Let’s reconsider adopting the WP Consent API

This post is a follow up to Feature Plugin Proposal: WP Consent API from 2020, which as part of the Core Privacy Roadmap, proposed a framework to allow extenders to coordinate user consent signals and help websites honor user privacy preferences.

Objective of this proposal

The legal and moral implications around respect for user consent and tracking have evolved steadily since the original proposal was published in 2020. Powering over 40% of the web, WordPress is in a position to lead by example and provide site operators built-in and extensibleExtensible This is the ability to add additional functionality to the code. Plugins extend the WordPress core software. means to address these concerns. This proposal seeks to gather consensus around adopting the WP Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. for inclusion in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress..

A brief history of the API

In early 2020, the WP Consent API feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. was announced. It enables the setting and retrieval of user consent preferences, made accessible to plugins that register with the API. It was designed to be lean and unobtrusive, opt-in only, and with no UIUI User interface.

Rather than try to enforce cookie-setting compliance itself, the API lets opted-in plugins verify consent before placing cookies. It also allows consent categories to be defined and user choices set and stored by consent management providers (CMPs) and other extenders, where the technical and legal details around the various flavors of consent can be managed outside of WordPress.

In December 2020 the Consent API feature was swept up along with other features during a clean up of the features list, and marked as “Closed”. However, subsequent discussions in #core-privacy in following months were incognizant of the change, and there was confusion that it had been marked closed when attempts were made to move the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to the WordPress GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ org.

Until early this year, adoption of the plugin was minimal, but has been steadily maintained by @rogierlankhorst, @szepeviktor, @xkon, @aurooba, @mujuonly, @phpgeekdk, @paapst, @aahulsebos, @pputzer, and @markwolters.

Why does this matter now?

In March 2024, enforcement of the European Union’s Digital Markets Act (DMA) began, and adoption of the plugin has since grown from under 1,000 to over 100,000 active installations. Uptake of the plugin can largely be attributed to consent-requiring plugins such as Google Site Kit, WooCommerce, and WP Statistics, which use the API to support site analytics, advertising, marketing, and tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) management.


Beyond the DMA, there are numerous other privacy-focused regulations around the world that over the past few years have come into effect, or will soon. User consent is a key theme to achieving many of these protections, and WordPress can provide the foundation on which consent plugins interact.

Considerations for Core adoption

The API has remained largely unchanged since its introduction, so would likely require refreshing to meet today’s Core merge expectations. There may also be features that need to be revisited, such as how non-consent-related plugins appear in Site Health recommendations.

Along with the API, Core could implement a default cookie “popup” or blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. that could be activated similar to the built-in Privacy Policy feature. This would give site owners a simple mechanism to request and track consent (cookie-based), and be customizable without requiring an additional plugin.

A sample use would be to request “statistics” consent through the popup, styled through a theme, and wrap client-side tracking code inside a wp_has_consent() check. Extenders can take things further by expanding the default categories and storage mechanism for more advanced integrations, as current adopters of the API do today.

Canonical plugin alternative

If adding this feature to Core is not viable at this time, then another option would be to make it canonical. While originally developed under @rogierlankhorst‘s personal repo, it has since been migrated to that of a specific plugin developer and vendor in the CMP space.

Considering the original intent that this feature be merged to Core, agreement from Rogier that it remain available to the community, and the API’s adoption by other vendors, officially bringing the plugin into the WordPress org would send a clear signal to site owners and extenders that this is a community-built and supported standard.

Where to find more info

Share your thoughts

What do you think about WordPress paving the way for easier integration of consent-based privacy controls? Please comment below, especially if you have dealt with implementing consent management in WordPress.

Special thanks to @rogierlankhorst and @azaozz for review and feedback on this post.

#consent-api #core-privacy #feature-plugins #privacy #privacy-roadmap

Request for Input: Consent Preferences for Logged In Users (Consent API)

The coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-privacy team are currently working on three modular, but complementary initiatives, with the aim of merging into 5.6.
These are: The Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. (website visitor level privacy); the Disclosures Tab (site-level privacy) and collaborating with the core-media team on the Local AvatarAvatar An avatar is an image or illustration that specifically refers to a character that represents an online user. It’s usually a square box that appears next to the user’s name. Project.

The Consent API in its current form does not distinguish between consent preferences for users who are registered and logged in, vs. those who are either not registered, or registered, but not logged in.
This means that all consent preferences are currently saved in cookies.

This means that there are two approaches available to the team. Either we can use the wp_set_consent() function from the user’s profile page to allow them to manage their preferences and prevent unnecessary API calls (proposal 1 – status quo), or we can let the database be the ultimate source of truth to provide a more robust API, rather than an interface for an analytics opt-out (proposal 2).

There has been a lot of discussion in the channel lately. I will post a separate P2P2 A free theme for WordPress, known for front-end posting, used by WordPress for development updates and project management. See our main development blog and other workgroup blogs. post for discussions such as prompting logged in users who previously opted in for consent again if new cookies are added – or at the very least least providing the necessary hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. and filters for plugins to do so. Those are concerns can be realistically and effectively addressed in the UIUI User interface design requirements.

This is a fundamental design choice and while the window is wide open now, it will not remain so for long, as 5.6. approaches.
For purposes of this discussion, we please need input on the following, so that we can take the matter to dev chat:
1. Should consent preferences for registered users (applicable when logged in) be saved in cookies, or should they be saved in the database?
If consent preferences are saved in cookies, these could be displayed (and updated) in the user profile, but the choice would be transient and would effectively need to revert to site defaults every time the cookie is cleared.
2. If they are saved in the database, should the REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. be used to expose the logged in user’s consent preference on the front end?
3. If the REST API is used, should a new REST endpoint be created, or should register_meta() be used instead?
4. Should the consent preference be exposed on the front end using wp.data? The trade-off being that this provides nicer abstraction and makes it easier to move towards object-oriented, rather than event-orientated programming, but adds a few KB to the front-end?
5. If wp.data is used, should only this be used, or should the consent preference still be exposed to the front end by a method in point 3?

Thank you for everyone who has participated in this discussion on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. so far. I intentionally did not include who made which proposals for this P2 post, in order to focus on the merits of the alternative solutions, but will credit participants in tickets if those need to be created.
Participants in the Slack discussion are of course very welcome to express their opinions here! 😀

Your inputs are appreciated!

#consent-preferences, #consent-api, #core-privacy, #privacy, #request-for-comment

Agenda: Office Hours 19 August 2020 at 18:00 UTC

@paaljoachim has asked what the UI needs to look like for a Privacy screen in Core. You can read the conversation here: https://wordpress.slack.com/archives/C9695RJBW/p1597418745430800 (a Slack account is needed)

  • Site-level privacy
    Initiatives: 1.) Disclosures and Permissions Tab; 2.) Local AvatarAvatar An avatar is an image or illustration that specifically refers to a character that represents an online user. It’s usually a square box that appears next to the user’s name. Project (in collaboration with the #core-media team)

    The DPT would require writing a JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. schema, as well as a coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. function to validate it (hopefully in collaboration with the #core-restapi team).
    The UIUI User interface would most likely be under Settings -> Privacy.
    This interface should help site owners / admins understand what information their site collects (by means of individual plugins, themes, as well as Core), where it is stored and where it is sent.
    Ideally, this would provide a mechanism for the site owner to prevent data from being transmitted off-site / make choices with regards to third party access.

    Part of the Local Avatar Project would overlap with site-level privacy in the following areas: Settings, Permissions and Library.
    There is currently still a discussion as to whether a fully-fledged library is needed (defined as that image metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress.-data needs to be edit-able).
  • Website-visitor level privacy
    Initiatives: 1.) Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.; 2.) Local Avatar User Upload Screen

    The Consent API in its current form is not intended to have any UI.
    This is due to the fact that website visitors who are not registered / not logged in still need to be able to exercise privacy choices.
    However, it may be nice to allow logged-in users to save their privacy choices on a more permanent basis, perhaps by making use of user_meta. In this case, there would need to be a UI on the user’s profile screen to support this.
    There would presumably still be no UI for users who are not logged in. A UI could be provided by means of a consent management pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party.

    Additionally, the Team needs to discuss which filters / functions may be necessary in Core in order to convert the Consent API feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. into a more fully-fledged API, e.g. wp_set_cookie();

    Part of the Local Avatar Project would overlap with website-visitor level privacy. This would mainly be in the following area(s): User Profiles. For example, users may want to indicate that they do not wish for their avatars to be indexed by search engines.

Please join us for this week’s office hours to discuss what these solutions may look like!

#consent-api, #core-privacy, #disclosures-tab, #local-avatar-project, #privacy

Privacy Office Hours Minutes 14 May 2020 Plans for WCEU Contributor Day

Mission for WCEU Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/.:

Make Privacy Actionable.

Working groups:

There will be two working groups:
– Coding working group (coordinated by @garrett-eclipse);
– Non-coding working group (coordinated by @carike).

Pre-event office hours:

– 3 June 2020 at 10:00 UTC;
– 3 June 2020 at 19:00 UTC.

Pre-event office hours are to help onboard new contributors.
This primarily involves making sure that they have access to the tools necessary for the day.

Tools:

SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.:
Privacy Policy: region-specific at https://slack.com/intl/en-us/privacy-policy
Terms of Service: region-specific at https://slack.com/intl/en-us/terms-of-service/user

StreamYard:
Privacy Policy: https://streamyard.com/resources/docs/privacy/
Terms of Service: https://streamyard.com/resources/docs/tos/
We will be using StreamYard, as a number of experienced contributors in coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-privacy have expressed an unwillingness to use Zoom due to privacy considerations.

YouTube:
Privacy Policy: https://policies.google.com/privacy
Terms of Service: https://www.youtube.com/t/terms

Core TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. (coding working group):
Privacy Policy: https://wordpress.org/about/privacy/

GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ (coding working group):
Privacy Policy: https://help.github.com/en/github/site-policy/github-privacy-statement
Terms of Service: https://help.github.com/en/github/site-policy/github-terms-of-service

How to participate:

As a host:
If you are interested in hosting one or more topics, please comment below.
You can contact @carike on Slack if you would like more information.

As a guest via StreamYard:
You DO NOT need to register a StreamYard account in order to enter the stream as a guest.
You DO NOT need to download any program in order to use StreamYard. It is an in-browser solution.
You DO NOT need to appear on-screen if that is not something you are comfortable with. An audio-only option is available. We’re going to be using a very practical approach, so I’m going to be screen-sharing most of the time anyway.
We will provide new contributors with instructions on joining StreamYard as a guest via e-mail.
Instructions can also be found here: Guest Instructions: https://streamyard.com/resources/docs/guest-instructions/
We will provide new contributors with a link to join the stream via Direct Message (DM) on Slack, as there can only be six contributors “onscreen” (or via audio) at any one time (i.e. two hosts and four new contributors), with up to four additional new contributors in the “waiting room”.

As a guest via YouTube:
You DO NOT need to register an account with YouTube in order to watch the stream.
You DO need to register an account and be logged in to YouTube in order to participate in the live chat.
StreamYard supports integrating live chat messages from YouTube.
This will allow for more real-time input and also allow participation among those who do not want to use audio, or appear onscreen.
We are trying to recruit experienced contributors to help moderate the YouTube live chat to ensure compliance with the WCEU Code of Conduct, as well as to highlight any questions, comments and suggestions to the hosts.
Please comment below if you are able to help with YouTube live chat moderation.
You can find a copy of the WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. Europe Online 2020 here: https://2020.europe.wordcamp.org/code-of-conduct/

Via Trac (coding working group):
You DO need to register an account with WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ in order to comment on Trac tickets.

Via GitHub (coding working group):
You DO need to register an account with GitHub in order to create / comment on issues or to create / comment on Pull Requests (PRs).

On the day:

Coding working group:

13:00 – 16:00 UTC (coding working group)
Garrett will be available on Slack during this time.

The coding working group will participate via Slack, Core Trac and GitHub.
@garrett-eclipse is going through the list of privacy-related tickets to mark them with the “good first bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) where applicable.
For the more adventurous, there is the option to contribute to “help wanted” tickets for the next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope. (WordPress 5.5.).
An overview of current privacy tickets can be found here:
https://make.wordpress.org/core/components/privacy/

Non-coding working group:

The non-coding working group will have two two-hour sessions.

13:30 – 15:00 UTC
How to market without destroying user privacy (working title only).
Hosts: @carike and @jonoaldersonwp
During this session, we hope to identify online marketing best-practices that can be implemented even when users have opted-out (or not opted-in, depending on the jurisdiction) to being tracked with the view of creating actionable Trac tickets and / or to provide a resource for content marketing.
Topics will include:
– What is informed consent in a marketing context?
– Which digital marketing strategies were employed pre-the-ability-to-track-across-platforms and how may we able to adapt these?
– Which data points may still remain available for analytics if a user opts out of / does not opt in to the collection of their PPI.
Jono is “special ops” at Yoast SEO and we are very excited to have him participate.

16:00 – 18:00 UTC
A case study in the application of the Privacy Workflow Document and the Disclosures and Permissions (DPT) tabs.
Hosts: @carike and @pepe
In this session, we will be attempting to harmonize the Privacy Workflow Document and the Disclosures and Permissions (DPT) tabs and apply them practically to the WP Job Manager pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party.
The desired outcome for this session is an action plan for an education drive among plugin and theme authors regarding the proposed disclosures.json file.
Pepe has previously presented at WordCamp, is very involved with the #core-privacy team and was helped to create the draft Privacy Workflow Document. His insight will be invaluable to this session.

License:

We will be using the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license for the non-coding work group:
https://creativecommons.org/licenses/by-sa/4.0/legalcode

Contributions to the WordPress.org code are licensed in terms of the General Public License (GPLGPL GNU General Public License. Also see copyright license.) version 2 or later:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html

Slack logs:

You can view the Slack logs here:
https://wordpress.slack.com/archives/C9695RJBW/p1589396619341400
In order to view the logs, you will first need a WordPress.org account: https://login.wordpress.org/register
You will then need to register a Slack account: https://make.wordpress.org/chat/

Change log:
14 May 2020 at 14:15 UTC – @carike added GitHub information.
14 May 2020 at 17:45 UTC – @carike updated formatting in the Slack links.
16 May 2020 at 11:35 UTC – @carike switched out the non-coding session starting at 16:00 UTC, as Pepe has agreed to co-host.
18 May 2020 at 18:05 UTC – @carike added the times Garrett will be available on Contributor Day.
1 June 2020 at 13:55 UTC – @carike changed the start time for the first non-coding session in order to accommodate the WCEU introductions.
3 June 2020 at 19:40 UTC – @carike added details for the workgroup sessions and removed the third session.

#contributor-day, #privacy, #wceu-2020, #wordcamp-europe-online-2020

Feature Plugin Proposal: WP Consent API

As part of the core-privacy team’s roadmap the team has started development on a Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. as a feature plugin.

We welcome all thoughts on this proposal, which you are welcome to leave as comments on this post, or share with us directly in the #core-privacy channel on Making WordPress SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.. We host weekly office hours on Wednesdays at 19:00 UTC, see the meetings page for times in your timezone.

Introduction

A standard way for WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., plugins, and themes to obtain consent from users should be established to provide a consistent and stable experience for administrators, developers, and users of all kinds.

Currently it is possible for a consent management pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. third party services like Facebook, Google Maps, Twitter, if a user does not give consent. But if a WordPress plugin places a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher cookie, a consent management plugin cannot prevent this.                                         

There are also WordPress plugins that integrate tracking code on the client side in javascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. files that, when blocked by a consent management plugin, break the site. Or, if such a plugin’s javascript is minified, causing the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org to be unrecognizable, it won’t get detected by an automatic blocking script.

Lastly, the blocking approach requires a list of all types of URL’s that place cookies or use other means of tracking. A generic API which plugins adhere to can greatly help a webmaster in getting a site compliant.

Does usage of this API prevent third party services from tracking user data?

Primarily this API is aimed at helping to achieve a compliant use of cookies or other means of tracking by WordPress websites. If a plugin or custom code triggers for example Facebook, usage of this API will be of help to ensure consent. If a user manually embeds a facebook iframeiframe iFrame is an acronym for an inline frame. An iFrame is used inside a webpage to load another HTML document and render it. This HTML document may also contain JavaScript and/or CSS which is loaded at the time when iframe tag is parsed by the user’s browser., a cookie blockerblocker A bug which is so severe that it blocks a release. is needed that initially disables the iframe and or scripts.

Third-party scripts have to be blocked by a blocking functionality in a consent management plugin. To do this in core would be too intrusive, and is also not applicable to all users: only users with visitors from opt in regions such as the European Union require such a feature. Such a feature also has a risk of breaking things. Additionally, blocking these and showing a nice placeholder, requires even more sophisticated code, all of which should not be part of WordPress core, for the same reasons.

That said, the consent API can be used to decide if an iframe or script should be blocked.

How does it work?

There are two indicators that together tell if consent is given for a certain consent categoryCategory The 'category' taxonomy lets you group posts / content together that share a common bond. Categories are pre-defined and broad ranging., e.g. “marketing”:

  1. The region based consent_type, which can be optin, opt out, or other possible consent_types;
  2. The visitor’s choice: not set, allow or deny.

The consent_type is a function that wraps a filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output., wp_get_consent_type. If there’s no consent management plugin to set it, it will return false. This will cause all consent categories to return true, allowing cookies and other types of tracking for all categories.

If optin is set using this filter, a category will only return true if the value of the visitor’s choice is allow.

If the region based consent_type is opt out, it will return true if the visitor’s choice is not set or is allow.

Clientside, a consent management plugin can dynamically manipulate the consent type, and set the applicable categories.

A plugin can use a hook to listen for changes, or check the value of a given category.

Categories, and most other stuff can be extended with a filter.

Existing integrations

  • Cookiebot
  • Complianz
  • Example plugin. This plugin basically consists of a shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site., with a div that shows a tracking or not tracking message. No actual data tracking 🙂

Demo site

Plugins used to set this up:

Technical Scope

The feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. should at least handle the following functionality:

  • PHP functions to set the consent level and consent type.
  • PHP functions to retrieve the consent level and consent type.
  • Javascript functions to set the consent level.
  • Javascript hook that fires when a consent level is set.
  • Javascript functions to retrieve the consent level.

Introducing the Feature Plugin

What’s next?

Once the plugin is confirmed as a feature plugin, the next steps would be:

  • To increase the number of users of the feature plugin.
  • To add other interested privacy team members and core developers as contributors of the plugin.
  • To have additional Third-Party consent management plugins to adopt the API.
  • To iterate on the feature plugin development.
  • To audit some specific aspects of the feature plugin:
    • security
    • coding-standards and documentation
  • To create a TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker. to handle a potential future merge proposal – if the feature plugin deserves it.

Post written by @rogierlankhorst / @paapst and reviewed by @garrett-eclipse / @carike

#consent-api, #core-privacy, #feature-plugins, #privacy, #privacy-roadmap

Core-Privacy office hours agenda for 04 Marc

With WordPress 5.4 entering the RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). (Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta).) stage it’s time for the #core-privacy team to plan next steps. Along with planning privacy updates for 5.5, we’ll be discussing next steps for the Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. (feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins.), GDPR Data Request Form (feature plugin) and Compliance Tab during our office hours.

Come and join us for our office hours at our usual time this Wednesday, 04 March, at 1900 UTC on our Slack channel. All are welcome.

Our tentative agenda includes:

See you there.

#core-privacy, #privacy

Privacy Updates in 5.4

WordPress 5.4 brings several improvements to the privacy tools to improve the user experience and expand upon the data provided in personal data exports.

Personal Data Export now includes Session Tokens, Community Events Location and Custom User MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress..

In WordPress 5.4 the Personal Data exports were expanded upon to ensure the Personally Identifiable Information (PII) present in Session Tokens (#45889) and the Community Events Location (#43921) user data were made available to the exporting user. This data is made available in the export as custom group sections.

Session Tokens grouping
Community Events Location grouping

Along with the new groupings which will automatically be included in the export if the relevant data is available, developers can now expand upon the User profile data grouping through the use of the new wp_privacy_additional_user_data filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output..

// Privacy Filter for adding additional user meta to personal data exports.
function my_custom_additional_user_profile_data( $additional_profile_data, $user, $reserved_names ) {
	return array(
		array(
			'name'  => __( 'Data one', 'a-plugin' ),
			'value' => 'one',
		),
		array(
			'name'  => __( 'Data two', 'a-plugin' ),
			'value' => 'two',
		),
		array(
			'name'  => __( 'Data three', 'a-plugin' ),
			'value' => 'three',
		),
		array(
			'name'  => __( 'Data four', 'a-plugin' ),
			'value' => 'four',
		),
	);
}
add_filter( 'wp_privacy_additional_user_profile_data', 'my_custom_additional_user_profile_data', 10, 3 );

Note: The $reserved_names array is supplied to the filter to assist developers in avoiding using these names in their array of additional data. This is due to any additional data matching these names will be suppressed from the export to avoid a conflictconflict A conflict occurs when a patch changes code that was modified after the patch was created. These patches are considered stale, and will require a refresh of the changes before it can be applied, or the conflicts will need to be resolved. with the existing user profile data to be exported.

See #47509

Personal Data Exports now include a JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. file and a Table of Contents

Along with including additional data in the Personal Data Exports the export zip will now contain a JSON file (#49029) of the data for better portability. This JSON file will contain all of the data present in the HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. file with the exception of the table of contents.

The HTML export file has been updated to include a Table of Contents (#46894) for easier navigation of large data exports.

Visual Improvements to the Privacy Tools tables

In WordPress 5.4 the Privacy Tools tables have been updated to give progress indicators (#44264) for both the export and erasure processes. As well as switched the ‘Next Steps’ buttons to links (#49323) for a cleaner interface.

New filters for the headers of all Privacy-related emails

In WordPress 5.4 developers are now able to filter the email headers on privacy related emails. For example, this will enable developers to change the “From” email address. These headers and an example are listed below;

  • wp_privacy_personal_data_email_headers
  • user_request_action_email_headers
  • user_request_confirmed_email_headers
  • user_erasure_complete_email_headers
// Privacy filter for setting the From name/email on privacy emails.
function my_privacy_mail_headers( $headers, $subject, $content, $request_id, $email_data ) {
	$headers = array(
		'From: My Name <myname@example.com>',
	);
	return $headers;
}
add_filter( 'wp_privacy_personal_data_email_headers', 'my_privacy_mail_headers', 10, 5 );
add_filter( 'user_request_action_email_headers', 'my_privacy_mail_headers', 10, 5 );
add_filter( 'user_request_confirmed_email_headers', 'my_privacy_mail_headers', 10, 5 );
add_filter( 'user_erasure_complete_email_headers', 'my_privacy_mail_headers', 10, 5 );

See #44501

Renamed Function for Clarity

In WordPress 5.4 the wp_get_user_request_data function was renamed to wp_get_user_request for function clarity. This is due to the function returning the actual WP_User_Request object and not the data parameter which is part of the request object. The old function signature will now produce a _doing_it_wrong warning message.

See #46302

#5-4, #core-privacy, #dev-notes, #privacy

Core-Privacy office hours agenda for 18 December 2019

The #core-privacy team has been having some great discussions surrounding the Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. and Compliance Tab and will be continuing those discussions during our office hours.

Along with those discussions we would like to start planning for 5.4, so come and join us for a full office hours at our usual time this Wednesday, 18 November, at 1900 UTC in our Slack channel. All are welcome.

Our tentative agenda includes:

This will be our last office hours of 2019, Happy Holidays and see everyone tomorrow or in the next decade!!

P.S. I will be stepping down from leading these meetings in 2020 so if someone wants to take over leading meetings and writing notes come raise your hand.

#core-privacy, #privacy

Summary of Core Privacy Office Hours, Sept. 25th 2019

Below is a summary of the discussion from this week’s CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Privacy chat (agenda, Slack Transcript).

Agenda Item: 5.3 Bugs

The following tickets were flagged as bugs for 5.3 privacy component and focus;

  • #37782 – Duplicate Page Entry in View All Pages when generating a Menu
  • #43974 – Both personal data request processes should follow the same convention
  • #44038 – Change personal data export path stored in request metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. to relative paths
  • #44314user_confirmed_action_email_content filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. run on two different strings
  • #44669 – Privacy Notification doesn’t clear after dismissing notification_wp_privacy_send_erasure_fulfillment_notification.
  • #46829 – Denote the special pages in CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. Menu editor
  • #47366 – Privacy Policy page dropdown needs a max-width

#37782 is ready to commit if any committers can provide a final review.

Agenda Item: Privacy Data Request Form

Feature Plugin Proposal – https://make.wordpress.org/core/2019/09/04/feature-plugin-proposal-privacy-data-request-form/

We (@audrasjb & @garrett-eclipse) will be joining a future #meta chat to propose adding the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to the Feature plugins list.

Agenda Item: Consent and Logging Mechanism for User Privacy

Feature Plugin Discussion – https://make.wordpress.org/core/2019/08/07/feature-plugin-discussion-a-consent-and-logging-mechanism-for-user-privacy/

@idea15 mentioned there was some great comments on the thread many of which support the idea and proposal.

Next steps were discussed and @williampatton offered to review and start on the momentum for the work required.

@idea15 mentioned it would be nice to have the work ready to roll at least 60 days before the CCPA deadline believed to be on July 1st.

Agenda Item: WP User/Pro Survey

@idea15 flagged some earlier discussions on the survey with several questions put forth regarding user needs for privacy;
https://make.wordpress.org/updates/2019/06/28/updates-to-the-wordpress-user-developer-survey/

We also touched on that in the consent and logging proposal  https://make.wordpress.org/core/2019/08/07/feature-plugin-discussion-a-consent-and-logging-mechanism-for-user-privacy/#comment-36281 

The consensus was that like other teams, we need data on what users and contributors actually need from us – what their concerns are, what their business needs are, what resources they expect from us, what tools they need us to build.

In this week’s post on the survey (above), which links to the full set of questions https://docs.google.com/document/d/171KgbxvNukyuuHwLiY14yhqfbs7X5KBkw6hvbEcQZ9k/edit

There are no questions about user needs there, for us or for any other team.

It feels like all the feedback about what should go on the survey was ignored.

So, this is worrisome that the once-a-year opportunity to gain critical information to support our work is at risk of being lost.

So, let’s all take a day or two to review both posts and the draft script, with a goal to feedback with a team comment on Friday.

@idea15 started a gDoc (https://docs.google.com/document/d/1ZXfT-Mvvfxa-ZjD9cSQG9BKvtTAhXuZb0QS5lK47BGY/edit?usp=sharing) in order to collaborate on some suggested questions for privacy.


#core-privacy, #privacy

Privacy Office Hours Agenda: Wednesday September 25th, 2019

The following is the agenda for the privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy room of the Making WordPress Slack.

  • Announcements / Housekeeping
  • Upcoming Release (5.3) Planning
    Note: We have 7 bugs (5 in Privacy component and 2 in privacy focus) pending for 5.3, they will need to be committed or punted by the Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). scheduled for Oct. 15th, 2019.
    • #37782 – Duplicate Page Entry in View All Pages when generating a Menu
    • #43974 – Both personal data request processes should follow the same convention
    • #44038 – Change personal data export path stored in request metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. to relative paths
    • #44314user_confirmed_action_email_content filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. run on two different strings
    • #44669 – Privacy Notification doesn’t clear after dismissing notification
    • #46829 – Denote the special pages in CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. Menu editor
    • #47366 – Privacy Policy page dropdown needs a max-width
  • Feature Plugin Proposal: Privacy Data Request Form
  • Feature Plugin Discussion: Consent and Logging Mechanism for User Privacy
  • Discussion / Open Floor

If you have anything to propose for the agenda or specific items related to those listed above, please leave a comment below.

#core-privacy, #privacy