Roadmap: tools for GDPR compliance

This roadmap is for adding privacy tools to core. These tools will help site owners comply with the GDPR and other privacy laws and requirements.

Main tasks

I. Add tools for creating a privacy policy

The idea is to have a “special” page for the privacy policy, #43435 (initial version of this is already committed), and #43491. The site owners are able to select an existing page or create a new one. There will be wp_get_privacy_policy_page() helper functions for use in themes, etc.

Another idea is to have a “postbox” shown when editing the policy page. All plugins that collect personal data or set cookies can output some concise information about what they collect and store and why. This information should be phrased for inclusion in the site’s privacy policy.

Core will also contain text that the site owners can use to create their policies. The text will be used as the default privacy policy and will be inserted in the privacy policy page when a new one is created. See #43473.

II. Create guidelines for plugins on how to get GDPR compliant

This should be a chapter on privacy in the plugins handbook. Needs text.

III. Add tools to core to facilitate compliance, and privacy in general

There are several plugins that are implementing similar tools. It would be great if the plugin authors participate/contribute to core to include the base tools, so we don’t double the efforts.

These tools will require a confirmation of the email of the person that requests an action, see #43443 (first version is already committed). When a confirmed request is received, the site owner will perform the action.

This could be done automatically. However deleting and anonymizing will be non-reversible. In this case it’s better if the site owners perform the actions themselves, after additional confirmation if required.

There will be two main tools:

  • To export all personal data stored on the site (by email address or user login), see #43438, #43440, #43547, #43547.
  • To delete all personal data and anonymize published/public content (like posts, comments, etc.), see #43637.

Note that registered users (“author” and above) have access to almost all of their personal data on the User Profile screen. They also have access to all posts and comments they have made on the site, and can edit or delete them. Site owners should deal mostly with requests from “contributor” level users and people that have commented on the site.

Couple of tasks can be performed in core without additional tools. For example a registered user’s account can be deleted and all of their posts can either be deleted or reassigned to another (already created) user account. This is sufficient for anonymizing a user account if there are no plugins that store private user data outside user_meta. Also, admins can search for and delete a specific user’s comments.

However having a specialized tools will enable plugins to hook into the performed actions and do their share. This is critical as many of the top 100 plugins seem to store at least some private user data.

IV. Add documentation/help for site owners on how to use these tools

The documentation should be on the new Tools => Privacy screen. Alternatively we can add only a very brief explanation and link(s) to WordPress.org with more extended help. Needs text.

All GDPR related tickets can be accessed here: https://core.trac.wordpress.org/query?status=!closed&keywords=~gdpr

#gdpr-compliance, #roadmap