WordPress 4.9.6 Beta 1 is available for testing. It’s the first step in bringing GDPR (General Data Protection Regulation) tools to WordPress. In addition to 10 bugs being fixed, this release heavily focuses on privacy enhancements.
Personal Data Export and Removal Tools
Once a request for a data export or removal is received, site administrators or the Data Protection Officer can browse to Tools > Export Personal Data or Tools > Remove Personal Data and send that user a verification request.
When an admin enters a username or email address into the send request field, they’ll receive an email with a confirmation link. Once clicked, the site will display an Action Confirmed notice and that the site administrator has been notified and will fulfill the request as soon as possible.
Here’s what a confirmed notice looks like in the backend.
One thing I noticed is that after a user confirms the request, the site administrator has no way of knowing that they confirmed unless they visit the Data Export or Removal page.
Perhaps a new notification bubble can be created, similar to pending comments and updates that takes admins to the appropriate place for confirmed requests.
When WordPress finishes creating the zip file, a link is sent to the user. For security purposes, the file will automatically be deleted after 72 hours.
To test this feature, I exported my personal data from WP Tavern. My data export arrived in a zip file as one Index.html file. This file contains my comments, user meta data, links to attachments, and more. The data provides me with an opportunity to see what data the site has and what would be deleted if I requested full data removal.
Commenter Cookie Notification and Opt-in
Cookies save data so that visitors don’t have to fill in the Author, URL, and Email fields each time they want to leave a comment. In 4.9.6, visitors will be informed of this data storage and will need to check mark a box to opt-in.
WordPress 4.9.6 isn’t your typical minor release. It introduces new UI, options, and a bunch of privacy related enhancements. The development team is aiming to officially release 4.9.6 before GDPR goes into effect later this month, but these features need battle tested now, especially on multi-site configurations.
I encourage you to check out 4.9.6 on a staging site and go through the process of requesting, confirming, and obtaining user data. Now is a good time to experience what users will be going through.