Connect with execs from The New York Times, TIME, Dotdash Meredith and many more
Digital publishers rely on a lot of other companies’ technology, which can make it hard to comply with the impending General Data Protection Regulation. Google has been the highest-profile example of this dilemma. But WordPress offers another illustration.
WordPress claims to power 30 percent of the internet, but it’s not only WordPress.com parent company Automattic’s technology that supports those sites. Through the open source version of WordPress, sites can use more than 55,000 plug-ins created by other companies and developers to provide features that a site needs, like forms for soliciting people’s contact information. But these plug-ins may compromise a site’s ability to abide by GDPR when the law takes effect on May 25.
Automattic’s WordPress.org division and other contributors to the open source version of WordPress have been working on ways for sites to deal with the risk. On May 17, WordPress released an updated version of the software and added a section to its Plugin Handbook to standardize plug-ins’ privacy information, such as what data a plug-in collects and how that data is used, and make that information available to site owners in the WordPress content management system.
Sites using the updated software will be able to see this information, as well as privacy information related to the core WordPress software and themes a site may use, in a new “Privacy Policy Guide” that has been added to the CMS to help sites create or update their own privacy policies. When plug-ins, themes or the core WordPress software make any updates — or when sites activate or deactivate a plug-in, or switch themes — sites will be notified of the changes within the CMS.
“One of the great things about WordPress is that site owners have complete control of how they host and configure their own websites. The same goes for GDPR: Ultimately site owners will be responsible for what they decide to adopt, or what content to use in their privacy policies. Our goal is to provide the tools to make it easier,” Josepha Haden Chomphosy, WordPress.org division lead for Automattic, wrote in an email.
It’s unclear how easy things will actually be for site owners. A lot depends on to what extent plug-in makers add the privacy information that sites will refer to when creating or updating their own privacy policies. That’s further complicated by the fact that plug-in makers may not be able to adequately answer some of the questions about the personal data that their plug-ins collect and use. Many plug-in makers are individual developers or small companies that lack their own legal teams to advise them.
One of the most popular plug-ins, Contact Form 7, runs on more than 5 million sites but was built by a single developer, Takayuki Miyoshi. He had been receiving questions asking whether the plug-in was GDPR-compliant, and in a blog post published in April, he admitted that he’s unable to say.
Other plug-in makers have opted to disable their plug-ins from collecting data from people in Europe altogether. Ad tech firm Sovrn has developed several WordPress plug-ins that sites can use to do things like show related articles on their pages. To ensure those plug-ins don’t make sites vulnerable to violating GDPR and that the sites don’t disable its plug-ins for fear of violating GDPR, the firm is turning off data collection from users in Europe, said Jack Downey, who leads market development at Sovrn and is vp of its Sovrn Labs division.
If WordPress-powered sites are worried about whether their sites comply with GDPR, well, there is a plug-in for that. Of course, the plug-in’s developer has added the disclaimer, “Activating this plugin does not guarantee you fully comply with GDPR.”
Download the Digiday guide to GDPR for checklists, research and more you’ll need to know before May 25.
More in Media
Rockstar Games is staffing up its creator platform division with an eye toward UGC creators
Grand Theft Auto’s creator platform continues to evolve, with the company making key hires ahead of the release of “Grand Theft Auto 6.”
The coalition of the willing (and unable): publishers rally to wall off AI’s free ride
That coalition is taking shape in the form of a technical framework designed to let publishers control who can access their content, and under what terms.
Creators are standing up IRL events to soak up more of brands’ marketing dollars
For brands, the ability to measure performance is a key motivator to lean into creators’ IRL events. Across the board, brands are more closely scrutinizing the performance of their creator marketing spend, pushing to experiment with channels that have more easily measurable performance metrics in the form of conversions or foot traffic.