-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add privacy best practices section #229
Add privacy best practices section #229
Conversation
627c894
to
d9df497
Compare
d9df497
to
72e781f
Compare
PS: Gabe has reviewed this ahead of my submission |
Hey @adamsilverstein, thanks for putting this together. My first thought is what about businesses that don't operate in the EU, for example, a hospital in the USA. Not sure the right move is the everyone should follow those standards. Also, it seems like each bullet is geared towards entire websites. What if we are just building a feature or a plugin? There are certain things in the list that seem a bit copy/paste and without context: We can discuss in a meeting but the more I think about it the more I lean towards just linking people to GPDR constraints and providing some generalized best practices e.g. document how user data is stored and ensure it complies with applicable laws. |
@tlovett1 thanks for the review, lets discuss further. Ideally, i'd like to provide a high level overview to developers about privacy considerations, without being too prescriptive.
Great question and something we can address here. Since these laws affect EU citizens, the rules would apply to businesses that have significant interactions with EU citizens. A US hotel with many European guests for example would want to consider these laws. Ultimately, these considerations are valuable regardless of the law, and I expect we will see US law follow the direction of EU law in this area.
💯 Really trying to provide that generalized advice here. I'll take a pass at altering the language and adding some links. |
@tlovett1 @adamsilverstein I've added some more introductory text and a WordPress-specific section, and removed a couple of items that were too regulation-specific. Does this seem better? I'm also going to open a new issue to propose that we rename this page from |
@helen I think this looks really good. I left one small comment. |
@tlovett1 I've converted the section to be more prose-like now. |
_includes/markdown/Structure.md
Outdated
|
||
#### Data capture should be secure and respect individual rights. | ||
|
||
Consent must be given before the collection of personal data, both for the type of data and the purpose. Make sure consent is clear and not opted-in by default. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this include IP address/location? If so, would we want to do this outside of a GDPR compliant website?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think the actual regulation matters so much as this being what "designing for privacy" means. And yes, it would include IP address and location.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the issue here has to do with what we consider to be "personal" data. It is not, for example, my view (or I think an objective reading of GDPR's view) that stock data collected by Google Analytics (that's not augmented programmatically) does not constitute anything like personal information or require disclosure. That said, many implementing GDPR are opting for a much more cautious approach, and IMO, creating a terrible UX that requires an opt in even for basic and effectively anonymized analytic data (or cases where data may not anonymized - i.e. ad trackers - but we're not collecting new data) that's especially confusing and toxic for non sophisticated visitors. Meaning, this directive in our best practices is rather vague in terms of understanding implementation guidance.
My view is that we should create an alternative practice that is similar to this, but makes it clear that by personal data we mean associated clearly identifiable information about the visitor including collection of name, DOB, phone number, email address (etc) in a contact form or by some other third party tracker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated the language slightly here in 550e6c0
_includes/markdown/Structure.md
Outdated
|
||
Ensure the site includes a clear, easy to understand, and easily accessible privacy policy that complies with any applicable guidelines. All collection, retention, sharing and use of personal data should be described in the site privacy policy. | ||
|
||
Ensure there is a process in place to let users easily request access to their data and to manage and report any data breaches. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to mandate this for non-GDPR websites?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Best practices are not a mandate, are they? These all seem like good things to design privacy features around anytime you're collecting user data. I guess whether we agree on that as a company is the question :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's a happy medium here which makes it sound like this is not 10up's responsibility to devise this process and make it clear that this doesn't have to be time consuming for engineering, i.e.:
"Encourage the site owner / manager to ensure that there is a process in place to let users easily request access to their data and to manage and report any data breaches. From a development perspective, this can be as basic as including contact information in the privacy policy."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated in d4fe977
@adamsilverstein @jeffpaul anything going on with this one? Looks like it has a merge conflict now |
@timwright12 this is on my list to review/update, but honestly farther down in priority than some other things. If this is something you'd like to get merged sooner rather than later, then I can look to get back to this in the next week or so; please let me know... thanks! |
…damsilverstein/Engineering-Best-Practices into feature/privacy-best-practices
I resolved the merge conflict and addressed the most recent feedback from @jakemgold |
@jeffpaul Needs an update to reflect more recent WP, I think :) I don't recall needing anything else besides feedback that was left as review comments. It's probably worth a check-in with engineering leadership to see if any specific concerns and solutions have come up in client work that run counter to anything here or could augment with recommendations. |
Fixes #220