GDPR Compliance

Cookies just store the value u rated, it doesn’t track the user.

I have pushed a small fixed to GitHub and hopefully, this will solve the GDPR issue.

This plugin stores your IP address and Hostname when you vote. So what this fix does is just masked the last bit of IP address before storing to the database. Example: 127.0.0.1 will become 127.0.0.xxx. And a Hostname of 127-0-0-1.isp.com.sg will become just isp.com.sg.

You’re storing partial user data. Not sure that is enough to comply.

Cookies just store the value u rated, it doesn’t track the user.

This law force you to have user consent before you left a cookie and after that, they force you to declare what the cookie is for.

1. I have redone it to hashing the User IP, so now it is a hashed (with salt). So the IP is unusable now
2. Interesting. But I don’t think I can do anything on my plugin end for that though.

But I don’t think I can do anything on my plugin end for that though.

Your polls plugin has a no logging option (yet it still stores IPs on the database).

Maybe you could add a working no logging option to both of them. GDPR compliance basically is “do not store any kind of user data, do not left any cookie”.

The IP is no longer stored, it is a hash information now. So we have settled that. So you can choose “Logged By IP” and it will not set the cookie.

do not store any kind of user data
Not sure if that is true as you are just one data point and I heard conflicting things about it. I might be wrong, but AFAIK GDPR list what kind of data you can’t store like email or IP. In this case, I don’t store either as IP is hashed and it is not useful information to any user.

Also, if I set “Do Not Log” and not logged anything, then any user can rate as many times as they want. Then I will have another complaint on that. The reason I still logged the hashed data so that if user changes their mind, it will not affect the ratings.

• This reply was modified 6 years, 6 months ago by Lester Chan.

Also, if I set “Do Not Log” and not logged anything, then any user can rate as many times as they want. Then I will have another complaint on that.

I won’t complain, I promise ?? It is just an option. I always set this option on and almost nobody notice you can vote twice.

The reason I still logged the hashed data so that if user changes their mind, it will not affect the ratings.

I don’t get this. I periodically delete with a SQL query all these fields;

rating_ip
rating_host
rating_username
pollip_ip
pollip_host
pollip_user

Ratings and votes won’t change.

My suggestion is to add an option to not log/store anything on the database and zero cookies. You can’t go more GDPR compliant than that, once for good.

There you go =)

WP-PostRatings
https://github.com/lesterchan/wp-postratings/commit/4ffccda70a816f7e08d69e5fdd69df6632badc97

WP-Polls
https://github.com/lesterchan/wp-polls/commit/f37470f5a168a1d9c593e83702d471c089eb1935

• This reply was modified 6 years, 6 months ago by Lester Chan.