Last month we blogged about the way we were approaching GDPR in WooCommerce. We’re happy to be able to say that most of these features are now ready in WordPress 4.9.6 (beta), and we’ve finished our work in WooCommerce core also.
This post summarises the changes and features you’ll find in our 3.4 release scheduled to drop May 23rd.
Personal data exporter
WordPress 4.9.6 includes both the ability to export personal data associated with an email address to a HTML file. WooCommerce 3.4 will add to the generated export file, exporting the following data:
- Customer address/account information
- Orders associated with the given email address
- Download permissions and logs associated with the given email address
To ensure requests are genuine, 4.9.6 includes a requests table and confirmation email to verify the request. The verification flow consists of the following steps:
- Add an email address or username.
- The user is notified via email with a confirmation link.
- The confirmation link is used and the request is marked “confirmed”.
- Admin triggers an email to the user which contains a link to download their personal data.
Personal data files can also be manually generated by the admin and downloaded. The file itself is a simple HTML file, zipped.
WordPress exports it’s own data in the same way, so things such as media files, posts, and comments/reviews are also taken care of!
Personal data eraser
Like the exporter, the eraser allows you to verify requests are legitimate before fulfilling them. It uses the same verification/email/requests system as the exporter.
We understand this can be slightly more complicated with stores because you may need to keep data for other reasons, such as tax compliance or compliance with other laws.
With that in mind, we have made some of our erasure routines optional:
These settings are off by default.
Additionally, if you ever delete a user manually, we’ve improved our cleanup functions so that the following data is removed along with the user:
- Payment tokens
- Orders (are converted into guest orders)
And if you need to manually anonymise orders in bulk for a user you can search for them in admin and use the new “remove personal data” bulk action:
This keeps the order around, but removes all personal data and converts the order into a guest order.
Data retention settings
To help reduce the amount of personal data that’s stored, WooCommerce 3.4 allows you to define how long you want to retain data that is no longer needed for order processing:
These settings are found in
WooCommerce > Settings > Accounts and privacy.
- Failed, pending, and canceled orders which get cleaned up will be moved to the trash.
- Completed orders which get cleaned up will be anonymized so sales stats are unaffected.
- Inactive accounts will be deleted. An inactive account is one which has not been logged in to, or which has not placed orders, for the specified time.
If enabled, cleanup will run via a daily cron job. Inactive accounts are tracked using meta data, and only subscribers/customer accounts are removed. An upgrade routine will set all account last active times to the time you updated to 3.4.
Checkout page display options
To reduce the amount of personal data stored you can turn off some optional fields you may not require for processing.
Additionally, you can now change the terms and conditions checkbox text to meet your needs:
Both of these options can be found in the Customiser (
Appearance > Customizer > WooCommerce > Checkout) and the preview is live so you can see what effects these changes will have on your checkout before hitting publish.
WordPress 4.9.6 includes a privacy page setting as well as a mechanism for plugins to suggest content. WooCommerce adds some suggested content of it’s own.
Other plugins can do the same which should allow you to piece together a policy which applies to your users.
- Account registration form
- Checkout form
The notice in the case of the checkout is shown above the place order button automatically:
Both notices can be customised in
WooCommerce > Settings > Accounts and privacy or the Customiser.
Changes to log files
We’ve made some changes to our logging system in core, as well as revised what data gets logged.
- We’ve done an audit of our usage of logs in WooCommerce and removed any unnecessary personal information from the logs. Notably:
- Webhook logs no longer log the webhook body and response unless
WP_DEBUGmode is turned on. This avoids personal information sent with webhooks being logged to the server.
- PayPal debug logging no longer logs the personal data sent to PayPal and masks it out. The setting itself now includes a disclaimer that it should be used for debug purposes only and should be disabled when complete.
- For PayPal specifically, payer email/name is no longer logged within order meta – this information can be found using the transaction ID and visiting the PayPal website instead.
- Webhook logs no longer log the webhook body and response unless
- When PayPal debugging logging is turned off, the logs are purged.
- Logs will now rotate daily, and log files will be deleted after 30 days by default. A filter can be used (
woocommerce_logger_days_to_retain_logs) to extend this if needed. The cleanup is performed using a cron job.
These changes apply to both file based logging, and database based logging, which are both options within WooCommerce core.
The above features will require both WooCommerce 3.4 and WordPress 4.9.6. Both will be released before the May 25th GDPR deadline. If you’re interested in testing WooCommerce 3.4, see our beta announcement here.
Thanks for testing!
48 replies on “WooCommerce 3.4 GDPR features”
That’s an impressive amount of work! Is there any documentation anywhere on how to hook into WP’s “data export” facility, so that other plugins can include/append any data that they’re storing in the output?
LikeLiked by 2 people
Anyone else who is interested in this… here: https://github.com/AffiliateWP/AffiliateWP/issues/2660
Thank you!! This is great work. However, I still do think there is an issue not resolved: Under GDPR you can collect data from customers without their permission if these data is needed to fulfill the deal. Name, address etc are clearly needed. IP address is not. Yet woocommerce automatically collects the IP address of a customer. Can this be switched off?
We’ve been advised that a checkbox is not required because the customer is placing an order and the data is required for processing. You will need extra checkboxes if you intend to use data for other purposes.
You should of course check with a lawyer too. We’ve been working with our legal department 🙂
Fwiw 3.4 includes some extra hooks in the terms template so more can be inserted with custom code, if needed.
So, if customers place an order and they are just informed about the policy, some of them may not be want to give fully consent for everything in that policy. The checkbox can make it clear and undisputed.
What do you think, is it possible for you just to add an option button for the shop owners to choose if there is or not a checkbox in the snippet? Just like an option. Extra hooks are great but with this kind of option you will make it more easy and possible for not coders to make it through these changes. It’s really a big change that take a lot of time and expenses for every business in Europe, especially if it’s a micro or small company.
Thank you for you answer and help!
I think it would be best to not include a checkbox in this case, based in the feedback we’ve received. If it’s an option it’s going to make it tougher for users to know it they actually need it, which we don’t believe they will. Remember there is also the TOS checkbox if you have other policies to disclose, and marketing plugins should add their own in addition.
Recommend you chat to a lawyer of your own of course 🙂
Mike, thank you!
I see your point. Of course, lawyers opinion and position are very important, so every shop owner has to talk with its legal team. And again – great work with GDPR changes! Looking forward for the update.
I talked to my lawyer and with some other lawyers as well. I quote their opinion: There must be a check box, so with it the clients can give their explicit consent to process their data when place orders. No implicit or implied consent do not work and it will contrary to the law. Although they submit their data by themselves, there must be a clue that they have agreed with it, know what they have given their data for, that they can withdraw it, be forgotten, and so on.
What do you think? After all, is it possible to add this checkbox? Because if you do not do this, that means every developer has to do it by himself for every existing project and for the new ones as well.
It has always been there this type of checkbox in other web platforms like Opencart in example. So, I think there is nothing confusing for customers and for shop owners.
Thank you for your great work!
That seems to be what the policy is for. There are plugins to add checkboxes if you insist on including one – and again, we’ve been advised not to include one as this is a contract. Disclaimer again, ianal 🙂
Thank you for your answer, Mike! I just wanted to provide you this opinions. Thanks!
Hi Mike! It all looks good except for this:
For PayPal specifically, payer email/name is no longer logged within order meta – this information can be found using the transaction ID and visiting the PayPal website instead.
This information has been really useful in the order meta, since it helps determine potential fraud. Why are you removing it? Can you make it opt in? Making a sale as a vendor also entails protecting ourselves from fraud so having this information on hand as meta is only positive.
Why is it needed when it’s stored PayPal side?
Probably not “needed”, but it is convenient. Not all shop managers have access to a company’s PayPal account. How about using the PayPal API to download it “on demand”, so that it’s not stored in WooCommerce, but is still accessible there?
Maybe you can explain why you’d need to look this up. I’m not sure I understand it’s importance if IPN validation is successful.
Hi Mike, I didn’t see your replies. Having the PayPal payee name and email address logged is useful because PayPal accounts are sometimes hijacked. We used to receive fraudulent orders from Indonesia previously. We also received legit orders from Indonesia. The difference between them was that the fraudulent ones had wildly different PayPal email and name, billing name and email and shipping details. Seeing this level of detail helped us a lot. Having them in one place (the order which they pertain to, as much information as possible is useful here) without having to visit an external site was helpful.
LikeLiked by 1 person
Love you hard workers for this!
If a user wants their data deleted – what data is considered “personal data”? I assume name, email, address, etc. Anything else?
I’m curious on things like address. Is it possible (or already done) to erase a street address and keep city, state, zip, country?
IP, email, address and the main ones. When we anonymize we remove all data. The eraser class is filterable however.
LikeLiked by 1 person
This already includes a notice and is shown in the screenshots above (settings page).
Quite so – I looked twice, but was going too fast. My apologies.
Very useful, thank you.
When will the new version of WP be released so that we can start to implement these changes?
Should be today – may 17th.
Any news about the Stipe / Apple Pay integration with Woo? It is issuing third-party cookies on indvidual product pages before consent can be given and whether or not the site viewer intends to purchase…
Amazing tools and improvements guys! Can’t wait to download it
We don’t offer that option. Policy applies to all, so giving all users that same text and treatment makes sense?
It could be made to use address or geolocation, but I wouldn’t want to add that without more user feedback post launch.
I am rather disappointed. Was hoping for an out of the box working solution whereby customers at least could request the deletion of their data themselves in the WC customers panel.
All the talk the last weeks led me to believe that there was a lot to come. Frankly I am not impressed, everything is hidden away in menu structures, there is no documentation at all.
Also I was led to believe that every plugin would add automatically to the privacy statement, that is not the case.
I had expected much more from the WooCommerce team, it is not that they did not have time or anything. It has been known for a long time now that the European union would come up with this crap.
We’ve been pretty open in previous posts what was coming. The features you mention are coming in WordPress itself over the next few releases and are logged on the WordPress issue tracker.
We’ve already commented on this subject https://woocommerce.wordpress.com/2018/05/04/woocommerce-3-4-gdpr-features/#comment-4629
Great work, we just got the update today and now we are more or less compliant with GDPR, one day before the deadline.
One question though, if we have set our “Retain completed orders” threshold to 2 years, but we have orders ranging back from 2012, when will Woocommerce start to anonymize those orders older than 2 years?
When the cron job runs those will be cleared, so soon I imagine.
Thanks, that will be interesting to monitor
thank you for your work!
I updated everything but I can’t find an option to set up a required checkbox at the checkout in the customizer. Where do I set this up?
There is only a terms and conditions checkboxes. If you set the ‘terms’ page option it will be shown. Thats not new in 3.4.
How does the user ask for an account to be deleted or request data? I see nothing to ask this in the account area of the user?
This could become an admin nightmare so is an option available to allow the user to request or delete data without the store owners involvement?
An automated solution is being considered in WordPress core.
Implementing such an awesome feature like this demonstrates how WooCommerce is number one!
LikeLiked by 1 person
When you delete customer data using the “Personal data eraser”, do you also delete it from Paypal as it has also been transferred there?
I love the work you guys at WC are doing, and you have certainly helped a great deal with regard to GDPR, which, I am personally very grateful for. GDPR was very daunting, nut, you guys have made it less so. I have been following all of the GDPR discussions prior to 25th May closely, and your posts have been incredibly informative. Thank you and keep up the incredible work
LikeLiked by 1 person
This is something WordPress must facilitate. It is ultimately your responsibility as the site owner however.