Problem in GDPR regulations provided by a wordpress plugin

  • fs5ve

    (@fs5ve)


    4 years, 2 months ago

    Hi,

    We, a group of researchers from University of virginia and John hopkins university are investigating the GDPR compliance issue for wordpress plugins. During the investigation,
    I have installed wordpresss 5.9 in my local machine. Later, I created one root and one regular user account in my local machine. After that, I installed profilepress (https://wordpress.org/plugins/wp-user-avatar/) plugin and activated it. By this time, I have some information (personal information) stored in the database. These days, to comply with GDPR, wordpress comes with data deletion and data access feature. So, to test that, I have made a request to delete my regular user from the database and approved it. In the request table, it showed the status to “completed”. But later when I select the data access, it exported that user’s data. I checked the database, I can still see all the information related to that user.

    Note that, I haven’t modified my code from the wordpress core, other than the configuration file.

    Can you please take a look at this issue? I can also share the screenshot of the whole process if needed. Please let me know if any other information needed.

    • This topic was modified 4 years, 2 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not a Requests and Feedback topic
    • This topic was modified 4 years, 2 months ago by Jan Dembowski. Reason: Corrected title

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator James Huff

    (@macmanx)

    4 years, 2 months ago

    Please report this by following the steps at https://make.wordpress.org/core/handbook/testing/reporting-bugs/

    Thanks!

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    4 years, 2 months ago

    Moved to Fixing WordPress, this is not a Requests and Feedback topic.

    After that, I installed profilepress (https://wordpress.org/plugins/wp-user-avatar/) plugin and activated it. By this time, I have some information (personal information) stored in the database.

    That means you have a GDPR issue with that plugin. You should raise a support topic in that plugin’s support forum instead.

    WordPress is opensource and the GDPR parts cover core only. Because it is opensource a plugin may do lots that may be contrary to good privacy practice. That’s not a WordPress issue, that’s a matter to raise with the plugin developers.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Problem in GDPR regulations provided by a wordpress plugin’ is closed to new replies.