[wp-trac] [WordPress Trac] #55062: GDPR compliance: Loading gravatars from gravatar.com might pose a problem.
WordPress Trac
noreply at wordpress.org
Thu Feb 3 15:24:06 UTC 2022
#55062: GDPR compliance: Loading gravatars from gravatar.com might pose a problem.
--------------------------+-----------------------------
Reporter: BjornW | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version:
Severity: critical | Keywords:
Focuses: privacy |
--------------------------+-----------------------------
A German court ruled the use of external Google webfonts to be in
violation of the GDPR. See [https://wptavern.com/german-court-fines-
website-owner-for-violating-the-gdpr-by-using-google-hosted-fonts this
article on WPTavern].
As far as my understanding goes, the German court came to this ruling
because the website in question was loading external assets without
consent nor legitimate interest.
I think WordPress might have a similar problem with the use of
gravatar.com in wp-admin.
As far as I know the user has not been asked for permission to load
gravatar assets nor is there a legitimate interest for the use of
Gravatars in an out-of-the-box WordPress installation.
Therefor I belief WordPress might be not compliant with the GDPR at this
moment.
I'd also suggest to investigate if any other external loading of external
assets (fonts, images etc) is happening and if the exchange of information
needed for update checks does comply with the GDPR.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55062>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list