WP 4.9.6, Privacy, Hooks, and You

WordPress 4.9.6 has been released. This was a focused release, a little different than other minor releases, in that it adds a system for a privacy policy to WordPress. While the only change to plugins has been our requirement that you not claim (or imply) 100% compliance in anything, the changes to privacy awareness are far reaching.

The tl;dr of the whole post is “You’re going to need to consider the impact of data collection in your plugins, even if you don’t collect anything.” So yes, I know it’s long, but please read the whole thing.

NOTE: We are not lawyers. We cannot tell you if what your plugin is doing is going to break a law. Please don’t ask us to try and figure that out for you. The purpose of this post is to make you aware of what’s going on, and give you a place to start with making your plugins better.

Does This Impact You?

Yes. This impacts everyone. Plugins are used internationally which means you actually do have to be aware of the world, Net Neutrality shenanigans aside. Your plugin could, in fact, cause someone to get in legal trouble. While that is technically their responsibility, you should be as aware as possible of the implications of your code and how it’s used.

Ask yourself this: Does your plugin…

… write any private data of users (registered or visitors) to the database?
… send any data to remote servers (i.e. act as a service or embed content)?
… edit the comments form in any way?

If yes, then this absolutely, without a doubt, impacts your plugins.

If no, then this may still impact you, so please keep reading, because people are going to ask you about this.

Privacy Means Disclosure

If you’re a service, like you pull a library from a remote server, then you have to tell people that you pull data remotely. This has always been a policy, so if you’re not disclosing this now, please go fix it right away. But you also need to tell people the obvious things, like embedding content via your plugin means the site administrator is consenting to the embed terms of that service.

An example for you. Let’s say you have a plugin that embeds YouTube playlists. Your plugin should be clear “This plugin embeds YouTube Playlists.” We also recommend you include a link to YouTube’s privacy doc. It’s alright to say “By using the embed features in this plugin, you will be agreeing to YouTube’s Terms of Use.”

The same holds true now for data stored locally. If your plugin stores browser data of visitors, then yes, you need to document and disclose this. You can’t force site admins to publicize this in turn, but by making sure they know, you’re helping them determine what their own reasonable disclosure should be.

Some Code To Help

WordPress has gone the extra step to make it easier to make a privacy page and hook into it, both for users and developers. The moving parts you need to be aware of are the tool for users to request an export of all the stored data associated with them on the site. There’s also a tool for users to request erasure of that same data. Both tools include admin workflows to fulfill those requests. And there’s one to suggest what kind of text should be on someone’s site.

The handbooks have been updated to help you out here:

Also, while this is a little more aimed at theme developers, if your plugin happens to mess around with comments, please read the changes that affect themes, as there is going to be a new checkbox for comments.

Update Your Plugins

The tl;dr of all this is that plugins should…

… disclose what user/visitor information it saves in the readme;
… hook into the privacy page creator to inform people there too;
… provide a way to export said information;

We aren’t (currently) changing any policy to require all this. At the same time, I strongly recommend at the bare minimum everyone put a privacy policy in your readme. Even if you don’t save any data and you don’t send anything, make a Privacy Policy anyway and tell people that.

Why? At the very least, it may stop people from asking you “Is this plugin collecting any data?” which saves you time. But more importantly, this is to protect yourself. After all, if people come through with a 1-star review that you caused them to become non-compliant because you didn’t disclose local data collection, well, that would be a very justified review.

#core, #guidelines, #privacy

David Anderson 8:22 pm on May 17, 2018

It’s great that WP now has privacy tools in core. Thank you to all those who’ve worked on them. Without tools in core, it would have been very unlikely that a standard for plugins to use would have emerged.

[removed questions about core]
- Ipstenu (Mika Epstein) 9:03 pm on May 17, 2018
  
  David, I removed the lengthy commentary about core and auto-updates. Not that they’re not valid, but this is not the right place to pose those questions and it would detract from anyone who has a plugin related question. If you have questions about the decision behind core auto-updates, please ask the Core team 🙂
  - David Anderson 9:14 pm on May 17, 2018
    
    Hi Mika,
    
    The release post on make.wordpress.org/core doesn’t have comments enabled? (https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/)
    - Ipstenu (Mika Epstein) 9:25 pm on May 17, 2018
      
      You’re looking for https://make.wordpress.org/core/ – either the devchat post or the one about the update would be a better choice.
      - Ian Dunn 9:12 pm on May 18, 2018
        
        There’s also https://core.trac.wordpress.org/ticket/43492, which may be relevant.
johnalarcon 3:27 am on May 18, 2018

This is super helpful, thanks! Just upgraded to 4.9.6 and testing out the new GDPR processes. The code examples are really appreciated, too.

One thing: it’s obvious how to initiate a request for a user’s data on the backend as an admin, but how does the actual user go about making such a request for export or erasure?
- Ipstenu (Mika Epstein) 1:47 pm on May 18, 2018
  
  That’s a core question, not a plugin one. The answer would be “You tell them how to in your privacy form” – like a line to email you.
Aurovrata Venet 7:23 am on May 18, 2018

Thank you for this post, very useful. I have 2 questions wrt collecting/saving private data.
1 – One of my plugins allows saving a form submission to a post. So in theory the plugin is helping a site developer collect potentially private data through the forms they have on their site and saving this to the DB. In this case is it the plugin’s responsibility or the site developer who is building the form ? Should I in any case put a Privacy policy text?

2- The Privacy policy text helpers you link to are pointers rather than actual examples. Are there other resources available in drawing up a suitable text for our plugins ?
- Ipstenu (Mika Epstein) 1:50 pm on May 18, 2018
  
  As I said at the top, we aren’t lawyers.
  
  1. I recommend EVERY plugin have a privacy statement.
  
  2. Since every plugin is different, you’ll have to research that on your own, based on the specifics of what your plugin does. Start by reading up on what GDPR is trying to accomplish.
Pieter 1:31 pm on May 18, 2018

Is there a way to remove the Privacy Settings page from my install? Although I appreciate the effort, I like to roll my own and have no need for all this added to my install.
- Ipstenu (Mika Epstein) 1:48 pm on May 18, 2018
  
  That’s a core question, not a plugin one.
  - Pieter 9:19 pm on May 18, 2018
    
    That’s a core question, not a plugin one.
    
    Huh? What does that even mean?
    
    Fortunately someone else was more helpful by pointing out this plugin that does exactly what I asked.
    - Ipstenu (Mika Epstein) 10:31 pm on May 18, 2018
      
      I mean what you asked was not a question about adding a privacy policy to your plugin, nor was it about the code being used to do so. So this would be asking of core “Hi, how do I remove this feature” versus asking the plugins team who is trying to keep things on topic here 🙂
ahmedabbasali 3:10 pm on May 20, 2018

How customer can request his personal data from front-end should we create API to call a function in WordPress to send activation code to customer or there is a way WordPress added to help in this situation or it’s intended that customer should contact site admin to request his data ?
- Ipstenu (Mika Epstein) 7:59 pm on May 22, 2018
  
  That question is off topic and a bit more something you should ask in make/core – However to get you started: It’s up to each site to determine how they want to accept/process these requests. It can be via email, a contact form, or a 3rd party service if that’s what they want to do.
  
  https://developer.wordpress.org/plugins/privacy-related-options-hooks-and-capabilities/ is a good place to start
Tazo Todua 5:03 pm on May 20, 2018

Is this enough to put in the end of Readme.txt of my plugin?

== Privacy Policy ==
Plugin doesn’t collect any private data.
- Ipstenu (Mika Epstein) 7:57 pm on May 22, 2018
  
  Don’t put it at the ‘end’ – put it in the description so people see it faster (mostly because this really matters)
JointByte 4:06 pm on June 5, 2018

Remember, it is not just the hooks and functionality that you build, you are likely to be running one or more plugins that might put you at risk. Make sure you patching plugins that could be the difference between you and compliance.
ccprog 11:07 pm on June 9, 2018

Please, make sure the reference is updated with the new hooks and functions. I’ve just spent half a day finding the relevant source code, because the handbook didn’t contain the information I needed. (file.php, ajax-actions.php, misc.php – was this a contest to hide the code in the most un-findable locations?)

Comments are closed.

WordPress.org

Welcome to the official blog for the Plugin Review Team.

Communication

Does This Impact You?

Privacy Means Disclosure

Some Code To Help

Update Your Plugins