The open-source WordPress content management system project announced its 4.9.6 update on May 17, providing users with privacy enhancements designed to help sites be compliant with the European Union’s General Data Protection Regulation.
GDPR is set to go into effect on May 25, requiring organizations to take steps to protect the privacy of end- user information. To be compliant with GDPR, organizations need to properly disclose how user data is stored and used.
“It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located,” WordPress developer Allen Snook wrote in a blog post.
WordPress is one of the most widely deployed CMSes on the internet, powering upward of 75 million websites. The WordPress 4.9 release became generally available in November 2017 and has since received six incremental updates that address security and stability issues. While major releases require WordPress administrators to manually click an update button, for minor releases, like 4.9.6, WordPress has an automatic system for updating sites without any user intervention.
Among the GDPR privacy-focused features in WordPress 4.9.6 are capabilities to help readers of WordPress-powered sites understand and choose how their information is stored. As of the 4.9.6 update, end users who leave a comment on a WordPress-powered site get the choice to allow or disallow a site to save a cookie in their browser that saves user information.
Understanding how data is used is often the domain of privacy policy pages, which is something that some WordPress sites have had for many years. Although some WordPress sites have already published privacy policy pages, with the 4.9.6 update there is now a built-in method for easily integrating a privacy policy. The new privacy page policy option will show users the policy when they register with the site or log in.
Data Handling
A core element of GDPR is data privacy, allowing users to request all their data from a given site and, if they so choose, users can also decide if they want a site to forget them and all their data.
With WordPress 4.9.6, there are two core data handling capabilities that can help enable user data privacy. For one, users can choose to export all their personal data from a WordPress-powered site. In addition, there is now a data erasure option—an end user can now request that all their personal data stored on a WordPress-powered site be erased.
“Site owners have a new email-based method that they can use to confirm personal data requests,” Snook wrote. “This request confirmation tool works for both export and erasure requests, and for both registered users and commenters.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.