gdpr-compliance – Page 3 – Make WordPress Core

Welcome!

The WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There’s lots of ways to contribute:

Found a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.? Create a ticket in the bug tracker.
Want to contribute? Get started quickly with tickets marked as good first bugs for new contributors or join a bug scrub. There’s more on the reports page, like patches needing testing, and on feature projects page.
Other questions? Here is a detailed handbook for contributors, complete with tutorials.

(full text on slack)

This first GDPR Compliance Chat started by people introducing themselves. There was a nice mix of coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. comitters, developers, lawyers (or law-lovers), contributors, trainers, project managers, testers, people enrolled in privacy roles in companies, etc.

The main question was what is personal data and where it is stored. Most of it might be in user_meta, but there is personal data everywhere!

For the exporting part, all data needs to be considered, so probably also from all privacy impacting plugins.

About the roadmap, the first steps are:

Identify what is considered personal data (emails, IP, etc)
Who are the identifiable persons?
- Controller: Site owners, admins? In multisites?
- What about anonymous people that create posts?

Shared documents:

@bjornjohansen shared their Google doc – still in draft version – with an identification of points where core could work on.
@dejliglama also shared their presentation .

Some items raised worth keeping in mind and explore further:

What does the web owner need to do? And what part can WordPress Core take care of?
Proposal for a new column (is_personal_data) in all tables to indicate clearly the personal data, but of course data could be serialized and contain both. So interfaces and hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. might be a better way to go.
Could some developers share what privacy impacting data some of their own plugins collect and see if a pattern emerges?
Data stored on backups have to be deleted too.
Is a public post "personal data" if the user posted something that is considered personal? So how far is deletion inside posts needed? And what about quotes?
For plugins: a Privacy Impact Assessment is required by the GDPR for data intensive projects. It would be nice to get a tab in the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party repo noting every plugin's data flows, including collection, retention, cookies, telemetry.

Next GDPR Compliance Chat:

Structure the approach
Define goals and the roadmap
What is in scope and out of scope

#gdpr-compliance #summary

This is the agenda for the first weekly meeting about WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. GDPR compliance on February 14, 2018 at 17:00 UTC / February 14, 2018 at 17:00 UTC in the gdpr-compliance channel on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Introductions. Please introduce yourself with few words and include your field of expertise (developer, documentation specialist, project manager, lawyer, etc.).
Start on a roadmap for GDPR compliance for core. There were few prerequisites identified in the gdpr-compliance channel. We'll need to have clear understanding about:
- What is considered personal information in WordPress?
  - Emails, IP addresses.
  - Are posts and comments personal information? What about private posts?
  - Are login names personal information?
  - Anything else?
- Who are the identifiable persons?
  - Are site owners "controllers"?
  - Are all admins site owners?
  - On multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site installs, who are controllers: site admins or only the networknetwork (versus site, blog) admins?
  - Are people that post comments and don't have accounts "identifiable persons"?

As always, please suggest other agenda items in the comments.

#agenda, #gdpr-compliance

Welcome!

Communication