WordPress poses another GDPR compliance headache for publishers
Digital publishers rely on a lot of other companies’ technology, which can make it hard to comply with the impending General Data Protection Regulation. Google has been the highest-profile example of this dilemma. But WordPress offers another illustration.
WordPress claims to power 30 percent of the internet, but it’s not only WordPress.com parent company Automattic’s technology that supports those sites. Through the open source version of WordPress, sites can use more than 55,000 plug-ins created by other companies and developers to provide features that a site needs, like forms for soliciting people’s contact information. But these plug-ins may compromise a site’s ability to abide by GDPR when the law takes effect on May 25.
Automattic’s WordPress.org division and other contributors to the open source version of WordPress have been working on ways for sites to deal with the risk. On May 17, WordPress released an updated version of the software and added a section to its Plugin Handbook to standardize plug-ins’ privacy information, such as what data a plug-in collects and how that data is used, and make that information available to site owners in the WordPress content management system.
“One of the great things about WordPress is that site owners have complete control of how they host and configure their own websites. The same goes for GDPR: Ultimately site owners will be responsible for what they decide to adopt, or what content to use in their privacy policies. Our goal is to provide the tools to make it easier,” Josepha Haden Chomphosy, WordPress.org division lead for Automattic, wrote in an email.
It’s unclear how easy things will actually be for site owners. A lot depends on to what extent plug-in makers add the privacy information that sites will refer to when creating or updating their own privacy policies. That’s further complicated by the fact that plug-in makers may not be able to adequately answer some of the questions about the personal data that their plug-ins collect and use. Many plug-in makers are individual developers or small companies that lack their own legal teams to advise them.
One of the most popular plug-ins, Contact Form 7, runs on more than 5 million sites but was built by a single developer, Takayuki Miyoshi. He had been receiving questions asking whether the plug-in was GDPR-compliant, and in a blog post published in April, he admitted that he’s unable to say.
Other plug-in makers have opted to disable their plug-ins from collecting data from people in Europe altogether. Ad tech firm Sovrn has developed several WordPress plug-ins that sites can use to do things like show related articles on their pages. To ensure those plug-ins don’t make sites vulnerable to violating GDPR and that the sites don’t disable its plug-ins for fear of violating GDPR, the firm is turning off data collection from users in Europe, said Jack Downey, who leads market development at Sovrn and is vp of its Sovrn Labs division.
If WordPress-powered sites are worried about whether their sites comply with GDPR, well, there is a plug-in for that. Of course, the plug-in’s developer has added the disclaimer, “Activating this plugin does not guarantee you fully comply with GDPR.”
Download the Digiday guide to GDPR for checklists, research and more you’ll need to know before May 25.
Member Exclusive‘The world isn’t going back to where it was’: Publishers grope in the dark for signs of what’s to come
The business side at publishers are preparing for a long winter, and a new world where plans change on a whim and their task is scrambling to catch up.
Some media companies are still hiring through the crisis
As coronovirus accelerates all trends, especially digital transformation, some media companies are staffing up in product capabilities.
Bright spot: Food52 doubled its daily product sales last month
By providing additional marketing promotion to its struggling retail partners, Food52 is continuing to see growth in its commerce business.
SponsoredTV buyers are shifting from traditional demographics to more precise audience-based metrics
In traditional broadcast TV, age and gender have long been the dominant way of targeting audiences, but as TV and digital platforms converge, experts say the industry is steadily moving toward audience-based buying.
As a paywall alternative, Vox.com asks for reader donations to fund coronavirus coverage
Vox is asking for monthly donations of up to $100 per month and one-time donations of up to $250 to support its coronavirus coverage.
Member ExclusiveManaging during crisis: How to cut costs and communicate tough decisions
During the wide-ranging talk, held virtually exclusively for Digiday+ members, former Comscore CEO Bryan Wiener explained which skills --decisiveness, focus and communication -- will make any leader, regardless of how experienced, ready to adapt their companies and come out of the coronavirus pandemic stronger than ever.