The plugin review team has amended guideline number nine which states, developers and their plugins must not do anything illegal, dishonest, or morally offensive, to include the following statement:
- Implying that a plugin can create, provide, automate, or guarantee legal compliance
Mika Epstein, a member of the WordPress.org plugin review team, says the change was made because plugins by themselves can not provide legal compliance.
Sadly, no plugin in and of itself can provide legal compliance. While a plugin can certainly assist in automating the steps on a compliance journey, or allow you to develop a workflow to solve the situation, they cannot protect a site administrator from mistakes or lack of compliance, nor can they protect site users from incorrect or incomplete legal compliance on the part of the web site.
Mika Epstein
Since sites can have any combination of WordPress plugins and themes activated, it’s nearly impossible for a single plugin to make sure they’re 100% legally compliant.
Plugin developers affected by this change will be contacted by the review team and be asked to change their titles, descriptions, plugin header images, and or the text within the readme.
Instead of claiming compliance, the team has published a frequently asked questions document that recommends plugin authors explain how the plugin will assist in compliance. If you have any questions, please leave a comment on the announcement post.
Glad to see WP.org is finally getting serious about legalities. The next step should be developing a full scale TOS and Privacy Policy, not only for users and contributors, but for their own team, and then consider ditching some of these other sub-section policies/guidelines. Currently the WordPress Foundation is poorly protected (and neither are plugin authors, etc) from things like liability, slander, etc.
Compare this with e.g. GitHub:
https://help.github.com/articles/github-terms-of-service/
https://help.github.com/articles/github-privacy-statement/
Staff at WP.org are arguably trying hard considering the lack of tools at their disposal, but interpretation of these various policies continues to be rather case-by-case, and is often based on personal whims rather than a sound legal (etc) framework.
E.g. https://wordpress.org/support/topic/vastly-improve-plugin-reviews-with-this-one-weird-trick/
E.g. https://make.wordpress.org/plugins/2017/12/28/guideline-update/