GDPR and privacy improvements to WordPress.org

As you might know, GDPR is coming, and the Meta team has been hard at work ensuring WordPress.org, WordCamp.org, and other hosted community sites are compliant with the new privacy and data handling requirements. We’re also making an effort to ensure that we go beyond the minimum standard set by GDPR, and ensure our retention of data and handling of privacy is in line with the expectations of the WordPress community.
Here’s a broad outline of what we’re planning on rolling out:

1. Subject Access Requests (SAR).

By filling in a form and authenticating your email address, you will be able to download a copy of all of the relevant data WordPress.org has stored about you. That will include things like:

  • The contents of your user profile.
  • Your favourites, ratings, and reviews.
  • Support forum activity.
  • SupportPress activity.
  • WordCamp.org activity, including attendance at WordCamps.
  • Submissions to other sites such as Rosetta, Showcase, etc.

2. Erasure.

By filling in a form and authenticating, regular users will be able to delete their accounts and all of the private data associated with it, with a few exceptions necessary for the ongoing stability of WordPress as a community project. Data deleted will include:

  • The contents of your user profile.
  • Favourites, ratings, and reviews.
  • Personal data held by WordCamp.org, such as shirt size and meal preference.
  • Personal data such as email addresses stored generally in non-critical tables such as comments.

Things not deleted will include:

  • Public posts and comments on make.wordpress.org, WordCamp.org and support forums. Your email address will be removed, but public content will remain.
  • Subversion commits, Trac tickets, and Trac comments.
  • Administrative records from WordCamp.org which must be retained for legal and financial reasons.
  • Themes, plugins, and showcase submissions. Your email address and any other personal details will be removed where possible.
  • Generally, content that has been made freely available to the public.

Deletion for most users will be self-service, with the final erasure and permanent account closure happening automatically a day or so after the request.

Significant users will not be able to delete their accounts and data without manual intervention. That means accounts with special access privileges, Subversion committers, plugin and theme authors, authors of Make WordPress blog posts and other content. These users will be asked to pass additional authentication steps, and confirm exactly what data they’re requesting to have deleted. Data that is necessary to the archives or historical records of the WordPress open source project will not be available for erasure.

3. Data retention.

We’re in the process of eliminating the storage and tracking of unnecessary data through a combination of means:

  • Erasing old and unnecessary data.
  • Anonymizing sensitive data.
  • Reducing the amount of data that we retain.

As part of this, we’re developing a new stats system that can record usage stats without storing any identifiable user data.

4. A new privacy policy.

The policy will describe what we do and don’t retain, and help ensure we’re meeting expectations. Users will be advised of cookie usage and changes to the privacy policy.

We’ve done our best to make sure that all Meta sites will be compliant with the GDPR. You can help us to make sure we’re keeping up with community expectations.