{"id":37615,"date":"2018-05-17T16:50:44","date_gmt":"2018-05-17T16:50:44","guid":{"rendered":"https:\/\/developer.wordpress.org\/?post_type=plugin-handbook&#038;p=37615"},"modified":"2023-12-14T20:49:07","modified_gmt":"2023-12-14T20:49:07","slug":"privacy","status":"publish","type":"plugin-handbook","link":"https:\/\/developer.wordpress.org\/plugins\/privacy\/","title":{"rendered":"Privacy"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Are you writing a plugin that handles personal data &#8211; things like names, addresses, and other things that can be used to identify a person? You\u2019ll want to take care with that data and protect the privacy of your users and visitors.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is Privacy?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">WordPress.org made several enhancements ahead of Europe&#8217;s General Data Protection Regulation. Following the launch of this work, we have made Privacy a permanent focus in core trac development, which will allow us to continue making enhancements on privacy and data protection outside specific legislation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But what kind of issues might fall under the definition of &#8220;privacy&#8221;, and how do we define it? Although privacy requirements vary widely across countries, cultures, and legal systems, there are several general principles applicable across any situation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Consent and choice:<\/strong> giving users (and site visitors) choices and options over the uses of their data, and requiring clear, specific, and informed opt-in;<\/li>\n\n\n\n<li><strong>Purpose legitimacy and specification:<\/strong> only collect and use the personal data for the purpose it was intended for, and for which the user was clearly informed of in advance;<\/li>\n\n\n\n<li><strong>Collection limitation:<\/strong> only collect the user data which is needed; don\u2019t make extra copies of data or combine your data with data from other plugins if you can avoid it<\/li>\n\n\n\n<li><strong>Data minimization:<\/strong> restrict the processing of data, as well as the number of people who have access to it, to the minimum uses and people necessary;<\/li>\n\n\n\n<li><strong>Use, retention and disclosure limitation:<\/strong> delete data which is no longer needed, both in active use and in archives, by both the recipient and any third parties;<\/li>\n\n\n\n<li><strong>Accuracy and quality:<\/strong> ensure that the data collected and used is correct, relevant, and up-to-date, especially if inaccurate or poor data could adversely impact the user;<\/li>\n\n\n\n<li><strong>Openness, transparency and notice:<\/strong> inform users how their data is being collected, used, and shared, as well as any rights they have over those uses;<\/li>\n\n\n\n<li><strong>Individual participation and access:<\/strong> give users a means to access or download their data;<\/li>\n\n\n\n<li><strong>Accountability:<\/strong> documenting the uses of data, protecting it in transit and in use by third parties, and preventing misuse and breaches as much as is possible;<\/li>\n\n\n\n<li><strong>Information security:<\/strong> protecting data through appropriate technical and security measures;<\/li>\n\n\n\n<li><strong>Privacy compliance:<\/strong> ensuring that the work meets the privacy regulations of the location where it will be used to collect and process people\u2019s data.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">(Source: <a href=\"https:\/\/www.iso.org\/standard\/45123.html\">ISO 29100\/Privacy Framework standard<\/a>)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While not all of these principles will be applicable across all situations and uses, using them in the development process can help to ensure user trust.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Privacy By Design<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Many of these principles are espoused in the Privacy by Design framework, which states that:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Privacy should be proactive, not reactive, and must anticipate privacy issues before they reach the user. Privacy must also be preventative, not remedial.<\/li>\n\n\n\n<li>Privacy should be the default setting. The user should not have to take actions to secure their privacy, and consent for data sharing should not be assumed.<\/li>\n\n\n\n<li>Privacy should be built into design as a core function, not an add-on.<\/li>\n\n\n\n<li>Privacy should be positive sum: there should be no trade-off between privacy and security, privacy and safety, or privacy and service provision.<\/li>\n\n\n\n<li>Privacy should offer end-to-end lifecycle protection through data minimization, minimal data retention, and regular deletion of data which is no longer required.<\/li>\n\n\n\n<li>The privacy standards used on your plugin (and service, if applicable) should be visible, transparent, open, documented and independently verifiable.<\/li>\n\n\n\n<li>Privacy should be user-centric. People should be given options such as granular privacy choices, maximized privacy defaults, detailed privacy information notices, user-friendly options, and clear notification of changes.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Food for Thought for Your Plugin<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To help your plugin be ready, we recommend going through the following list of questions for every plugin that you make:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>How does your plugin handle personal data? Use wp_add_privacy_policy_content (link) to disclose to your users any of the following:\n<ul class=\"wp-block-list\">\n<li>Does the plugin share personal data with third parties (e.g. to outside APIs\/servers). If so, what data does it share with which third parties and do they have a published privacy policy you can provide a link to?<\/li>\n\n\n\n<li>Does the plugin collect personal data? If so, what data and where is it stored? Think about places like user data\/meta, options, post meta, custom tables, files, etc.<\/li>\n\n\n\n<li>Does the plugin use personal data collected by others? If so, what data? Does the plugin pass personal data to a SDK? What does that SDK do with the data?<\/li>\n\n\n\n<li>Does the plugin collect telemetry data, directly or indirectly? Loading an image from a third-party source on every install, for example, could indirectly log and track the usage data of all of your plugin installs.<\/li>\n\n\n\n<li>Does the plugin enqueue Javascript, tracking pixels or embed iframes from a third party (third party JS, tracking pixels and iframes can collect visitor\u2019s data\/actions, leave cookies, etc.)?<\/li>\n\n\n\n<li>Does the plugin store things in the browser? If so, where and what? Think about things like cookies, local storage, etc.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>If your plugin collects personal data\u2026\n<ul class=\"wp-block-list\">\n<li>Does it provide a personal data exporter?<\/li>\n\n\n\n<li>Does it provide a personal data eraser callback?<\/li>\n\n\n\n<li>For what reasons (if any) does the plugin refuse to erase personal data? (e.g. order not yet completed, etc) &#8211; those should be disclosed as well.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Does the plugin use error logging? Does it avoid logging personal data if possible? Could you use things like wp_privacy_anonymize_data to minimize the personal data logged? How long are log entries kept? Who has access to them?<\/li>\n\n\n\n<li>In wp-admin, what role\/capabilities are required to access\/see personal data? Are they sufficient?<\/li>\n\n\n\n<li>What personal data is exposed on the front end of the site by the plugin? Does it appear to logged-in and logged-out users? Should it?<\/li>\n\n\n\n<li>What personal data is exposed in REST API endpoints by the plugin? Does it appear to logged-in and logged-out users? What roles\/capabilities are required to see it? Are those appropriate?<\/li>\n\n\n\n<li>Does the plugin properly remove\/clean-up data, including especially personal data:\n<ul class=\"wp-block-list\">\n<li>During uninstall of the plugin?<\/li>\n\n\n\n<li>When a related item is deleted (e.g. from the post meta or any post-referencing rows in another table)?<\/li>\n\n\n\n<li>When a user is deleted (e.g. from any user referencing rows in a table)?<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Does the plugin provide controls to reduce the amount of personal data required?<\/li>\n\n\n\n<li>Does the plugin share personal data with SDKs or APIs only when the SDK or API requires it, or is the plugin also sharing personal data that is optional?<\/li>\n\n\n\n<li>Does the amount of personal data collected or shared by this plugin change when certain other plugins are also installed?<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">External Resources<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Privacy Blog <a href=\"https:\/\/privacy.blog\">https:\/\/privacy.blog<\/a><\/li>\n\n\n\n<li>WordPress.org Privacy Policy <a href=\"https:\/\/wordpress.org\/about\/privacy\/\">https:\/\/wordpress.org\/about\/privacy\/<\/a><\/li>\n<\/ul>\n","protected":false},"author":161792,"featured_media":0,"parent":0,"menu_order":6,"template":"","meta":{"footnotes":""},"class_list":["post-37615","plugin-handbook","type-plugin-handbook","status-publish","hentry","type-handbook"],"revision_note":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/plugin-handbook\/37615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/plugin-handbook"}],"about":[{"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/types\/plugin-handbook"}],"author":[{"embeddable":true,"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/users\/161792"}],"version-history":[{"count":12,"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/plugin-handbook\/37615\/revisions"}],"predecessor-version":[{"id":144977,"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/plugin-handbook\/37615\/revisions\/144977"}],"wp:attachment":[{"href":"https:\/\/developer.wordpress.org\/wp-json\/wp\/v2\/media?parent=37615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}