How to stop wordpress.com from collecting any data about user's users (GDPR)
-
Hi again,
This is a follow up to my previous post, now closed. This is not the same question / request, mind you, but a logical follow up… and a last attempt.
Seeing that wordpress.com (WP) is not willing / able to provide us with a clear legal disclaimer or Privacy Policy to be directly displayed to our users (WP’s user’s users), even though it’s not us but WP who’s collecting data for their own use, we’d like to opt out of any and all data collection regarding our users that WP conducts, “for us / in our name / using us that is our site as a medium / etc”.
Please advise where we can do this, and what steps we must take.
We do not want to collect any data about our users. And we’d like to inform them about our site – “hosted” by wordpress.com – not collecting any data about them, and not using any cookies and similar tracking etc solutions at all.
WP should either provide us with a solution that allows this – or provide us with a legal document for us to display directly to our users making it clear that WP – a “hosting service”, as I’ve been told – keeps collecting data about them despite our intentions, and listing their options regarding their data held by WP, leaving us out of this, as we’re not collecting data and are not interested in it either: we’re publishing blog posts consisting of text and images and a few lines of additional CSS that affects nothing but the looks of the site.
Note, please, that we’re not asking for WP to “advise us legally” (as the official answer to that seems to be “we’re not your attorneys”.) We’re asking for a technical solution to our problem.
Note also, please, that the solution we’re looking for is not the ability to remove user’s user data once requested (as suggested here to user @cesa2018 by a member of the staff.) We’re looking to be able to stop collecting such data completely by 25 May.
Please, advise. Thank you.
PS: Yes, we understand that this would disable commenting, following, polling, spam-filtering (the disabled comments?), stat-gathering, etc. That’s OK. (Well, far from ideal, but what can we do.)
-
-
@staartmees Sure. Thank you.
As an aside, we’ve been shown that .org has a Privacy Policy Guide for the standalone version of WP. (I hope I’ve linked the right version of the right file.)
Why can’t .com provide a similar default page for its users (esp. its paying users), pre-filled (unmodifiably) with the information relevant to wordpress.com and its plugins etc and providing an optional field (besides some for name, address, etc) for any additional information the user may have to enter, if they collect and use anything else besides what wordpress.com does for the core functions (commenting, following, etc) for the site to remain operational?
Thanks again,
-
@whoisnot, have you read our privacy policy? It’s creative commons, so you (or your friend) can modify your own copy of it to reflect the business name and actual practices. You’d be welcome to do that if you see fit.
We can’t review your friend’s business practices or offer legal advice. But we can give site owners tools, implement cookie warnings and what not, and make sure our own policies are clear. We’re making those efforts:
https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/Also, as many of our paid plans allow for more data collection than a standard site, we do have an ADR for paid plan users. So your friend with their premium plan would qualify, and can get in touch if they’d like that. They would just need to reach out while logged into their account:
http://wordpress.com/help/contactI hope that helps.
-
@supernovia I’ve read your PP, and am aware it’s CC. It doesn’t make me (or any of us) a lawyer, though. Sorting out what information wordpress.com and its various services and plugins collect on our site, and incorporating it all into a legally valid, GDPR compliant PP/ToS document is beyond my (our) skills. And it isn’t worth the risk. The GDPR is not forgiving, as far as I know. The ADR wouldn’t help either, unless we hired an attorney. Which we will, eventually, because we’ve put a lot of effort, and, practically, a lot of money into this site.
We’ll think twice about renewing our WP subscription, though, when the time comes. We’ve lost a lot of trust, thanks to your legal and marketing depts who thought it was OK to do it like this and push all the responsibility onto your (Premium) users about the data wordpress.com collects for its own purposes about users’ users.
(On the other hand, we do appreciate the hard work of WP’s devs, designers, support people, etc, and we think the engine and the support is great – that means you -, only sadly and frustratingly and disappointingly curtailed and crippled by the aforementioned departments.)
FYI, we’ve turned the blog private, deleting all comments and followers so that we don’t retain any data falling under the GDPR. It was sad to lose so much work because of your company’s policies.
You haven’t answered my original question, mind you. How do we stop wordpress.com from gathering any data about users’ users for its own purposes (on a public blog)? If we can’t stop wordpress.com from doing that, then how do we get wordpress.com to display its own GDPR policies about the data it collects (and not us)? Etc. See my original question above, please.
Also, I hope it is possible to change the landing page of a blog turned completely private. We’d like it to display a notice that we’ll be back someday soon, but without any pointer to register with WP to request a permission to follow us. You (that is, WP) could of course leave your own legal PP (GDPR) disclaimer there, if you collect any data / deploy any cookies on private landing pages, etc.
By the way, thank you (@supernovia) for your effort. As I’ve implied above, I’m sure this GDPR thing is not easy on Support either.
-
@whoisnot, sorry to hear that.
To clarify again, we offer paid site owners an ADR on request.
But we are neither able to act as lawyer nor assume legal responsibility for individual sites and their practices.
We can, and will, provide tools to help, and those are linked in the sticky post. You can also follow privacy.blog for more information.
Also, I hope it is possible to change the landing page of a blog turned completely private.
You could keep the site public but make all pages and posts private except the front page. That’s doable in bulk via wp-admin. Just be sure to edit your menu as well, if needed.
There are also plugins out there that could help. So if you migrate the site to your own self-managed, self-supported installation, or use a business plan that allows third party plugins, you’d be welcome to install something to that effect.
- The topic ‘How to stop wordpress.com from collecting any data about user's users (GDPR)’ is closed to new replies.
WordPress.com Forums 