WordPress poses another GDPR compliance headache for publishers
Digital publishers rely on a lot of other companies’ technology, which can make it hard to comply with the impending General Data Protection Regulation. Google has been the highest-profile example of this dilemma. But WordPress offers another illustration.
WordPress claims to power 30 percent of the internet, but it’s not only WordPress.com parent company Automattic’s technology that supports those sites. Through the open source version of WordPress, sites can use more than 55,000 plug-ins created by other companies and developers to provide features that a site needs, like forms for soliciting people’s contact information. But these plug-ins may compromise a site’s ability to abide by GDPR when the law takes effect on May 25.
Automattic’s WordPress.org division and other contributors to the open source version of WordPress have been working on ways for sites to deal with the risk. On May 17, WordPress released an updated version of the software and added a section to its Plugin Handbook to standardize plug-ins’ privacy information, such as what data a plug-in collects and how that data is used, and make that information available to site owners in the WordPress content management system.
“One of the great things about WordPress is that site owners have complete control of how they host and configure their own websites. The same goes for GDPR: Ultimately site owners will be responsible for what they decide to adopt, or what content to use in their privacy policies. Our goal is to provide the tools to make it easier,” Josepha Haden Chomphosy, WordPress.org division lead for Automattic, wrote in an email.
It’s unclear how easy things will actually be for site owners. A lot depends on to what extent plug-in makers add the privacy information that sites will refer to when creating or updating their own privacy policies. That’s further complicated by the fact that plug-in makers may not be able to adequately answer some of the questions about the personal data that their plug-ins collect and use. Many plug-in makers are individual developers or small companies that lack their own legal teams to advise them.
One of the most popular plug-ins, Contact Form 7, runs on more than 5 million sites but was built by a single developer, Takayuki Miyoshi. He had been receiving questions asking whether the plug-in was GDPR-compliant, and in a blog post published in April, he admitted that he’s unable to say.
Other plug-in makers have opted to disable their plug-ins from collecting data from people in Europe altogether. Ad tech firm Sovrn has developed several WordPress plug-ins that sites can use to do things like show related articles on their pages. To ensure those plug-ins don’t make sites vulnerable to violating GDPR and that the sites don’t disable its plug-ins for fear of violating GDPR, the firm is turning off data collection from users in Europe, said Jack Downey, who leads market development at Sovrn and is vp of its Sovrn Labs division.
If WordPress-powered sites are worried about whether their sites comply with GDPR, well, there is a plug-in for that. Of course, the plug-in’s developer has added the disclaimer, “Activating this plugin does not guarantee you fully comply with GDPR.”
Download the Digiday guide to GDPR for checklists, research and more you’ll need to know before May 25.
‘Scale with great context’: The Independent eyes global expansion
The U.K. news title marked 'double-digit' revenue growth this year and posted a profit, despite the pandemic. It plans to grow headcount by up to 25%.
‘This is a tricky job for humans’: How Meredith used AI and contextual data to build Campbell’s a new campaign
To keep Campbell's ads relevant, Meredith created new artificial intelligence technology to track hyper-contextual data.
Vying for consumer revenue, Eater serves up new wine subscription play
Eater's making a play for more national scale consumer revenue with the launch of its new wine club.
SponsoredHow artificial intelligence and machine learning power content-first newsrooms
By Chris Nguyen, executive vice president, marketing at Naviga Digital is no longer just a nice addition to a newspaper’s success, but an imperative. While print remains a key source of revenue — capturing both subscriptions and advertising — spending too much time on designing and managing printed editions has become an obstacle to digital transformation. […]
‘Clearly underinvesting’: Some of the world’s biggest marketers pledge to direct more media dollars to minority-owned business
Procter & Gamble to McDonald’s, Pernod Ricard to PepsiCo, big marketers pledge to curtail media dollars that help fuel racial basis.
Paid virtual events are the new golden ticket for publishers
There are other added benefits for publishers to have ticketing on their events, beyond the revenue.