The WordPress coreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There’s lots of ways to contribute:
Found a bugbugA bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.?Create a ticket in the bug tracker.
WordPress 5.4 brings several improvements to the privacy tools to improve the user experience and expand upon the data provided in personal data exports.
Personal Data Export now includes Session Tokens, Community Events Location and Custom User MetaMetaMeta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress..
In WordPress 5.4 the Personal Data exports were expanded upon to ensure the Personally Identifiable Information (PII) present in Session Tokens (#45889) and the Community Events Location (#43921) user data were made available to the exporting user. This data is made available in the export as custom group sections.
Along with the new groupings which will automatically be included in the export if the relevant data is available, developers can now expand upon the User profile data grouping through the use of the new wp_privacy_additional_user_datafilterFilterFilters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output..
Note: The $reserved_names array is supplied to the filter to assist developers in avoiding using these names in their array of additional data. This is due to any additional data matching these names will be suppressed from the export to avoid a conflictconflictA conflict occurs when a patch changes code that was modified after the patch was created. These patches are considered stale, and will require a refresh of the changes before it can be applied, or the conflicts will need to be resolved. with the existing user profile data to be exported.
Personal Data Exports now include a JSONJSONJSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. file and a Table of Contents
Along with including additional data in the Personal Data Exports the export zip will now contain a JSON file (#49029) of the data for better portability. This JSON file will contain all of the data present in the HTMLHTMLHyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. file with the exception of the table of contents.
The HTML export file has been updated to include a Table of Contents (#46894) for easier navigation of large data exports.
Visual Improvements to the Privacy Tools tables
In WordPress 5.4 the Privacy Tools tables have been updated to give progress indicators (#44264) for both the export and erasure processes. As well as switched the ‘Next Steps’ buttons to links (#49323) for a cleaner interface.
New filters for the headers of all Privacy-related emails
In WordPress 5.4 developers are now able to filter the email headers on privacy related emails. For example, this will enable developers to change the “From” email address. These headers and an example are listed below;
wp_privacy_personal_data_email_headers
user_request_action_email_headers
user_request_confirmed_email_headers
user_erasure_complete_email_headers
// Privacy filter for setting the From name/email on privacy emails.
function my_privacy_mail_headers( $headers, $subject, $content, $request_id, $email_data ) {
$headers = array(
'From: My Name <myname@example.com>',
);
return $headers;
}
add_filter( 'wp_privacy_personal_data_email_headers', 'my_privacy_mail_headers', 10, 5 );
add_filter( 'user_request_action_email_headers', 'my_privacy_mail_headers', 10, 5 );
add_filter( 'user_request_confirmed_email_headers', 'my_privacy_mail_headers', 10, 5 );
add_filter( 'user_erasure_complete_email_headers', 'my_privacy_mail_headers', 10, 5 );
In WordPress 5.4 the wp_get_user_request_data function was renamed to wp_get_user_request for function clarity. This is due to the function returning the actual WP_User_Request object and not the data parameter which is part of the request object. The old function signature will now produce a _doing_it_wrong warning message.
The #core-privacy team has been having some great discussions surrounding the Consent APIAPIAn API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. and Compliance Tab and will be continuing those discussions during our office hours.
Along with those discussions we would like to start planning for 5.4, so come and join us for a full office hours at our usual time this Wednesday, 18 November, at 1900 UTC in our Slack channel. All are welcome.
Introducing an is_pii function for User MetaMetaMeta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. [ #48794 ]
This will be our last office hours of 2019, Happy Holidays and see everyone tomorrow or in the next decade!!
P.S. I will be stepping down from leading these meetings in 2020 so if someone wants to take over leading meetings and writing notes come raise your hand.
The #core-privacy team had a great WordCampWordCampWordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. US, with a brilliant talk from @riankinney on CCPA as well as a burst of effort on contributor dayContributor DayContributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/..
To keep that momentum going, we would like to run a full office hours at our usual time this Wednesday, 6 November, at 1900 UTC in our Slack channel. All are welcome.
WCUS SOTW question from Rian on privacy policies (by which she meant the privacy principles the project works with as a whole, not the public facing notice in the footer)
Below is a summary of the discussion from this week’s CoreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress. Privacy chat (agenda, Slack Transcript).
#37782 – Duplicate Page Entry in View All Pages when generating a Menu
#43974 – Both personal data request processes should follow the same convention
#44038 – Change personal data export path stored in request metaMetaMeta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. to relative paths
#44314 – user_confirmed_action_email_contentfilterFilterFilters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. run on two different strings
#44669 – Privacy Notification doesn’t clear after dismissing notification_wp_privacy_send_erasure_fulfillment_notification.
#46829 – Denote the special pages in CustomizerCustomizerTool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. Menu editor
#47366 – Privacy Policy page dropdown needs a max-width
#37782 is ready to commit if any committers can provide a final review.
We (@audrasjb & @garrett-eclipse) will be joining a future #meta chat to propose adding the pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to the Feature plugins list.
Agenda Item: Consent and Logging Mechanism for User Privacy
The consensus was that like other teams, we need data on what users and contributors actually need from us – what their concerns are, what their business needs are, what resources they expect from us, what tools they need us to build.
There are no questions about user needs there, for us or for any other team.
It feels like all the feedback about what should go on the survey was ignored.
So, this is worrisome that the once-a-year opportunity to gain critical information to support our work is at risk of being lost.
So, let’s all take a day or two to review both posts and the draft script, with a goal to feedback with a team comment on Friday.
@idea15 started a gDoc (https://docs.google.com/document/d/1ZXfT-Mvvfxa-ZjD9cSQG9BKvtTAhXuZb0QS5lK47BGY/edit?usp=sharing) in order to collaborate on some suggested questions for privacy.
The following is the agenda for the privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy room of the Making WordPress Slack.
Announcements / Housekeeping
Upcoming Release (5.3) Planning Note: We have 7 bugs (5 in Privacy component and 2 in privacy focus) pending for 5.3, they will need to be committed or punted by the Release Candidaterelease candidateOne of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). scheduled for Oct. 15th, 2019.
#37782 – Duplicate Page Entry in View All Pages when generating a Menu
#43974 – Both personal data request processes should follow the same convention
#44038 – Change personal data export path stored in request metaMetaMeta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. to relative paths
#44314 – user_confirmed_action_email_contentfilterFilterFilters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. run on two different strings
#44669 – Privacy Notification doesn’t clear after dismissing notification
#46829 – Denote the special pages in CustomizerCustomizerTool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. Menu editor
#47366 – Privacy Policy page dropdown needs a max-width
Below is a summary of the discussion from this week’s CoreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress. Privacy chat (agenda, Slack Transcript).
#43890 – Allow Adminadmin(and super admin) to Skip e-mail confirmation for Export/Anonymization.
#44133 – Should the Data Export indicate when we have no information on the user.
#44135 – Have Erasure button workflow follow Export button workflow replacing with static link.
#44588 – Denote the Copy action is complete by updating the Copy button to state ‘Copied’.
#46303 – Update wp_privacy_send_personal_data_export_email to provide the same filters as _wp_privacy_send_erasure_fulfillment_notification.
#46895 – Personal Data Export Report: A way to display the group count.
#44133, #44135, #46303 and #46895 are all nearing completion but will need another set of eyes and review/testing before they can be marked commit.
#43890 and #44588 will need some work either a refresh or initial patchpatchA special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing.. #43890 needs discussion but @garrett-eclipse is leaning towards the use of checkboxes instead of dropdown. #44588 has site health example to follow and just needs coding.
@pputzer graciously offered to review some of these tickets.
Not much feedback has been received yet so will let it gestate a little more. Initial feedback is pointing towards pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party territory over a core merge.
@audrasjb indicated it would be nice to test as a featured plugin so will determine how that can be accomplished.
Agenda Item: Consent and Logging Mechanism for User Privacy
Neither @idea15 nor @garrett-eclipse have capacity currently to spearhead the effort so decided to collect names of interested parties to create a working group. If anyone is interested in working on the consent/logging mechanism please feel free to comment on this thread or reach out in #core-privacy on SlackSlackSlack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..
The following is the agenda for the privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy room of the Making WordPress Slack.
Announcements / Housekeeping
Upcoming Release (5.3) Discussion & Planning Note: We have 6 enhancements pending for 5.3, they will need to be committed or punted by Sept. 23rd, 2019.
#43890 – Allow Adminadmin(and super admin) to Skip e-mail confirmation for Export/Anonymization.
#44133 – Should the Data Export indicate when we have no information on the user.
#44135 – Have Erasure button workflow follow Export button workflow replacing with static link.
#44588 – Denote the Copy action is complete by updating the Copy button to state ‘Copied’.
#46303 – Update wp_privacy_send_personal_data_export_email to provide the same filters as _wp_privacy_send_erasure_fulfillment_notification.
#46895 – Personal Data Export Report: A way to display the group count.
We welcome all thoughts on this proposal, which you are welcome to leave as comments on this post, or share with us directly in the #core-privacy channel on Making WordPress SlackSlackSlack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..
Introducing this feature pluginFeature PluginA plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. proposal
In 4.9.6, the ability for an administrator to initiate a data export or data erasure for a user by email address was added.
While this provided sites with the tools to be compliant with new laws and regulations, site owners are still left to find a way to accommodate those requests.
Adding a way for users to initiate this request on their own would prove a more “out of the box” experience and decrease the burden on site administrators to initiate these requests themselves.
Creating a privacy front-end form mechanism –first as a feature plugin– presents an opportunity for the project to make a positive impact across privacy areas. It will empower administrators within the ecosystem to better comply with privacy-related requirements, while contributing to a better standard of protecting user privacy across the open web.
Integrated in the Privacy Policy page, this feature would help big websites administrators to automatize privacy requests management (exactly as in WordPress.org related page).
This feature would also help regulation organisms to directly verify the conformity of WordPress powered websites by creating privacy requests and checking the result directly.
Last but not least, using the feature in websites privacy policy pages would eventually made visitors more confident about the website owner as they could request their data by themselves.
Technical scope of the feature plugin
The feature plugin should at least handle the following scope:
PHPPHPThe web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher functions to generate privacy data requests front-end forms
PHP filters to handle forms customizations like editing wording and choosing either to use data removal action, data export action, or both
Privacy Request WidgetWidgetA WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user.
Privacy Request ShortcodeShortcodeA shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site.
Privacy Request GutenbergGutenbergThe Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/BlockBlockBlock is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience.
Introducing the existing base pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party
This existing plugin is already managing some parts of the feature:
PHP functions to generate front-end Privacy Requests Forms
PHP filters to handle forms customizations (like choosing either to show remove request, export request, or both)
Privacy Request Widget
Privacy Request Shortcode
Privacy Request Gutenberg Block
It has 5000+ active installs and the idea is to use this plugin to prepare and test a potential coreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress. merge of the Privacy Data Request Form feature in WordPress Core.
As the initial author of the plugin, I already made some changes:
The plugin’s SVN repository is open for core privacy team contributions (current contributors: @xkon and @audrasjb).
The plugin is not displaying anymore my employer’s logo.
What’s next?
Once the plugin is confirmed as a feature plugin, the next steps would be:
To increase the number of users of the feature plugin.
To change the display name of the plugin from “GDPR Data Request Form” to “Privacy Data Request Form” (though we must keep the actual slug, I guess we could edit the plugin Display Name). – Plugin Review team validation needed on that point.
To add other interested privacy team members and core developers as contributors of the plugin.
To audit some specific aspects of the feature plugin:
wording/copywriting
accessibilityAccessibilityAccessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility)
design/theme compliance
security
coding-standards and documentation
To create a TracTracAn open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress.ticketticketCreated for both bug reports and feature development on the bug tracker. to handle a potential future merge proposal – if the feature plugin deserves it. Note: I already created a GitHub repo and generated a core diff file to test the feature directly against WordPress trunktrunkA directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision. (though it doesn’t contains the Gutenberg block nor AJAX validation)
As part of the #core-privacy team’s 2019 roadmap, the team has begun a discussion on the possibility of creating a consent and logging mechanism, most likely as a feature plugin. This is a working document to assemble our thoughts on what the initiative would involve; this document is not the formal proposal.
We welcome all thoughts on this document, which you are welcome to leave as comments on this post, or share with us directly in the #core-privacy channel on Making WordPress SlackSlackSlack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..
Consent capture refers to creating a means for users to express their consent to data capture and usage, and to change their opt-in or opt-out status at any time, through easily accessible means such as front-end user settings or account information areas.
Consent logging refers to creating a means for administrators to collect a history of how users have opted in or out of various means of processing their data across coreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress., themes, and plugins, to view the current status of that consent, and to make that history (and present state) available to users.
A standard way for WordPress core, plugins, and themes to obtain consent from users should be established to provide a consistent and stable experience for administrators, developers, and users of all kinds.
This initiative will likely require long term research, especially since it will be heavily influenced by pending regulations, such as the ePrivacy Regulation revamp, as well as user testing to ensure a positive experience for all while preventing “consent fatigue” or dark patterns.
Existing consent and logging projects, such as Joomla’s consent system, will be studied and emulated (where possible) for both functionality as well as potential applicability as a pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party rather than a core feature.
Work on consent and logging is a considerable opportunity, and a challenge, for frontend and UXUXUser experience design. Thought should be given to how users are prompted for consent, how and where they change consent, and how this experience could be consistent across WordPress sites regardless of plugins or themes. Creating an open sourceOpen SourceOpen Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. pattern library of designs for consent and choice while collaborating with other projects and organizations is advisable. Some existing pattern libraries have been developed for IAPP (International Association of Privacy Professionals) and by IF London, working with Open Rights Group (whom Automattic sponsors).
Although this work is independent of any specific regulation or law, it should be done with mindfulness of the new privacy laws coming into play in early 2020. Making a “head start” will allow an effective solution to be deployedDeployLaunching code from a local development environment to the production web server, so that it's available to visitors. well in advance of the eventual compliance deadlines.
While there are a range of privately produced plugins available in the repository to deal with user consent and logging, no work has been done to date evaluating these issues from a core perspective. We also know that many administrators have deployed these solutions without really verifying that they are useful, effective, or meet the regulatory compliance requirements applicable to them. Additionally, we know that everyone – users and administrators alike – will be fully aware of the obtrusive, confusing, and almost entirely incorrect cookie and consent windows which appeared across the web as a result of a misunderstanding of GDPR’s requirements. Where these are based in plugins, they can occasionally do more harm than good.
Creating a core-centred consent and logging mechanism, as a feature pluginFeature PluginA plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins., presents an opportunity for the project to make a positive impact across all these areas. It will empower administrators within the ecosystem to better comply with privacy-related requirements, while contributing to a better standard of protecting user privacy across the open web.
Is this a legal thing?
As a team, we work from the perspective of placing user privacy first and foremost, regardless of any particular legal compliance obligation, or indeed, any lack of one.
This mechanism would look ahead to the upcoming consent and compliance requirements of CCPA (US, January 2020) and the ePrivacy Regulation overhaul (Europe, spring 2020), while also looking back at GDPR. Recent developments including updated guidance on GDPR cookie consent from the data protection regulators in the UK and France, as well as Nevada’s data rights law taking effect on October 1, have brought forward the need for the mechanism.
That being said, this feature plugin would not be built specifically as a legal compliance package, as our V1 GDPR tools were, nor will it be depicted as a compliance solution. Indeed, a responsible approach to user privacy will mean having conversations along the lines of “well, X law says users do not have to be prompted to grant consent for Y thing, but should we give them that option and build that functionality regardless?” Working from this proactive user-centric approach, rather than taking a reactive legal compliance view, will help to future-proof the work and, perhaps, continue to protect users who may find that their legal privacy rights are being stripped back.
This diagram within the report explains the elements of a good consent and logging mechanism:
The mechanism must provide users with the agency to exercise true and meaningful control over their personal privacy; it must be built on an architecture that has already enabled optimal user privacy by default; and it must be used to its fullest extent, by site administrators, from an attitude of responsibility and respect to users. A fourth element is authority, the interplay of legal obligations to user privacy; this sits alongside, rather than within, the main mix, as not all countries and systems have privacy laws in place. Users who do not have privacy regulations or safeguards protecting them therefore rely on agency, architecture, and attitude even more.
The report collated best practice advice on consent mechanisms (dashboards) offered by UK, Australian, Canadian, New Zealand, US (the FTC), and EU data protection bodies, and this list offers us quite a bit of food for thought:
Accessible
Make the consent dashboard easily accessible for all users (for example, linking from the first screen);
Make the consent dashboard available to authenticated users, but also incorporate tools for passive and unauthenticated users, where their personal data is collected and used;
Link to this consent dashboard in the privacy policy of partner websites or third parties receiving personal data;
(We would add here that “accessible” should also mean the WordPress sense of a11yAccessibilityAccessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility).)
Comprehensive
The consent dashboard should be comprehensive to manage all services and privacy settings in one place;
Manage not only the processing, but also the collection of their personal data; and
Allow the exercise of data subject rights, e.g., access to copies of personal data (linking to our existing data export and erasure tools).
Default-settings
Default-settings have to comply with the applicable law (also including regional variations);
Default-settings to be specific to each product/service with privacy-friendly defaults, and
A feature to ‘restore to default settings’ could also be added.
Granularity
Provide granular controls and upfront permissions, as well as giving the user ongoing control over their consent;
Provide information and control over which third parties receive personal data; and
Offer a Do Not Track (DNT) mechanism that allow consumers to choose to prevent tracking by ad networks or other third parties.
Usability
The consent dashboard should be easy and straightforward to use;
Create a clear user interface that works to convey messages and draw attention;
Use design elements such as graphics, colours and layers to create hierarchies and user action;
It should be as easy to revoke consent as it was to provide it;
Ensure that users have a way to modify their information, have control of any tracking and delete their profile entirely if they wish;
Avoid making the dashboard unwieldy or too complex; and
Avoid dark patterns and any deceptive UX which compromises user privacy.
Information and transparency
Present information about the collection and use of personal data in an open, fair, and comprehensive way (as with our existing privacy notice tool); and
Instead of just using an on/off button, explain the consequences of making a choice to provide data so users can make an informed decision.
We have the benefit (right now) of a few months of leadup time, and our previous work together as a team means we have a good sense of how we work as a unit. What that means is that unlike our V1 GDPR work, we have a bit of breathing space to plan, iterate, design, test, and reflect.
That being said, CCPA’s deadline is 1/1/20, and its requirements are clearly defined. It may be practical to look at a V1 launch of the plugin with the functionality and options required for GDPR and CCPA, and then iterate for a V2 update containing the functionality required for the ePrivacy Regulation revamp; by that time we will know what its requirements will be.
Our work on a consent and logging mechanism will need participation and expertise from a range of contributors:
Developers who can create the functionality needed to hook a range of consents and data rights into a single dashboard. As consent and logging requirements impact larger and enterprise clients at scale, we would love to see participation from agencies and teams working at this level in particular;
Designers and UX specialists who can integrate existing design research from CNIL, IAPP (member-only content available in Slack), and IF, as well as user testing, to make the back end interface simple and attractive, while making any front-end interfaces both effective and within healthy compliance;
Policy experts who can advise on upcoming legal and regulatory changes which will impact what functionality might need to be built in (I handle this for Europe, @riankinney handles this for the US, and we’d love to expand our policy knowledge base with experts from other regions);
Project managers who can keep a complex, multidisciplinary initiative like this on task; and finally;
Conference speakers from the team who can speak about the initiative, and our work in general, at future WordCamps.
It should be noted that no members of the core-privacy team are funded or sponsored to contribute to privacy in WordPress, so we will need to be very realistic about what we will be able to accomplish within the time availability that we have; or indeed, if an initiative of this scope will be possible on a purely voluntary basis.
Next steps
Please join us in our #core-privacy office hours at 1900 UTC on Wednesdays to discuss this, or any of the other activities of the team’s work.
The following is the agenda for the privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy room of the Making WordPress Slack.
Announcements
Upcoming Release (5.3) Discussion & Planning
New ICO cookie guidance – https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/how-do-we-comply-with-the-cookie-rules/
Data Request Form feature pluginFeature PluginA plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. and direction
Open Floor
If you have anything to propose for the agenda or specific items related to those listed above, please leave a comment below.
You must be logged in to post a comment.