WordPress poses another GDPR compliance headache for publishers
Digital publishers rely on a lot of other companies’ technology, which can make it hard to comply with the impending General Data Protection Regulation. Google has been the highest-profile example of this dilemma. But WordPress offers another illustration.
WordPress claims to power 30 percent of the internet, but it’s not only WordPress.com parent company Automattic’s technology that supports those sites. Through the open source version of WordPress, sites can use more than 55,000 plug-ins created by other companies and developers to provide features that a site needs, like forms for soliciting people’s contact information. But these plug-ins may compromise a site’s ability to abide by GDPR when the law takes effect on May 25.
Automattic’s WordPress.org division and other contributors to the open source version of WordPress have been working on ways for sites to deal with the risk. On May 17, WordPress released an updated version of the software and added a section to its Plugin Handbook to standardize plug-ins’ privacy information, such as what data a plug-in collects and how that data is used, and make that information available to site owners in the WordPress content management system.
“One of the great things about WordPress is that site owners have complete control of how they host and configure their own websites. The same goes for GDPR: Ultimately site owners will be responsible for what they decide to adopt, or what content to use in their privacy policies. Our goal is to provide the tools to make it easier,” Josepha Haden Chomphosy, WordPress.org division lead for Automattic, wrote in an email.
It’s unclear how easy things will actually be for site owners. A lot depends on to what extent plug-in makers add the privacy information that sites will refer to when creating or updating their own privacy policies. That’s further complicated by the fact that plug-in makers may not be able to adequately answer some of the questions about the personal data that their plug-ins collect and use. Many plug-in makers are individual developers or small companies that lack their own legal teams to advise them.
One of the most popular plug-ins, Contact Form 7, runs on more than 5 million sites but was built by a single developer, Takayuki Miyoshi. He had been receiving questions asking whether the plug-in was GDPR-compliant, and in a blog post published in April, he admitted that he’s unable to say.
Other plug-in makers have opted to disable their plug-ins from collecting data from people in Europe altogether. Ad tech firm Sovrn has developed several WordPress plug-ins that sites can use to do things like show related articles on their pages. To ensure those plug-ins don’t make sites vulnerable to violating GDPR and that the sites don’t disable its plug-ins for fear of violating GDPR, the firm is turning off data collection from users in Europe, said Jack Downey, who leads market development at Sovrn and is vp of its Sovrn Labs division.
If WordPress-powered sites are worried about whether their sites comply with GDPR, well, there is a plug-in for that. Of course, the plug-in’s developer has added the disclaimer, “Activating this plugin does not guarantee you fully comply with GDPR.”
Download the Digiday guide to GDPR for checklists, research and more you’ll need to know before May 25.
How Axios is tackling local news: newsletters from small teams, in more markets
Axios plans to have local newsletters in 23 markets in 2022. But local news is a challenging undertaking, and many have failed before it. How is Axios differentiating itself?
‘Giving people more control’: Rise in flexible working is enabling older workers to defer retirement
Enforced working from home has opened many people’s eyes to the potential for flexible working, and for many older people it has offered them a way to defer retirement.
Member ExclusiveMedia Buying Briefing: ‘The golden age of audio’: New forms hit a higher note, but radio buyers still struggle to hear it
As digital audio continues to grow, forecast by eMarketer to hit $5.59 billion in 2021, media buyers and planners are still trying to find ways to make effective use of it.
SponsoredHow legacy publishers are transforming into profitable streaming channels
Navdeep Saini, co-founder and CEO, DistroScale, parent company of DistroTV Connected TV (CTV) has become one of the fastest developing channels in advertisers’ marketing mix today. The pandemic led to an increase in CTV consumption, with 75% of consumers watching more streaming content than before quarantines set in. With streaming viewership continuing to gain momentum, […]
Publishers boost climate change coverage as the issue takes the world stage
With the countdown to the COP26 summit underway, publishers are boosting their coverage of climate change in videos, articles, events and audio.
‘We see a world where publisher data replaces third-party data’: News U.K. puts its data at the nucleus of post-cookie push for media budgets
News U.K. has overhauled the way it collects, sorts and monetizes its audience data across all its titles via first-party data platform Nucleus.