[pmwiki-devel] GDPR Compliance Issues
Criss Ittermann
crisses at kinhost.org
Thu Jun 21 15:40:50 PDT 2018
Anyone seriously looking into the changes PmWiki needs to be GDPR compliant?
Mediawiki, Wordpress are taking things pretty seriously.
What I see as material problems are:
Removing people from Diffs — mentioned in a thread on the PmWiki Users list — if they request their data to be completely removed from the site. That can be tricky — there's a difference between being an author (of an original article or section thereof, thus possessing copyright to the creation) vs. editor. Removing a diff in the middle of a chain of diffs can materially change a wiki page in ways that don't work. If someone fixed a typo, it's now a typo again — and that would be OK I suppose. But if someone added a paragraph that was later edited & added-to — now the context for further changes is missing.
Making sure all email & comment forms have a required checkbox (not checked already) asking permission to share/email/store personally identifying information. Though that's pretty easy if you know how to use PmForm.
Getting explicit permissions before setting ANY cookies (not "if you use this site you agree to cookies....") which should be in a pop-up with a checkbox, and the permission has to be tracked though I have no idea how you'd trace it (just on IP?).
And you can't say "using this site constitutes you agree to our privacy policy or terms of service" — you need a material checkbox agreeing to it, with a link, and that checkbox use has to be tracked somehow (just like email form & comment form permission, and just like the cookie-setting issue — everything has to be tracked).
A neat thing WordPress did is they have plug-ins supply "Suggested wording" for privacy policies to cover that they're in use on the site. When the user is on the back-end there's help documents for creating a privacy policy, and for example Akismet suggests some wording for your privacy policy. WordPress overall gives suggested wording (which covers general cookies, and mentions that you have to put your analytics etc. into the document).
Technical weirdness, but important.
Crisses
--
"God has shown me. God has forgiven me."
"He hasn't forgiven you; he has made you mad."
--LadyHawke
More information about the pmwiki-devel
mailing list