know the controls needed either here in this ticket directly or on Slack that would be helpful.
Thank you!

This ticket was mentioned in Slack in #core by meaganhanes. View the logs.


3 days ago

This ticket was mentioned in Slack in #core by markparnell. View the logs.


2 days ago

This ticket was mentioned in Slack in #core-privacy by paaljoachim. View the logs.


45 hours ago

#14 @carike
5 hours ago

I've been trying to figure out for a while how we can move away from checkboxes to improve the UI / accessibility.
The interest that that team has shown is greatly appreciated.
Would it be possible for us to have buttons instead, where a filled button === "checked" and a button with only a borderline === "unchecked"?
We could then add screen reader text to the buttons?
Attaching a screenshot.

Edit: We might also consider changing the colour for the permission fill / borderlines to green and then changing the colours for the erasure button to orange (to indicate a possibly destructive action), as per Garrett's suggestion in Slack a while ago.

Last edited 5 hours ago by carike (previous) (diff)
Note: See TracTickets for help on using tickets.