Agenda: Office Hours 19 August 2020 at 18:00 UTC

@paaljoachim has asked what the UI needs to look like for a Privacy screen in Core. You can read the conversation here: (a Slack account is needed)

  • Site-level privacy
    Initiatives: 1.) Disclosures and Permissions Tab; 2.) Local AvatarAvatar An avatar is an image or illustration that specifically refers to a character that represents an online user. It’s usually a square box that appears next to the user’s name. Project (in collaboration with the #core-media team)

    The DPT would require writing a JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. schema, as well as a coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. function to validate it (hopefully in collaboration with the #core-restapi team).
    The UIUI User interface would most likely be under Settings -> Privacy.
    This interface should help site owners / admins understand what information their site collects (by means of individual plugins, themes, as well as Core), where it is stored and where it is sent.
    Ideally, this would provide a mechanism for the site owner to prevent data from being transmitted off-site / make choices with regards to third party access.

    Part of the Local Avatar Project would overlap with site-level privacy in the following areas: Settings, Permissions and Library.
    There is currently still a discussion as to whether a fully-fledged library is needed (defined as that image metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress.-data needs to be edit-able).
  • Website-visitor level privacy
    Initiatives: 1.) Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.; 2.) Local Avatar User Upload Screen

    The Consent API in its current form is not intended to have any UI.
    This is due to the fact that website visitors who are not registered / not logged in still need to be able to exercise privacy choices.
    However, it may be nice to allow logged-in users to save their privacy choices on a more permanent basis, perhaps by making use of user_meta. In this case, there would need to be a UI on the user’s profile screen to support this.
    There would presumably still be no UI for users who are not logged in. A UI could be provided by means of a consent management pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the Plugin Directory or can be cost-based plugin from a third-party.

    Additionally, the Team needs to discuss which filters / functions may be necessary in Core in order to convert the Consent API feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. into a more fully-fledged API, e.g. wp_set_cookie();

    Part of the Local Avatar Project would overlap with website-visitor level privacy. This would mainly be in the following area(s): User Profiles. For example, users may want to indicate that they do not wish for their avatars to be indexed by search engines.

Please join us for this week’s office hours to discuss what these solutions may look like!

#consent-api, #core-privacy, #disclosures-tab, #local-avatar-project, #privacy