Plugins Hosted on WordPress.org Can No Longer Guarantee Legal Compliance

Plugins Hosted on WordPress.org Can No Longer Guarantee Legal Compliance

The plugin review team has amended guideline number nine which states, developers and their plugins must not do anything illegal, dishonest, or morally offensive, to include the following statement:

  • Implying that a plugin can create, provide, automate, or guarantee legal compliance

Mika Epstein, a member of the WordPress.org plugin review team, says the change was made because plugins by themselves can not provide legal compliance.

Sadly, no plugin in and of itself can provide legal compliance. While a plugin can certainly assist in automating the steps on a compliance journey, or allow you to develop a workflow to solve the situation, they cannot protect a site administrator from mistakes or lack of compliance, nor can they protect site users from incorrect or incomplete legal compliance on the part of the web site.

Mika Epstein

Since sites can have any combination of WordPress plugins and themes activated, it’s nearly impossible for a single plugin to make sure they’re 100% legally compliant.

Plugin developers affected by this change will be contacted by the review team and be asked to change their titles, descriptions, plugin header images, and or the text within the readme.

Instead of claiming compliance, the team has published a frequently asked questions document that recommends plugin authors explain how the plugin will assist in compliance. If you have any questions, please leave a comment on the announcement post.

Read Full Article Here

Everything You Wanted to Ask a GDPR Expert but Were Afraid to Ask

Everything You Wanted to Ask a GDPR Expert but Were Afraid to Ask

If you’re like 99.9% of developers, site managers, agencies and freelancers, the last thing on your list of priorities for the past 2 years has been GDPR compliance. You have a million other tasks on your plate and dumping energy into government regulated data protection laws seems like a complete waste of energy. Especially when […]

Read Full Article Here

WPWeekly Episode 312 – Dragon Drop, WordPress Accessibility Statement, and WooCommerce GDPR

WPWeekly Episode 296 – Gutenberg, Telemetry, Calypso, and More With Matt Mullenweg

In this episode, John James Jacoby and I start the show by sharing our thoughts on Mark Zuckberberg’s congressional hearing. We then discuss what’s new in Gutenberg 2.6 and describe our user experience. We let you know what’s in WooCommerce 3.3.5 and discuss what the development team is doing to prepare for GDPR compliance.

Stories Discussed:

Gutenberg 2.6 Introduces Drag and Drop Block Sorting
Theme Review Changes Place More Onus Onto Theme Authors
WordPress Accessibility Statement
WooCommerce 3.3.5 Released
How WooCommerce is tackling GDPR

Picks of the Week:

AtomBlocks by Mike McAlister

WPWeekly Meta:

Next Episode: Wednesday, April 18th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #312:

Read Full Article Here

Jetpack 6.0 Takes Steps Towards GDPR Compliance

Jetpack 5.6.1 Increases Security of the Contact Form Module

Jetpack 6.0 is available for upgrade. It comes with improvements to the social media icons widget, enhanced brute force protection, and better compatibility between WooCommerce and Jetpack.

Its headlining features though are privacy related as the General Data Protection Regulation (GDPR) is set to go into effect May 25th. In 6.0, Jetpack has a dedicated privacy settings page that links to privacy documents and includes a way to opt-out of activity tracking.

These settings can be accessed by clicking the Privacy link at the bottom of the Jetpack Dashboard page.

Jetpack 6.0 Privacy Settings

The 'What Data Does Jetpack Sync' page outlines what data is used, how it's used, the relationship it has with the WordPress mobile apps, and provides an inside look at how Jetpack works.

These are the first steps towards GDPR compliance with more updates planned before the regulation goes into effect next month.

Read Full Article Here

GDPR: How it Affects WordPress Site Owners and Developers

GDPR: How it Affects WordPress Site Owners and Developers

If you haven’t been living under a rock for the last few months, there’s a very good chance you’ve heard of GDPR, or the General Data Protection Regulation. This is new legislation relating to personal data and how it’s stored. It’s European legislation but it will affect website owners and developers outside Europe, as if […]

Read Full Article Here

WPWeekly Episode 306 – AMP, GDPR, and Brewing Beer At The Boss’ House

WPWeekly Episode 296 – Gutenberg, Telemetry, Calypso, and More With Matt Mullenweg

In this episode, John James Jacoby joins me live from Hutchinson, KS, to talk about the news of the week. We started off the show discussing the GDPR and the number of things that need to be considered surrounding the right to be forgotten.

We also have a lengthy conversation about AMP, the open web, and Automattic’s relationship with Google. Last but not least, we discussed Automattic’s recent hiring of Kinsey Wilson to be president of the company.

Stories Discussed:

Matt Cromwell Hosts Matt Mullenweg in Q&A Gutenberg Interview
New Team Forms to Facilitate GDPR Compliance in WordPress Core
For one-time NPR and NYT digital chief, a new adventure: WordPress

WPWeekly Meta:

Next Episode: Wednesday, March 7th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #306:

Read Full Article Here

New Team Forms to Facilitate GDPR Compliance in WordPress Core

New Team Forms to Facilitate GDPR Compliance in WordPress Core

As May 25th, the enforcement date for the General Data Protection Regulation (GDPR) draws near, individuals and businesses are scrambling to make sure they’re compliant. I’ve read a number of blog posts throughout the WordPress community explaining the GDPR and what needs to be done for compliance and it’s a tough thing to grasp.

The EU GDPR was designed to harmonize data privacy laws across Europe, protect and empower European citizens data privacy, and reshape the way organizations across the region approach data privacy. In reading the regulation and various blog posts, the terminology makes it appear that the changes are geared towards large, international businesses that process personal data.

However, according to Heather Burns, a digital law specialist in Glasgow, Scotland, the GDPR affects sites large and small.

GDPR applies to all businesses, organizations, sectors, situations, and scenarios, regardless of a business’s size, head count, or financial turnover. A small app studio is every bit as beholden to these rules as a large corporation.

Determining if your site needs to be compliant and how to accomplish it can be overwhelming. If you do business in Europe or collect data from European users, you must protect that data in accordance with the GDPR as if you were in Europe. For example, if you operate a blog with a contact form that saves entries to the database from people who live in Europe, you must make your site GDPR compliant.

There are a lot of aspects to the GDPR and while an excerpt can not fully explain it at a glance, there are a few themes that stick out to me.

  • Be upfront and concise about what data is stored, sent, and used on the site or form.
  • Give the user a chance to consent without automatically opting them in.
  • Collect the least amount of data possible for legitimate business purposes.
  • Provide a way for users to download or access their data and remove it.

Many of these are common sense practices that are not implemented on many sites, WP Tavern included. How often do you visit a site’s contact form and see an explanation as to why those fields are required, where the data is stored, where it goes, and what is done with it? This is something I’ll be working on in the next few weeks.

Making WordPress Core GDPR Compliant

Earlier this month, a number of volunteers gathered to discuss GDPR compliance in WordPress core. The meeting took place in a newly created channel #gdpr-compliance that’s accessible to anyone with a SlackHQ account.

The team created a proposed roadmap to add privacy tools to core. The plan includes the following ideas:

  • Add notices for registered users and commenters on what data is collected in core by default and explain why.
  • Create guidelines for plugins on how to become GDPR compliant.
  • Create and add tools to facilitate compliance and privacy in general.
  • Add documentation and help for site owners to learn how to use these tools.

Earlier today, the team met and created a GitHub folder that houses the roadmap, knowledge base, trac ticket list, and other items associated with the project. There was also some discussion on whether the interface provided by the GDPR for WordPress project is a good foundation for core and plugins to report personal data. The GDPR Compliance Slack channel is also a good place to ask questions and discuss data privacy in general.

Popular form plugins such as GravityForms and NinjaForms have documentation available that explains GDPR compliance and how it applies to their products. For those who use the Contact Form module in Jetpack which saves entries to the database by default, you’ll need to wait for further updates. WooCommerce and Automattic have announced that they expect their products will be GDPR compliant by the time it goes into effect later this year.

GDPR Resources

If you’re like me, reading about the GDPR and its policies can make your head spin. It’s important to keep in mind that at the heart of the GDPR are common sense behaviors for handling personal data. If you’d like to learn more about the GDPR, check out the following resources.

Read Full Article Here

WPWeekly Episode 298 – GDPR, User Privacy, and More With Heather Burns

WPWeekly Episode 296 – Gutenberg, Telemetry, Calypso, and More With Matt Mullenweg

In this episode, John James Jacoby and I are joined by Heather Burns, Founder of WebDevLaw. We have a lengthy discussion about GDPR (General Data Protection Regulation), what it is, what’s at stake, and its potential impacts on the WordPress ecosystem. We also discuss the cultural differences between the North American and European views on user privacy.

When asked what she hopes to see as we approach May of 2018, Burns replied:

“I want to see all hands on deck making WordPress a force for good, that people can trust, and that people can be empowered to change for the better. Don’t let the fact that it involves law put you off. GDPR is a toolkit for empowerment, it’s a means for protecting and safeguarding your users in these quite scary times we’re living in. And it will make you a better developer and site administrator in the end.”

For questions related to GDPR or how to make your site or WordPress plugins compliant, please get in touch with Burns. You can also view her presentation on WordPress.TV from WordCamp Belfast, 2016.

Stories Discussed:

WP Site Care Acquires WP Radius

Picks of the Week:

Frontenberg by Tom J. Nowell is a new site that displays Gutenberg to the frontend of WordPress. It allows visitors to tinker with Gutenberg without having to login to a site or install a plugin.

John gave props to Renato Alves who has been working on adding WP-CLI support for bbPress and BuddyPress.

WPWeekly Meta:

Next Episode: Wednesday, December 27th 18th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Listen To Episode #298:



Read Full Article Here