[wp-trac] [WordPress Trac] #43631: Contents of About page hosted on third party server
WordPress Trac
noreply at wordpress.org
Tue Jul 17 09:43:34 UTC 2018
#43631: Contents of About page hosted on third party server
--------------------------+----------------------
Reporter: Ov3rfly | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Privacy | Version:
Severity: normal | Resolution: wontfix
Keywords: gdpr | Focuses:
--------------------------+----------------------
Comment (by Ov3rfly):
As there seems to be
[https://core.trac.wordpress.org/ticket/41316#comment:138 confusion] about
this matter:
The core about page (and other core features like
[https://core.trac.wordpress.org/ticket/41316#comment:136 #41316]) include
content from third party server.
This inclusion provides the user IP, browserinfo, website-url via referer
to a third party.
This behaviour voids [https://make.wordpress.org/core/tag/core-privacy/
#core-privacy] (formerly known as [https://make.wordpress.org/core/tag
/gdpr-compliance/ #gdpr-compliance]).
GDPR clearly defines 'personal data' and that you need to a) inform the
user what happens with this data and b) obtain user consent for sharing
this data with third parties.
Providing a GDPR compliant WordPress core is not about a "desired level of
hardening", "plugin territory" or "thinking a CDN has nothing to do with
GDPR", it is about complying with the existing laws.
WordPress core in its current state is not GDPR compliant.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43631#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list