The General Data Protection Regulation goes into effect on May 25, 2018 and that means that EU residents will have more rights around their privacy, including knowing what data is being collected, stored and shared about them by a website, requesting access to that data, and requesting that all data about them be erase.
To help your extension be ready for this deadline, we recommend going through the following list of questions for every extension or plugin that you make:
- Does the plugin share personal data with third parties (e.g. to outside APIs/servers). If so, what data does it share with which third parties and do they have a published privacy policy we can link to?
- Does the plugin collect personal data? If so, what data and where is it stored
- User data/meta
- Options
- Order custom post type meta
- Product custom post type meta
- Post meta
- Custom db tables
- Files
- Does the plugin access personal data (e.g. using the personal data WooCommerce stores in orders). If so, what data?
- User data/meta
- Options
- Order custom post type meta
- Product custom post type meta
- Post meta
- Custom database tables
- Files
- Does the plugin store personal data (including making copies of it). If so, where?
- Does the plugin pass personal data to a SDK? What does that SDK do with the data?
- Does the plugin implement the core personal data exporter hook?
- Does the plugin implement the core personal erasure hook?
- For what reasons (if any) does the plugin refuse to erasure personal data? (e.g. order not yet completed, etc)
- Does the plugin enqueue Javascript, tracking pixels or embed iframes from a third party (third party JS, tracking pixels and iframes can collect visitor’s data/actions, leave cookies, etc.)
- Does the plugin store things in the browser? If so, where and what?
- Cookies
- Indexed DB
- Local Storage
- Session Storage
- Does the plugin use error logging? Does it avoid logging personal data if possible? How long are log entries kept? Who has access to them?
- In wp-admin, what role/capabilities are required to access/see personal data? Are they appropriate?
- What personal data is exposed on the front end of the site by the plugin? Does it appear to logged-in and logged-out users?
- What personal data is exposed in REST API endpoints by the plugin? Does it appear to logged-in and logged-out users? What roles/capabilities are required to see it?
- Privacy documentation
- Does the plugin have documented anywhere what personal data it collects, accesses, and shares, why it collects that, and how long it is retained?
- Is browser storage (e.g. cookies) also covered
- If the plugin shares personal data with a third party, does that third party have a documented privacy policy (e.g. a URL) that covers the API(s)
- Are there separate things you need to declare for administrators and shop managers vs end-users
- Does the plugin properly remove/clean-up data, including especially personal data:
- during uninstall of the plugin?
- when an order is deleted (e.g. from the order meta or any order-referencing rows in another table)?
- when a user is deleted (e.g. from any user referencing rows in a table)?
- Does the plugin provide controls to reduce the amount of personal data required?
- Does the plugin share personal data with SDKs or APIs only when the SDK or API requires it, or is the plugin also sharing personal data that is optional?
- Does the amount of personal data collected or shared by this plugin change when certain other plugins are also installed?