GDPR Compliance Chat Recap – February 14th

Welcome!

The WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There’s lots of ways to contribute:

Found a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.? Create a ticket in the bug tracker.

Want to contribute? Get started quickly with tickets marked as good first bugs for new contributors or join a bug scrub. There’s more on the reports page, like patches needing testing, and on feature projects page.

Other questions? Here is a detailed handbook for contributors, complete with tutorials.

(full text on slack)

This first GDPR Compliance Chat started by people introducing themselves. There was a nice mix of coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. comitters, developers, lawyers (or law-lovers), contributors, trainers, project managers, testers, people enrolled in privacy roles in companies, etc.

The main question was what is personal data and where it is stored. Most of it might be in user_meta, but there is personal data everywhere!

For the exporting part, all data needs to be considered, so probably also from all privacy impacting plugins.

About the roadmap, the first steps are:

Identify what is considered personal data (emails, IP, etc)
Who are the identifiable persons?
- Controller: Site owners, admins? In multisites?
- What about anonymous people that create posts?

Shared documents:

@bjornjohansen shared their Google doc – still in draft version – with an identification of points where core could work on.
@dejliglama also shared their presentation .

Some items raised worth keeping in mind and explore further:

What does the web owner need to do? And what part can WordPress Core take care of?
Proposal for a new column (is_personal_data) in all tables to indicate clearly the personal data, but of course data could be serialized and contain both. So interfaces and hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. might be a better way to go.
Could some developers share what privacy impacting data some of their own plugins collect and see if a pattern emerges?
Data stored on backups have to be deleted too.
Is a public post "personal data" if the user posted something that is considered personal? So how far is deletion inside posts needed? And what about quotes?
For plugins: a Privacy Impact Assessment is required by the GDPR for data intensive projects. It would be nice to get a tab in the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party repo noting every plugin's data flows, including collection, retention, cookies, telemetry.

Next GDPR Compliance Chat:

Structure the approach
Define goals and the roadmap
What is in scope and out of scope

#gdpr-compliance #summary

Welcome!

Communication

Share this: