GDPR Compliance Chat Recap – February 14th

(full text on slack)

This first GDPR Compliance Chat started by people introducing themselves. There was a nice mix of coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. comitters, developers, lawyers (or law-lovers), contributors, trainers, project managers, testers, people enrolled in privacy roles in companies, etc.

The main question was what is personal data and where it is stored. Most of it might be in user_meta, but there is personal data everywhere!

For the exporting part, all data needs to be considered, so probably also from all privacy impacting plugins.

About the roadmap, the first steps are:

  • Identify what is considered personal data (emails, IP, etc)
  • Who are the identifiable persons?
    • Controller: Sitesite (versus network, blog) owners, admins? In multisites?
    • What about anonymous people that create posts?

Shared documents:

Some items raised worth keeping in mind and explore further:

  • What does the web owner need to do? And what part can WordPress Core take care of?
  • Proposal for a new column (is_personal_data) in all tables to indicate clearly the personal data, but of course data could be serialized and contain both. So interfaces and hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. might be a better way to go.
  • Could some developers share what privacy impacting data some of their own plugins collect and see if a pattern emerges?
  • Data stored on backups have to be deleted too.
  • Is a public post "personal data" if the user posted something that is considered personal? So how far is deletion inside posts needed? And what about quotes?
  • For plugins: a Privacy Impact Assessment is required by the GDPR for data intensive projects. It would be nice to get a tab in the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party repo noting every plugin's data flows, including collection, retention, cookies, telemetry.

Next GDPR Compliance Chat:

  • Structure the approach
  • Define goals and the roadmap
  • What is in scope and out of scope

#gdpr-compliance #summary