GDPR and privacy improvements to WordPress.org

As you might know, GDPR is coming, and the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team has been hard at work ensuring WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, WordCamp.org, and other hosted community sites are compliant with the new privacy and data handling requirements. We’re also making an effort to ensure that we go beyond the minimum standard set by GDPR, and ensure our retention of data and handling of privacy is in line with the expectations of the WordPress community.
Here’s a broad outline of what we’re planning on rolling out:

1. Subject Access Requests (SAR).

By filling in a form and authenticating your email address, you will be able to download a copy of all of the relevant data WordPress.org has stored about you. That will include things like:

  • The contents of your user profile.
  • Your favourites, ratings, and reviews.
  • Support forumSupport Forum WordPress Support Forums is a place to go for help and conversations around using WordPress. Also the place to go to report issues that are caused by errors with the WordPress code and implementations. https://en.forums.wordpress.com/. activity.
  • SupportPress activity.
  • WordCamp.org activity, including attendance at WordCamps.
  • Submissions to other sites such as Rosetta, Showcase, etc.

2. Erasure.

By filling in a form and authenticating, regular users will be able to delete their accounts and all of the private data associated with it, with a few exceptions necessary for the ongoing stability of WordPress as a community project. Data deleted will include:

  • The contents of your user profile.
  • Favourites, ratings, and reviews.
  • Personal data held by WordCamp.org, such as shirt size and meal preference.
  • Personal data such as email addresses stored generally in non-critical tables such as comments.

Things not deleted will include:

  • Public posts and comments on make.wordpress.org, WordCamp.org and support forums. Your email address will be removed, but public content will remain.
  • SubversionSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. commits, TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. tickets, and Trac comments.
  • Administrative records from WordCamp.org which must be retained for legal and financial reasons.
  • Themes, plugins, and showcase submissions. Your email address and any other personal details will be removed where possible.
  • Generally, content that has been made freely available to the public.

Deletion for most users will be self-service, with the final erasure and permanent account closure happening automatically a day or so after the request.

Significant users will not be able to delete their accounts and data without manual intervention. That means accounts with special access privileges, Subversion committers, pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and theme authors, authors of Make WordPress blog posts and other content. These users will be asked to pass additional authentication steps, and confirm exactly what data they’re requesting to have deleted. Data that is necessary to the archives or historical records of the WordPress open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. project will not be available for erasure.

3. Data retention.

We’re in the process of eliminating the storage and tracking of unnecessary data through a combination of means:

  • Erasing old and unnecessary data.
  • Anonymizing sensitive data.
  • Reducing the amount of data that we retain.

As part of this, we’re developing a new stats system that can record usage stats without storing any identifiable user data.

4. A new privacy policy.

The policy will describe what we do and don’t retain, and help ensure we’re meeting expectations. Users will be advised of cookie usage and changes to the privacy policy.

We’ve done our best to make sure that all Meta sites will be compliant with the GDPR. You can help us to make sure we’re keeping up with community expectations.