GDPR, Privacy and WordPress

Over the last few weeks and months if you’ve been on any kind of email subscription list you have undoubtedly had at least one email (likely with a pleading tone!) asking you to re-confirm your permission to receive emails. These emails have all been prompted by the new General Data Protection Regulations, or more commonly by the acronym GDPR which is in force under EU Law as of May 25th 2018.

These impending regulations coupled with the fallout from the high profile Facebook / Cambridge Analytica data mis-use has brought the whole issue of data protection, privacy and handling of user data to the forefront of people’s minds. The consequences of mis-use of personal data provided to websites have been shown to be potentially far reaching.

Personal Data and Privacy

In the light of both GDPR and Facebook’s privacy issues the development community around WordPress has been quick to respond with enhancements to increase its compliance with the requirements of GDPR. WordPress 4.9.6 was released 17th May was a minor update in version numbering but added a few new settings and controls in the WordPress backend to help with compliance, the following is quick overview of what has been added and what the intentions are behind them.

After updating to 4.9.6 you will see a popup highlighting the new “Personal Data Export and Erasure” features that have been added to the Tools menu, along with a new Privacy feature in the Settings menu.

Privacy Policy

Accessing the new Privacy feature in the Settings menu will show a general overview of why you may need to add a Privacy Policy page to your website. Whilst GDPR is currently the most prominent regulation which may affect the legal need for a privacy policy page there are also other regulations in place around the world.

You can then select an existing Privacy Policy page if you have one or you can click the “Create New Page” option which will add a new page to your site with suggested privacy policy content, which you can then edit. Some of this content is more broad generic privacy information but some such as the “Comments” section details information that may be held when users comment on your WordPress site. So even if you do not have users logging in to your website it is important to note that the process of simply leaving a comment on your website involves the person doing so to provide some personal information in this process and the saving of cookies in the user’s browser. Subsequently there is a new permission checkbox on comment forms to allow users to explicitly consent to this.

Export Personal Data

In the Tools menu there are two new features added to provide a way to manage the personal data of specific users’ data on your website. Regulations like GDPR require that users are able to request to see all of the data that your website may hold about that user, the new “Export Personal Data” function allows you to enter the email address of a user which will then email a link to a zip file of all of the data held relating to that email address.

Erase Personal Data

The second new addition to the Tools menu is the “Erase Personal Data” function. This provides a way for any identifying information related to a user to be erased from the site. It’s worth noting that this doesn’t delete actual comments from the site but it does remove any way for these to be identified either on the front-end or back-end of the website.

You enter the email address of the user requesting erasure of their personal data into the field and then this will send out an email to the user asking them to confirm the erasure of their data, so it puts the ultimate control of this data in the user’s hands.

Are you a plugin developer?

If you are a WordPress plugin developer then hopefully you haven’t been oblivious to these changes that have been happening in WordPress core, but if not then it’s worth taking a look at the update guide for WordPress 4.9.6 as there is some impact on plugin developers. Particularly if your plugin handles any personal user data then this may be extremely important for you to get up to speed on: https://make.wordpress.org/core/2018/05/17/4-9-6-update-guide/

You should also have a good read through the Privacy section of the Plugin handbook: https://developer.wordpress.org/plugins/privacy/

What next?

These tools in WordPress core are just the start of an increased focus on user privacy and data security within WordPress and the many plugins in the WordPress ecosystem. You can expect some further additions in future releases and in particular new features added to third-party plugins in the interest of data protection and privacy.

Also on:

Pushing Boarders

“Pushing Boarders” is a free 3 day event taking place on 1st-3rd June 2018 at the House of Vans skatepark in London:

A unique line-up of pro-skaters, community groups, NGOs, policy-makers and academics present a series of talks and Q&As exploring the social impact of skateboarding worldwide

There’s an amazing lineup of speakers for this event too so worth checking out if you’re in London or can make the trip there.

www.pushingboarders.com

Also on:

Design Canada documentary

I just came across this new documentary “Design Canada” coming out soon, it looks really interesting:

Through the lens of graphic design, Design Canada follows the transformation of a nation from a colonial outpost to a vibrant and multicultural society.

Also on:

Instagram-api-ocalypse

If you use the standard “Instagram Platform API” for anything then it’s worth noting that planned deprecations have just been brought forward as of 5th April 2018. It seems like this is going to cause quite a few apps to break and result in a lot of unhappy developers:

To continuously improve Instagram users’ privacy and security, we are accelerating the deprecation of Instagram API Platform, making the following changes effective immediately. We understand that this may affect your business or services, and we appreciate your support in keeping our platform secure.

These capabilities will be disabled immediately (previously set for July 31, 2018 or December 11, 2018 deprecation). The following will be deprecated according to the timeline we shared previously:

Preston Watson – Dundee’s aviation pioneer

I was watching a documentary about the 100th centenary of the UK’s Royal Air Force today and in particular it looked at the early aircraft used in World War 1.

I was reminded that Dundee has a history of innovation in the early days of flight. Preston Albert Watson built and flew aircraft in and around Dundee, at times from a makeshift runway in Errol. There’s a lot of debate as to when he first flew, some records point to it happening prior to the Wright Brothers first powered flight, however this is largely held to be inaccurate.

Regardless though, Preston Watson is definitely another innovator from Dundee who should perhaps be a bit more widely known.

You can read a lot more about him on Wikipedia: https://en.m.wikipedia.org/wiki/Preston_Watson

Also on:

A Newscaster’s guide to alternative snow related neologisms

Newscasters! Are you tired of having only a limited choice of words to emphasise the strength or impact of severe snow-specific weather events? Don’t want to use the old chestnuts of “snowpocalypse”, “snowmageddon”, “snowtastrophe” or “snownami”? Then this handy list of alternative neologisms may* just be what you need!

  • Snowballistic
  • Snowfliction
  • Absnowmination
  • Snowlamity
  • Snowasco
  • Desnowlation
  • Snowlocaust
  • Snowgedy
  • Snowbacle
  • Snowmergency
  • Snowplexed
  • Snowcessity
  • Snowdicament
  • Snowlemma
  • Insnowferrable
  • Snowayitcanbethatbad
  • Snowmyfault

* Usefulness, accuracy and / or relevance of these alternative neologisms may vary, contents may have settled during transit, batteries not included.