Is this plugin GDPR compatible?

Hi there,

Thanks for reaching out to us about the GDPR!

We are working away on getting ready for the GDPR and expect to be in compliance with the GDPR requirements when the GDPR goes into effect in a few weeks. You can read more about our efforts at the following link:

https://en.support.wordpress.com/automattic-gdpr/

Please continue to check the link above for updates as we launch new features to enhance user privacy and data choice.

I hope that helps!

I am overwhelmed about the amount of information on the URL you have provided.

Can you briefly please tell us what the sutuation is? It is now the 18th May and website owners need to know by now what their plugins do.

I propose that you add a FAQ to the plugin webpage and give us in simple terms what the situation is. Ideally, you should provide us with the proposed wording that we would need to add to our “Privacy Policy” for your plugin. Perhaps even expose a shortcode.

We expect our services to be in compliance with the European Union General Data Protection Regulation that goes into effect on May 25th.

For more information about the updates we’re working on, please see our blog post here:

https://en.blog.wordpress.com/2018/05/14/new-privacy-features-and-updated-policies/

For complete information about our use of data on customers such as yourself, please refer to our privacy policy, recently updated to add more detail:

https://automattic.com/privacy-notice/

We’re working on an FAQ that will encompass all of our products and hope to have it availble very soon. In the meantime, you can find all that you might need in that updated Privacy Notice.

Hello! Just wondering whether this plugin is read for GDPR ??

Any update on Akismet and GDPR?

Is it compliant with GDPR or not. I am reading online you are not!

They are NOT!

Legally you must remove the plugin from your site.
Just use captcha instead to filter spam.

How do i do captcha? i have just removed it from my site, is it the same for jet pack?

Hi there,

As of version 4.0.6 of the Akismet WordPress Plugin, we’ve added tools to comply with the GDPR while running the Akismet Plugin on your site. You can find more details on the update and what’s included on our blog post here:

https://blog.akismet.com/2018/05/26/version-4-0-6-of-the-akismet-wordpress-plugin-is-now-available/

Thanks, Josh.

When I read that blog post and the blog post for 4.0.7, there was no mention of General Data Protection Regulation or GDPR compliance. I can’t find anything on the akismet.com site that refers to GDPR. I checked Help and Features. Nothing.

Perhaps I missed it. Can you point me to the pages on the Akismet.com site that explains how it’s GDPR-compliant?

@claireb75
Install a captcha plugin for your forms or comment section. There are many for wordpress.
No need to dump massive data to third-parties to avoid spam.

Also, this update does NOTHING!

-We need encryption BEFORE personal data are saved.
-Safe and encrypted sending of data to your server for checking.
-Download stored data for viewing, allow for the deletion and changing of collected data.

these are just a few of the major things that needs to be done.

I found that Akismet saves meta-data for each comment to the _postmeta table, in meta_key “_feedback_akismet_values”, as a heavily serialized value. And this data includes personal data, as defined by GDPR: Comment-Author (name), Email, and IP.

Even when WordPress shows NO comments (in WP Admin > Comments), this Akismet meta-data remains in the database, suggesting this personal data, as stored in the post-meta table, is not removed, even when its associated comment is removed from the comment table.

I don’t know if Akismet v4.0.7 no longer saves metadata in this way (I have not tested yet), but it clearly does not remove it from existing rows in the postmeta table.

But what is your problem? It is not a crime to have this data in your site. What is a crime is to collect it without their knowledge. And there is the statement by where you add a comment that makes this clear.

We also need to remember that these plugins are provided free so we are not in a position to make demands. We appreciate their help to make it compliant ofcourse.

But I am happy. ??

In my (admittedly weak) understanding of GDPR, collecting personal data (of EU Data Subjects) sometimes requires more than just providing them the knowledge that we’re doing it. Sometimes it also requires their explicit Consent. The requirement for each instance of data collection is determined by the “lawful basis” on which we rely. And in some cases, the data-subject must have access to view, download, update, and even delete his personal data. And I’m not sure how exactly that would be implemented as relates to this meta-data stored by Akismet.