Support » Plugin: Yoast SEO » Privacy questions with current plugin

  • Resolved Ate Up With Motor

    (@ate-up-with-motor)


    Given the substantial back-end changes the plugin has recently undergone, I feel like it would be a good time to again ask some pertinent privacy-related questions about Yoast SEO. These are potential liability issues for many users, so they really could use a current response from Yoast.

    For all of these questions, I use the term “external” to mean “anything not on the server on which the plugin user’s website normally runs.”

    Question One: Does the plugin (particularly with its new indexing features) create additional registries, repositories, or logs of user personal data, such as the names, email addresses, and/or IP addresses of a website’s contributors and editors? If so, will that data be retrieved and/or removed by the WordPress core user data tools?

    Question Two: Does any function of the plugin involve communication with an external server, whether owned by Yoast or otherwise? What types of communication are involved? For example, this might include retrieving externally hosted resources like fonts, scripts, or blog feed data.

    Question Three: Does any function of the plugin as it now exists transmit data to any external service — whether that service is owned by Yoast or not — for processing? I assume that the Facebook, Google, and other social media authentication functions necessarily do so; are there others? If that transmitted data goes to a third-party service (e.g., to Google to authenticate a Webmaster Tools linkage), does Yoast have access to that data? Is that external data processing solely on an opt-in basis? If not, are there ways to opt out of it, such as by disabling certain functions?

    Question Four: Do any functions of the plugin in its present form alter or modify media files and/or their metadata, such as by altering image compression levels or changing file formats? If so, is there a way to prevent such alterations? (This isn’t a privacy question per se, but it also has potential liability implications for some users.)

    Again, the plugin’s back-end functionality also seems to have changed substantially in the current versions, which renews my concerns about these issues. The Yoast GDPR page doesn’t address these points in any detail and was written two years ago, so I’m not sure if it reflects the current functions of the plugin, and Yoast’s privacy policy seems orientated mainly toward the Yoast website rather than WordPress plugins.

    Under laws like the CCPA and GDPR, Yoast SEO users may be on the hook for stuff like this, legally speaking, and may have disclosure obligations as well as needing to understand what steps may be required to fully comply with Right to Be Forgotten/Right to Delete requests.

    Can we get an updated official statement on this?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.