1. Jesse

    Glad to see WP.org is finally getting serious about legalities. The next step should be developing a full scale TOS and Privacy Policy, not only for users and contributors, but for their own team, and then consider ditching some of these other sub-section policies/guidelines. Currently the WordPress Foundation is poorly protected (and neither are plugin authors, etc) from things like liability, slander, etc.

    Compare this with e.g. GitHub:



    Staff at WP.org are arguably trying hard considering the lack of tools at their disposal, but interpretation of these various policies continues to be rather case-by-case, and is often based on personal whims rather than a sound legal (etc) framework.

    E.g. https://wordpress.org/support/topic/vastly-improve-plugin-reviews-with-this-one-weird-trick/

    E.g. https://make.wordpress.org/plugins/2017/12/28/guideline-update/


    • Miroslav Glavic

      How will the WP team follow legalities? EU has the cookie law for exame, where I live…Canada…we don’t have a cookie law.

      In the USA you can’t collect personal information from visitors under 13 (hence why you have to be 13+ to join facebook, twitter and so forth), many countries around the world do not.

      Automattic is HQ’d in San Francisco. Should WP.org follow US law? Hey, they don’t have to then follow the EU cookie and GDPR (or whatever) laws since they are European.

      Which laws should they comply with? They can’t follow all laws.


      • David Artiss

        From my understanding, and I’m certainly no expert, GDPR is a lot stricter than anything the US currently does – so, covering yourself with the GDPR is a good base to start from.

        If any of your users are from the EU then you are expected to abide by the GDPR. How can they enforce that if, say, you’re in the US? They can’t. BUT any third party you deal with that is from the EU can be fined for your lack of coverage – hence you’ll see such third-parties starting to ask you for details of what you’re doing about the GDPR.

        There’s really only 2 ways, I see, you can avoid GDPR – successfully Geo-block all EU citizens from your site (gonna be difficult due to VPN) or never deal with any third party from the EU. Except, the GDPR is not onerous – it’s a fair set of rules about user privacy.


  2. Jesse
  3. Miroslav Glavic


    since I can’t reply to your reply to my reply….here we go.

    I am all for cookie warnings and privacy for users. In general for sites I have worked at over the years, if you want your data removed, all you have to do is prove you are you and a list of what you want removed and I would usually remove it.

    There are sites that do the cookie warning thing like this:

    “Continual use of our site/services will mean you agree to our usage of cookies/TOS, if you don’t agree with that then (link)”.

    Couldn’t I just do that? Just like if I had a visitor to one of my sites with e-commerce, that visitor does not per say have to create an account but don’t expect a order history or anything like a refund or reward points if you don’t want an account


  4. Pankaj Wagh

    This is really a shocking news but I am happy that finally, WordPress shows some seriousness towards the Legalities.

    EU and northern America has different rules of cookies and thus, it is hard for the WordPress to cover all users from such countries.

    Hope, soon there will be a final solution which covers the law and legal issues too.


Comments are closed.

%d bloggers like this: