Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add privacy best practices section #229

Conversation

adamsilverstein
Copy link

@adamsilverstein adamsilverstein commented May 9, 2018

  • Aims to guide developers on best practices around privacy.
  • Project structure was the best place I could find for this information without creating a new section. Maybe we can change this section name to 'Project Practices' or something like that.

Fixes #220

@adamsilverstein adamsilverstein force-pushed the feature/privacy-best-practices branch from 627c894 to d9df497 Compare May 9, 2018 13:33
@adamsilverstein adamsilverstein force-pushed the feature/privacy-best-practices branch from d9df497 to 72e781f Compare May 9, 2018 13:36
@adamsilverstein adamsilverstein changed the title Feature/privacy best practices Add privacy best practices section May 9, 2018
@adamsilverstein adamsilverstein requested a review from tlovett1 May 15, 2018 19:09
@adamsilverstein
Copy link
Author

PS: Gabe has reviewed this ahead of my submission

@tlovett1
Copy link
Member

Hey @adamsilverstein, thanks for putting this together.

My first thought is what about businesses that don't operate in the EU, for example, a hospital in the USA. Not sure the right move is the everyone should follow those standards.

Also, it seems like each bullet is geared towards entire websites. What if we are just building a feature or a plugin?

There are certain things in the list that seem a bit copy/paste and without context:
Lawful Basis: ensure that data captured and processed fits into one of the 6 lawful reasons

We can discuss in a meeting but the more I think about it the more I lean towards just linking people to GPDR constraints and providing some generalized best practices e.g. document how user data is stored and ensure it complies with applicable laws.

@adamsilverstein
Copy link
Author

@tlovett1 thanks for the review, lets discuss further. Ideally, i'd like to provide a high level overview to developers about privacy considerations, without being too prescriptive.

My first thought is what about businesses that don't operate in the EU, for example, a hospital in the USA. Not sure the right move is the everyone should follow those standards.

Great question and something we can address here. Since these laws affect EU citizens, the rules would apply to businesses that have significant interactions with EU citizens. A US hotel with many European guests for example would want to consider these laws. Ultimately, these considerations are valuable regardless of the law, and I expect we will see US law follow the direction of EU law in this area.

the more I think about it the more I lean towards just linking people to GPDR constraints and providing some generalized best practices e.g. document how user data is stored and ensure it complies with applicable laws.

💯 Really trying to provide that generalized advice here. I'll take a pass at altering the language and adding some links.

@helen
Copy link
Contributor

helen commented Aug 7, 2018

@tlovett1 @adamsilverstein I've added some more introductory text and a WordPress-specific section, and removed a couple of items that were too regulation-specific. Does this seem better? I'm also going to open a new issue to propose that we rename this page from Structure to Design.

@tlovett1
Copy link
Member

tlovett1 commented Sep 5, 2018

@helen I think this looks really good. I left one small comment.

@helen
Copy link
Contributor

helen commented Oct 23, 2018

@tlovett1 I've converted the section to be more prose-like now.


#### Data capture should be secure and respect individual rights.

Consent must be given before the collection of personal data, both for the type of data and the purpose. Make sure consent is clear and not opted-in by default.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this include IP address/location? If so, would we want to do this outside of a GDPR compliant website?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the actual regulation matters so much as this being what "designing for privacy" means. And yes, it would include IP address and location.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the issue here has to do with what we consider to be "personal" data. It is not, for example, my view (or I think an objective reading of GDPR's view) that stock data collected by Google Analytics (that's not augmented programmatically) does not constitute anything like personal information or require disclosure. That said, many implementing GDPR are opting for a much more cautious approach, and IMO, creating a terrible UX that requires an opt in even for basic and effectively anonymized analytic data (or cases where data may not anonymized - i.e. ad trackers - but we're not collecting new data) that's especially confusing and toxic for non sophisticated visitors. Meaning, this directive in our best practices is rather vague in terms of understanding implementation guidance.

My view is that we should create an alternative practice that is similar to this, but makes it clear that by personal data we mean associated clearly identifiable information about the visitor including collection of name, DOB, phone number, email address (etc) in a contact form or by some other third party tracker.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the language slightly here in 550e6c0


Ensure the site includes a clear, easy to understand, and easily accessible privacy policy that complies with any applicable guidelines. All collection, retention, sharing and use of personal data should be described in the site privacy policy.

Ensure there is a process in place to let users easily request access to their data and to manage and report any data breaches.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to mandate this for non-GDPR websites?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Best practices are not a mandate, are they? These all seem like good things to design privacy features around anytime you're collecting user data. I guess whether we agree on that as a company is the question :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there's a happy medium here which makes it sound like this is not 10up's responsibility to devise this process and make it clear that this doesn't have to be time consuming for engineering, i.e.:

"Encourage the site owner / manager to ensure that there is a process in place to let users easily request access to their data and to manage and report any data breaches. From a development perspective, this can be as basic as including contact information in the privacy policy."

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated in d4fe977

@timwright12
Copy link
Contributor

@adamsilverstein @jeffpaul anything going on with this one? Looks like it has a merge conflict now

@jeffpaul
Copy link
Member

jeffpaul commented Nov 5, 2019

@timwright12 this is on my list to review/update, but honestly farther down in priority than some other things. If this is something you'd like to get merged sooner rather than later, then I can look to get back to this in the next week or so; please let me know... thanks!

@adamsilverstein
Copy link
Author

I resolved the merge conflict and addressed the most recent feedback from @jakemgold

@jeffpaul jeffpaul removed their assignment Nov 6, 2019
@jeffpaul jeffpaul requested a review from tlovett1 June 18, 2020 21:31
@jeffpaul
Copy link
Member

jeffpaul commented Jul 7, 2020

@tlovett1 @helen any further changes you'd like to see on this?

@helen
Copy link
Contributor

helen commented Jul 7, 2020

@jeffpaul Needs an update to reflect more recent WP, I think :) I don't recall needing anything else besides feedback that was left as review comments. It's probably worth a check-in with engineering leadership to see if any specific concerns and solutions have come up in client work that run counter to anything here or could augment with recommendations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add section on user data and privacy
7 participants