On Wednesday, Garret Hyder announced a feature proposal for a WordPress Consent API. The proposal is one step on the larger privacy roadmap for core. If merged into WordPress, it would establish a standard method for core, plugins, and themes to obtain consent for various privacy-related features. The idea is to create a consistent experience for developers, site administrators, and site visitors.
The WP Consent API plugin is available via the WordPress plugin directory. Development is currently happening on the plugin’s GitHub repository.
Hyder identified several areas in which an API for handling consent could help in bringing a site into compliance with various privacy laws:
- Consent management plugins cannot prevent other plugins from placing a PHP cookie.
- Plugins that integrate tracking code on the client-side could break the site if blocked by a consent management plugin.
- Using a blocking approach to handle privacy requires a list of all types of URLs when dealing with cookies and other types of tracking.
The goal is not to create functionality that would block third-party scripts, such as tracking from a site like Facebook. Because different jurisdictions have their own laws across the world, the actual management of blocking functionality would be best suited for a consent management plugin. This would be outside of the scope of what WordPress does out of the box. By providing an API directly in core, it would allow plugin developers to build consent management plugins that are needed in different locations. The API would merely be a means for all plugins to talk the same language. That standardization would allow consent management plugins to work as they should.
Furthermore, adding a front-end user interface would place additional scripts, styles, and functionality on all WordPress sites. These types are things are best handled by plugin developers.
The API proposes allowing the creation of consent categories. Such categories might be preferences, marketing, or statistics. They would be filterable by plugins. The API has two indicators to determine consent for a category: a region-based consent type, which can be opt-in or opt-out, and the visitor’s choice.
The team working on the project has put together a Consent API Demo to see how this plugin would work along with consent management on a website’s front end. The demo makes use of the Complianz plugin and an example plugin for showcasing how the API works.
This article was written by Justin Tadlock and originally published on WordPress Tavern.