Support » Requests and Feedback » gdpr and plugins – mark compatible plugins?

  • Hi @all,

    are there any plans to mark plugins or themes that are gdpr-compatible?
    Since this will affect all sites in EU I guess it would be a great help for the wordpress users here.

    Maybe plugin developer who add a data-privacy description about how the plugin works and make sure that the plugin doesn’t send or stores data unless users agree could be rewarded with some sort of “trust-seal” or something similar?

    I am not sure if it was suggested already, but a search didn’t bring up anything. If this wasn’t the right place to post this or if its discussed anywhere else please point me to the right thread 🙂

    Cheers

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    are there any plans to mark plugins or themes that are gdpr-compatible?

    I hope not!

    *Drinks coffee*

    GDPR compliance isn’t a matter of scanning code in an automated process. When an author uploads a plugin for the first time it gets reviewed before being accepted. But when updates to that plugin happens, that does not get reviewed by anyone.

    A plugin can “claim” GDPR compliance but then get updated and collect user information without telling anyone.

    That is why I hope that there will never be any effort to mark plugin in compliance with anything other than the WordPress plugin guidelines.

    Hi Jan,

    your line “drinks coffee* makes me wonder if you were interested in a discussion at all. But I marked this topic as unresolved and not a support question because I would like to hear more than just one opinion.

    Maybe its not very clear what I meant, but don’t you think it would be something positiv if developer, who make this extra effort and let review the updates too (by whomever) would be rewareded?

    And since the new laws are pretty strict it would force all users – even none-commercials and users with no programming-skills to review EVERY single update and garantuee to their users that everything is ok? Wouldn’t that be the death of a lot of free and hobby blogs and even small businesses?

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    your line “drinks coffee* makes me wonder if you were interested in a discussion at all.

    I am interested in discussion. That was an attempt at humor. So was “I hope not!” with an exclamation point. I’m sorry that was lost on you.

    but don’t you think it would be something positiv if developer, who make this extra effort and let review the updates too (by whomever) would be rewareded?

    No, I don’t think it would be positive at all. I believe that lead to developers gaming that system to dupe users with a meaningless tag. By “gaming” I mean that some authors will add that just to get clicks without any knowledge of what that even means.

    And since the new laws are pretty strict it would force all users – even none-commercials and users with no programming-skills to review EVERY single update and garantuee to their users that everything is ok? Wouldn’t that be the death of a lot of free and hobby blogs and even small businesses?

    Not even a little death. I think you really need to review and understand those requirements. That’s part is not a topic for these forums and the EU has better places to look at that.

    GDPR and DSGVO are serious topics and relying on free open source authors to do your work for you is a poor decision. There are no service level guarantees or warranty of any kind for any software on this site.

    If you download and use a plugin or theme that claims compliance and it is not, then the author is not the one to deal with the consequences. You are responsible and held accountable. It is your site after all.

    No tag here will change that. Adding that as a WordPress.ORG feature will just help propagate a misunderstanding and put the burden of that compliance on the wrong people.

    Give this topic a read.

    https://wordpress.org/support/topic/gdpr-and-the-forum-of-wordpress-org/

    There’s a lot of incorrect ideas about GDPR out there and what software developers need to do for that compliance.

    Unfortunately, if any user has a concern about that then they should consult people who can answer that question with authority and a guarantee. That does mean code review sometimes and that does mean paying someone or company for that service.

    As @jdembowski has said, plugins being GDPR compliant is not so much the issue, and more so the services you use and the website itself ensuring it’s GDPR compliant and knowing what is happening with user data.

    In addition to this, most plugins don’t handle any user data anyway so some would not be marked as compliant (as they’re not explicitly compliant) because they don’t need to be as they don’t handle data. So it would be a tricky one to distinguish I think.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.