WordProof integration privacy implications

  • Resolved Ate Up With Motor

    (@ate-up-with-motor)


    2 years, 4 months ago

    Another Yoast SEO plugin update, and yet again, we have ANOTHER unasked for integration with a third-party service whose privacy implications for site owners are completely unclear and quite worrisome.

    Thus, I must again ask the now all-too-familiar questions: What data does the new WordProof integration collect? What control over that data do site operators or users have?

    Neither your blog post nor the WordProof website provide much clear information about this, which is concerning because if I understand the intent of the blockchain-based technology, any personal data contained in any content WordProof adds to the blockchain becomes impossible to erase or rectify, which would seem to have substantial GDPR implications.

    For a European company, Yoast seems blithely unconcerned about these issues; with several of your past integrations, I have NEVER been able to get any straight answers on personal data collection or control over same. The only upside this time is that the new integration didn’t appear to be enabled by default.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    It’s been a full month and there’s been no response to this. My testiness about the necessity of these integrations notwithstanding, I think that asking about what personal data the integration collects and who controls the use of that data remains a reasonable question.

    Plugin Support Michael Ti?a

    (@mikes41720)

    Hi @ate-up-with-motor

    We apologize for not being able to get back to you regarding this concern on WordProof.

    The WordProof integration does give you the option to timestamp specifically your Privacy Policy page (and the Terms & Conditions Page if you use Yoast WooCommerce SEO), which adds that piece of content to the blockchain.

    Adding a timestamp to a piece of content, you can prove that the content exists, who the writer is, when the content is written, and when it was last edited, if so. With a badge or link, you can show your visitors that the content is protected. Everyone on the web can check what changes have been made in previous versions of the content. This makes the web much more transparent and trustworthy.

    Regarding your questions:
    -What data does the new WordProof integration collect?
    -What control over that data do site operators or users have?

    I will try to get feedback from the appropriate team members in order to address your concerns, as it is indeed a reasonable question.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    In terms of “control,” an obvious concern is whether any personal data contained in the timestamped content would no longer be able to be erased or rectified, by the nature of the blockchain. Granted, the nature of a privacy policy or terms & conditions page is a bit different in this respect than other types of content, but those pages might still contain personal data such as the names, telephone numbers, and email addresses of specific contact people (a DPO, for example, or a service provider who is responsible for specific customer service functions). If the content is updated (for instance, to reflect a change in the DPO), is the old information still a permanent part of the blockchain, unable to be erased or rectified?

    Such issues may be an intrinsic aspect of the blockchain model, but if so, it seems appropriate to include some clear warnings to the user, who may not find that acceptable or may need to take prior steps to manage these issues before timestamping a page.

    Hey @ate-up-with-motor,

    Apologies for the late response.

    The way the integration works for the privacy policy or terms pages is that there is only a hashed version of the page saved in the blockchain, not plain text. This hopefully answers your concern about possible leaks of (old) email addresses or names on the page.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    The concern is not leaks; the concern is whether that data can be rectified or erased if it becomes subject to a request by the data subject under applicable law. (I think the GDPR, at least, would regard hashed personal data as pseudonymized personal data, but personal data nonetheless.) I’m guessing the answer is “no,” since that would presumably compromise the integrity of the blockchain.

    This poses some complex legal questions, and while I’m no lawyer, I think they’re significant enough that the integration should have some kind of user warning, to the effect of, “Please be aware that a hashed version of the timestamped page, including any personal information or personal data it may contain, will be permanently saved in the blockchain.”

    Hey @ate-up-with-motor,

    Thank you so much for your reply.

    Yes, part of blockchain technology is that once data is on the chain, it will remain there. For your second concern about data being subject to applicable law, I’m no lawyer too but when users opt-in, it’s good that users read the information on the integration page to get more information.

    This thread was marked resolved due to a lack of activity, but you’re always welcome to re-open the topic. Please read this post before opening a new request.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Are you actually going to add a warning on the integration page? You left that unclear.

    Hey!

    Thank you for your reply.

    I’ve pinged some internal teams at Yoast about this very concern to see how we can improve the specifics on our feature page on Yoast.com (or somewhere else) to add privacy-related information. Thank you!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WordProof integration privacy implications’ is closed to new replies.

Tags