GDPR

  • katalyma · Member ·

    @supernovia

    This statement is not true. Because it is WP which, for example, merges the data of third party sites with my blog and not the User himself. For example, if a blogger posts a comment with his WP-Identity on another blog, WP links these two blogs together, not the User himself. Furthermore WP provides the possibility to search other bloggers’ posts using keywords in the “Reader”, etc. Furthermore, Users can log on to completely different pages with the WP-Identity. This means that WP processes and links the personal data on all blogs offered by WordPress.com. Therefore, all WP.com users need a data processing contract.

  • streetsofnuremberg · Member ·

    Under “3. News” of the page “Automattic and the General Data Protection Regulation (GDPR)” it is stated:

    “Our New Privacy Features / In recent weeks, we’ve added:/
    Additional contracts (Data Processing Agreements) for paid users who require them to comply with data protection and privacy laws. If you need a Data Processing Agreement, let us know by contacting support for your product.”

    Here is the link to the page:

    New Privacy Features and Updated Policies

    I had a one hour chat with the support team yesterday, but they deferred to an upcoming post on https://privacy.blog/ that will explain the process how WordPress.com 7 Automattic will handle DPA’s.

    So there is still a lot of confusion in our service provide, it seems. Let’s keep fingers crossed…

  • stadtbuechereibochum1 · Member ·

    Hello everybody,

    we also have a blog on wordpress.com.
    My question: Is there a way to delete the stored IP addresses of older blog comments?
    And if not, does that mean we have to completely delete all comments posted to our blog posts by May 25th?

    Best regards
    Fabian from the Webteam of the Bochum Public Library

  • supernovia · Staff ·

    Fabian, site admins can delete someone’s comment if they request it. If they want to know what data you have, here’s how to get it.

    A common misconception about GDPR is that it’s no longer permissible to collect someone’s personal data. In fact, this is allowed as long as safeguards are in place to honor key rights established by GDPR. Chief among these are transparency about the data being collected, and choice and control over that data’s use. Over the past several months, we’ve put a lot of time, thought, and effort in to building tools and documentation to honor these important rights and to bring WordPress.com in to compliance with this new law.

  • stadtbuechereibochum1 · Member ·

    Thank you very much, supernovia – I think I get the point.

    It was my impression that it is allowed to collect and store someone’s personal data only for a relevant reason, and that you are obliged to delete it if this reason does not apply any longer. That was why I thought older comments have to be erased, if the connected IP-adress cannot be deleted separatly.

  • staff-zinnia · Staff ·

    stadtbuechereibochum1 – We’re happy to help. Thanks for your patience.

  • katalyma · Member ·

    And again: Here a statement from a german lawyer:

    Order processing:
    Whenever external service providers come into contact with personal data, it should be checked whether a contract for order processing has to be concluded with them. This contract then confirms that the processor will provide data “in accordance with the instructions of the
    Processing Responsible”. In the case of websites, this obligation to enter into a contract with the hoster or cloud provider already applies when the hoster logs visitor IP addresses and is responsible for analytics.purposes at your disposal places.

    That means, that WP have to have a Data Processing Agreement with EVERY User. Not only the paying ones. Don’t forget, the “Free Account” is not realy Free. We pay with Datas and your online advertisement on our sides.

  • supernovia · Staff ·

    Can you clarify this?

    it should be checked whether a contract for order processing has to be concluded with them

  • katalyma · Member ·

    The important part is:

    In the case of websites, this obligation to enter into a contract with the hoster or cloud provider already applies when the hoster logs visitor IP addresses and is responsible for analytics.purposes at your disposal places.

    WP as service provider has this contact with personal data. Becuase WP logs visitor IP adresses and much more (clicked Links, refferences, …) for all WP.com-Accounts. AND WP uses this data for advertising. AND WP collects much more Datas. For Example Datas from visits of WP-user on third-party Websites. And so on.
    Do you think it’s ok to deny the free-user this contract? At the risk of lawyers forcing them into fines?

  • blazevivan · Member ·

    Like any other law, there is a room for interpretation, and many lawyers see things differently. Our privacy team has done thorough work on data processing agreements for all our users and accounts with no upgrades will not be receiving them for now.

    If there is any change regarding this in the future it will be posted here:

    https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/

  • katalyma · Member ·

    Your decision in that won’t help your Costumers if lawyers forcing them into fines. This kind of lawyers only want to draw money from alleged misconduct of your users. It does not help if WP lawyers take a different view. In case of doubt, this simply only costs several hundred to several thousand euros. Not your Euros, of course, but those of your users to whom you refuse this contract.
    Other major providers make this contract available to all their customers free of charge.

    Ultimately, this means that your users of free accounts have to say goodbye to your offer. Is that what WP is aiming for? If so, why don’t you just let us know?

  • hauntedoctober · Member ·

    I’m still very confused as to what I need to do for my website and blogs.

    I use the free WordPress options. I sell nothing, I make no money. I use no plug-ins. The only two things I have are the comments are on and the Follow Blog option.

    Will WordPress be adding the Privacy/Cookie notices for my website, or will they be adding that to my Dashboard so I can easily add them?

    These are not hard questions but no one has yet to answer them.

  • cesa2018 · Member ·

    Hi all,

    I decided today to unpublish all my articles and also comments, waiting for a solution for my blog published by wordpress.com , to be GDPR compliant.

    I don’t know if as a private person, my blog has to be GDPR compliant, by comparaison to private or public entities or companies which have to be.

    So, I inserted in the first page of my blog, a little text indicating that I was waiting to be sure my blog will be GDPR compliant.

    Sorry for my approximative English.

  • staff-doublebassd · Staff ·

    Hi there @hauntedoctober,

    We’ll offer an opt-out from our first party analytics tool for WordPress.com users. We are still working to finalize this process for our products. We will update the information here, and in our documentation, with more details about how these processes work once they are ready.

    I’ve seen internally the work in progress with Cookies and rest assured there will be options in place.

    Thanks,

  • hauntedoctober · Member ·

    Thank you!

1 2 3
  • The topic ‘GDPR’ is closed to new replies.