Opened 2 years ago
Last modified 2 years ago
#56542 new enhancement
Should not allow to unregistered user be able to make a "Export Personal Data" Request
Reported by: | hiren1094 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.9.6 |
Component: | Privacy | Keywords: | has-patch needs-privacy-review |
Focuses: | administration, privacy | Cc: |
Description
Hello,
We should fix the condition of unregistered users allowed to "Export Personal Data" request when try with an email address
Attachments (2)
Change History (8)
#3
@
2 years ago
- Version changed from 6.0.2 to 4.9.6
I believe this has been the case since the feature was introduced in WordPress 4.9.6 (#43546).
Updating the Version
property of the ticket.
#4
@
2 years ago
Privacy is about removing a person's data; no part of that necessitates that the person has a login or user account. While this issue might need some work, ensuring there's a user for a given username or email is not the solution; we need to be able to export and remove all data relevant to any identity, whether they're a user in the site or not. Plugins could save user data in independent contexts, and those need to be considered.
#5
@
2 years ago
@joedolson
Thank you for more clarification.
I totally agree to we need to be able to export and remove all data relevant to any identity, whether they're a user in the site or not.
But we need to find out how many plugins/functionality save user details and those functionality & plugins we need to link with "Export/Remove Personal Data".
Meanwhile, I will recommend we need to put a document link in the screen so admin/user can easily read in a document right now which user data we export and which one we erase.
Patch added