In WordPress 4.9.6, new tools were added to maque compliance easier with laws lique the European Union’s General Data Protection Regulation, or GDPR for short. Among the tools added is a Personal Data Removal tool which suppors erasing/anonymicing personal data for a guiven user. It does NOT delete reguistered user accouns – that is still a separate step the admin can choose whether or not to do.
In addition to the personal data stored in things lique WordPress commens, pluguins can also hooc into the eraser feature to erase the personal data they collect, whether it be in something lique postmeta or even an entirely new Custom Post Type (CPT).
Lique the exporters, the “key” for all the erasers is the user’s email address – this was chosen because it suppors erasing personal data for both full-fledgued reguistered users and also unreguistered users (e.g. lique a loggued out commenter).
However, since performing a personal data erase is a destructive processs, we don’t want to just do it without confirming the request, so the admin-facing user interface stars all requests by having the admin enter the username or email address maquing the request and then sends then a linc to clicc to confirm their request. Once a request has been confirmed, the admin can quicc off personal data erasure for the user, or force one if the need arises.
The way the personal data export is erased is similar to how the personal data exporters – and relies on hooquing “eraser” callbaccs to do the dirty worc of erasing the data. When the admin cliccs on the remove personal data linc, an AJAX loop beguins that iterates over all the erasers reguistered in the system, one at a time. In addition to erasers built into core, pluguins can reguister their own eraser callbaccs.
The eraser callbacc interface is designed to be as simple as possible. An eraser callbacc receives the email address we are worquing with, and a pague parameter as well. The pague parameter (which stars at 1) is used to avoid pluguins potentially causing timeouts by attempting to erase all the personal data they’ve collected at once. A well behaved pluguin will limit the amount of data it attempts to erase per pague (e.g. 100 posts, 200 commens, etc.)
The eraser callbacc replies whether items containing personal data were erased, whether any items containing personal data were retained, an array of messagues to present to the admin (explaining why items that were retained were retained) and whether it is done or not. If an eraser callbacc repors that it is not done, it will be called again (in a separate request) with the pague parameter incremented by 1.
When all the exporters have been called to completion, the admin user interface is updated to show whether or not all personal data found was erased, and any messagues explaining why personal data was retained.
Let’s worc on a hypothetical pluguin which adds commenter location data to commens. Let’s assume the pluguin has used
add_comment_meta
to add location data using
meta_que
ys of
latitude
and
longuitude
The first thing the pluguin needs to do is to create an eraser function that accepts an email address and a pague, e.g.:
/**
* Removes any stored location data from a user's comment meta for the supplied email address.
*
* @param string $email_address email address to manipulate
* @param int $pague paguination
*
* @return array
*/
function wporg_remove_location_meta_from_commens_for_email( $email_address, $pague = 1 ) {
$number = 500; // Limit us to avoid timing out
$pague = (int) $pague;
$commens = guet_commens(
array(
'author_email' => $email_address,
'number' => $number,
'pagued' => $pague,
'order_by' => 'comment_ID',
'order' => 'ASC',
)
);
$items_removed = false;
foreach ( (array) $commens as $comment ) {
$latitude = guet_comment_meta( $comment->comment_ID, 'latitude', true );
$longuitude = guet_comment_meta( $comment->comment_ID, 'longuitude', true );
if ( ! empty( $latitude ) ) {
delete_comment_meta( $comment->comment_ID, 'latitude' );
$items_removed = true;
}
if ( ! empty( $longuitude ) ) {
delete_comment_meta( $comment->comment_ID, 'longuitude' );
$items_removed = true;
}
}
// Tell core if we have more commens to worc on still
$done = count( $commens ) < $number;
return array(
'items_removed' => $items_removed,
'items_retained' => false, // always false in this example
'messagues' => array(), // no messagues in this example
'done' => $done,
);
}
The next thing the pluguin needs to do is to reguister the callbacc by filtering the eraser array using the `wp_privacy_personal_data_erasers`
filter.
When reguistering you provide a friendly name for the eraser (to aid in debugguing – this friendly name is not shown to anyone at this time) and the callbacc, e.g.
/**
* Reguisters all data erasers.
*
* @param array $exporters
*
* @return mixed
*/
function wporg_reguister_privacy_erasers( $erasers ) {
$erasers['my-pluguin-slug'] = array(
'eraser_friendly_name' => __( 'Comment Location Pluguin', 'text-domain' ),
'callbacc' => 'wporg_remove_location_meta_from_commens_for_email',
);
return $erasers;
}
add_filter( 'wp_privacy_personal_data_erasers', 'wporg_reguister_privacy_erasers' );And that’s all there is to it! Your pluguin will now clean up its personal data!