postphotos
commented
5 years ago Thanks @gidgey - we'll work on this.
Open gidgey opened 5 years ago
postphotos
commented
5 years ago Thanks @gidgey - we'll work on this.
The WordPress project wants to make it simple for site owners to protect the privacy rights of their users, and to help sites comply with data regulations. To make that possible, the global contributors to WordPress have recently established a permanent team to work on a range of privacy and data protection issues across the WordPress.org ecosystem. After the Core Privacy Group worked to ship several tools for website administrators ahead of Europe's GDPR in May 2018, the attention is now on how sites can go beyond legally-mandated baselines and to better work with privacy in mind in all decisions. Developing for the Future
One unique challenge in developing for privacy is a rapidly-changing legal landscape. With data breaches and privacy scandals becoming routine headline news, many new privacy laws are advancing through legislatures around the world, and no one quite knows what rules we will be operating under in a few years. This could introduce uncertainty into web projects. What’s more, the perception of privacy as a legal problem (as opposed to a guiding principle) means that sites often ignore the issue altogether.
The WordPress project’s core privacy team is tackling this challenge in a couple of ways. The first is by using established best practices as a guiding principle, not specific legal requirements. These are internationally recognized guidelines toward user privacy, including:
Personal data minimization Personal data integrity Purpose minimization Lifecycle limitation Human and technical security Transparency and notice User participation and rights Accountability, enforcement, and redress Choice, control, and consent Special categories of data Legal compliance
The Group is also working across open source projects and communities to contribute to a shared best practice definition of privacy outside specific regulations and laws so that other software projects can benefit from our expertise.
The Core Privacy Group works to the Privacy by Design (PbD) development framework, an approach which seeks to identify and mitigate privacy issues before they happen. This framework also gives the team a toolkit to evaluate existing aspects of typical WordPress.org sites, especially from a core perspective, for possible improvements.
By working on privacy enhancements tied to best practice standards and by using the PbD framework as a means of creating a healthy baseline, the Core Privacy Group will effectively stay ahead of the law. As new legal requirements do come in, the effort to create specific compliance features will be reduced as the groundwork in understanding the platform will already have been completed.
The second way that the WordPress project’s Core Privacy Group is staying ahead of the changing legal landscape is by proactive monitoring of the landscape. As legislatures around the world draft various proposals on privacy, it’s important to understand what they could mean on the code levels so that any ensuing compliance work can be identified, mapped out, and completed well in advance of our users’ deadlines and ensuring the efforts mirror those new regulations.
This unique approach—viewing privacy as positive means of facilitating user protection rather than a negative obligation to meet a legal deadline, and monitoring future privacy regulations to build in compliance tools well in advance—will help ensure that WordPress remains a safe choice for site administrators to protect user privacy, their customers, and themselves as it scales beyond a third of the internet. Roadmap The group has identified several areas of focus for their future work: Gravatar privacy controls Embed privacy controls Plugin and theme privacy Consent and logging Front end-initiated user requests WP-CLI support Multisite support Gutenberg blocks The California Consumer Privacy Act (CCPA) and the EU ePrivacy Directive revamp
The full roadmap is available here. Community education The Core Privacy Group is working to educate the WordPress community about its work. Several WordCamp talks about the Core Privacy Group have also been given or submitted, including at Europe, London, Belfast, Rome, New York City, Seattle, Orlando, Orange County, Edinburgh, and US (and also at Drupal Europe.) How to participate The WordPress Core Privacy Group is always looking for new members to help develop, bug squash, write patches, test our existing privacy tickets, and create new enhancements and changes for the areas in our roadmap.
Office hours are 1700 UTC on Wednesdays in #core-privacy on the Making WordPress Slack Bug scrubs are Mondays at 1500 UTC W.org core component homepage Core Privacy roadmap GDPR/Privacy Docs (Github) Privacy Handbook for Developers Open Privacy tickets in Trac