How we’re tackling GDPR in WooCommerce core

Stronger rules on data protection from May 2018 mean citizens have more control over their data.

GDPR is coming, and we’re working hard to get new tools in WooCommerce core to help store owners comply. If you’re not familiar with GDPR yet, Hannah wrote a great introduction to GDPR on the main WooCommerce blog which you can read to get caught up.

It’s important to note that this new law doesn’t just apply to stores in the EU – this applies globally to stores that sell products to EU residents.

We’re currently building new tools into our upcoming 3.4 release to help store owners deal with GDPR requests and surface things such as privacy policies on the checkout. Some of the tools are built already, or are in progress, notably:

  • Improvements to the checkout in https://github.com/woocommerce/woocommerce/pull/19637, which include:
    • Better formatting for inline descriptions should someone which to include just in time privacy text next to fields, and some simple tools to toggle non-critical fields off to avoid unnecessary data collection.
    • Custom terms and conditions text, and control over the checkbox + label itself.
    • In progress personal data export and bulk order anonymize in https://github.com/woocommerce/woocommerce/pull/19330.
  • We’ve cleared up wording around the tracker in the Wizard to ensure it’s compliant.
Improved terms and conditions display on checkout

Open GDPR issues can be tracked here. One thing not yet completed is personal data export, which is arguably the most important thing we need to assist store owners with. To solve this, we’re working to bring these tools to WordPress core. Read on for the details.

The road to WordPress core compliance

Rather than create something proprietary, or specific to WooCommerce, our team is focussing on WordPress core contributions so that all users and plugins can benefit from a single, unified system in WordPress itself. We feel this is the most effective use of everybody’s time.

To that end, we’ve started on several new screens and functions for WP core which (if approved) will facilitate user requests and create export files of personal data.

Here are a few of the tickets we’re actively contributing to:

Way for users (and guests) to request personal data and/or removal

Managing requests, for example requests for personal data, needs some kind of UI or system to track who did the request, the status of the request, and the date of the request. GDPR requires that requests are responded to within 30 days.

To help with this, we’re creating a requests system within WordPress to deal with this.

What the requests UI may look like

The UI shown above has been submitted as a patch in #43481. The basic flow in the v1 is as follows:

  1. User makes request via contact form or some other method of contact.
  2. Admin adds the request via the WordPress dashboard.
  3. User verifies the request.
  4. Admin triggers a response to the request e.g. by sending the data they requested.
  5. Request is either kept for tracking purposes, or removed.

To ensure the user is really who they say they are (remember emails can be spoofed!) we created a mechanism whereby WordPress will send a confirmation email to the user with a link they can click to confirm any action. This is similar to the “change password” flow in WordPress, but more general. This has been submitted via #43443.

Requests can be tracked and can have the following statuses:

  • Pending
  • Confirmed
  • Failed
  • Completed

Thats it! If merged, we’ll move on to the ‘next steps’ column which will include buttons and links to send export files and so on to the requester.

The personal data export system

The next part to this is the actual export file generation. This will export all personal data tied to a specific email address in a human readable format.

How this works technically is:

  • A WordPress endpoint is hit, and a filter is ran to gather a list of data exporters from various plugins and core itself.
  • Each data exporter is called and the exporter from each plugin returns personal data based on a given email address.
  • Exporters support pagination, and each call is done in a separate request to prevent timeouts.
  • All of the data is appended to an export file. This is then served to the admin.

The main trac ticket for this is #43438. This fires the actions and filters for plugins to use. This prototype works with our in progress implementation in WooCommerce here.

Another related ticket is #43440 which puts WordPress comment data into the export.

Finally, #43551 improves how the export is served to the admin; as a HTML file within a zip file which is portable and human readable!

A sample export file

What else is being worked on in WordPress core?

Some other tools being made inside WordPress include:

If you’re keen on contributing, all GDPR issues in WordPress itself are tagged in trac here.

There are also lots of discussions taking place in WordPress Slack in the #gdpr-compliance room. Join us!


26 responses to “How we’re tackling GDPR in WooCommerce core”

  1. Reblogged this on Mike Jolley :: Web Developer and commented:

    What we’re up to in WooCommerce land right now.

  2. Daniel Bitzer Avatar
    Daniel Bitzer

    This is amazing! Great work!
    Are there any plans to handle cookie consent in WP or WC core? Would that be needed before cart cookies can be set under GDPR or maybe they can be considered ‘essential’ cookies.

    1. They would be essential to WC for the cart to function. I’ve seen some tickets regarding this in WP core specifically for commenter cookies. They plan to add opt in.

  3. […] the WooCommerce development team posted an article on April 10th called “How we’re tackling GDPR in WooCommerce core” which I recommend you to read. They confirm they’re working on releasing some […]

  4. […] Gutenberg 2.6 Introduces Drag and Drop Block Sorting Theme Review Changes Place More Onus Onto Theme Authors WordPress Accessibility Statement WooCommerce 3.3.5 Released How WooCommerce is tackling GDPR […]

  5. That’s perfect! It’s going to make it a little easier.

  6. […] How We’re Tackling GDPR in WooCommerce Core […]

  7. will this be available in the OSS version of WoOcommerce? Or just in the paid automattic version?

    1. There is no paid automattic version. There is only one version of WC.

  8. […] WooCommerce has written an overview of what they’re planning for GDPR already. While they have tightened up some of their language and settings to be compliant with GDPR the main push is to contribute back to WordPress core. […]

  9. […] as required before the deadline.They have some major enhancements on the way to help aid you. Also WooCommerce is working to ensure your online store stays compliant as well. This is all great news, but you’re still not done. There’s several steps you need to […]

  10. Did thoses changes get accepted ? And will they hit any update before GDPR deadline ?

    1. Yep. Both the WordPress and the WooCommerce releases will take place before the GDPR deadline with the changes in place.

  11. Hi, when can we expect the updates to take place? And what about updated privacy policy? I want to include the wording in my privacy policy, and also notify customers, all before the deadline on 25th May. Can you give me an eta please?

    1. The WordPress features around privacy policy will be in WP 4.9.6 scheduled to release May 15th. The WooCommerce GDPR features will be in WC 3.4 scheduled to release May 23rd.

      1. Thank you, when will Woocommerce own privacy policy be updated, from which I would take information for my privacy policy?

  12. […] Last month we blogged about the way we were approaching GDPR in WooCommerce. We’re happy to be able to say that most of these features are now ready in WordPress 4.9.6 (beta), and we’ve finished our work in WooCommerce core also. […]

  13. […] For more on the latest GDPR updates to WooCommerce, check out WooCommerce 3.4 GDPR features. And for a rundown on how WooCommerce is complying, How we’re tackling GDPR in WooCommerce core. […]

  14. […] the WooCommerce development team posted an article on April 10th called “How we’re tackling GDPR in WooCommerce core” which I recommend you to read. They confirm they’re working on releasing some improvements to […]

  15. […] Within the e-commerce checkout process, we are obviously collecting a lot of customer information.  Woocommerce are working to have compliance tools included (latest update is to be released 23rd May).  More info here: https://woocommerce.wordpress.com/2018/04/10/how-were-tackling-gdpr-in-woocommerce-core/ […]

  16. I do not see field encryption as one of the updates. And, shamefully I’m unsure as to whether this is a possibility in Woo’s architecture as it is today.

    Among the provisions outlined in GDPR, one of the requirements is encryption obfuscation of the data. Practically speaking, a breach would assume in most cases that any on-system decryption method would be available to the attacker as well. However, obfuscation is a must to add a layer of protection.

    * The pseudonymisation and encryption of personal data

    This is the provision that most concerns me. You can’t index by city/state/name with encrypted data fields. And, you can’t be in compliance without privatizing their address.

    The solution I have come up with in my applications is to encrypt everything and anonymize a longitude and latitude point for regional searches, use a GUID for the customer instead of indexing it to their name or other personal information, and encrypt all fields so that they require manual intervention (like a key or password) to access the database entry.

    I am suspicious that Woo doesn’t yet have encrypted fields. I’d like to see that, ASAP.

    1. Isn’t that a recommendation, not a requirement? This would also likely need to happen at WordPress level, not WooCommerce level, since all data is stored in the same database and doing it for only WooCommerce data would not protect WP user data.

      We’ve no plans to change how data is stored at present. Other security best practices, such as strong passwords for the users who have access to order data, should be utilised to help prevent data breaches.

      If you think it’s worth raising with WordPress, there is a GDPR channel on WordPress Slack, or it can be raised on trac 🙂

      1. Mike, thanks for responding.

        There are personal data fields explicitly stored in Woo tables and those fields could be easily obfuscated.

        It’s a GDPR suggestion just like the TSA used to “suggest” I take off my shoes at the airport.

        It’s a suggestion that may result in pretty severe consequences if I don’t agree to their suggestion.

        I have more hope for the Woo team than I do WP generic.

        For example, addresses and phone numbers are not stored in generic WP fields.

        Thanks for prodding me to think about it more.

        1. > For example, addresses and phone numbers are not stored in generic WP fields.

          Yes they are; post meta. I’d really suggest taking this up in WP GDPR slack. There are legal advisors there too who can look at this.

          1. Thanks for the feedback, I’m there now.

Leave a Reply

Your email address will not be published. Required fields are marked *