European Data Protection Law (GDPR)


#1

Where can I disable in this plugin, that it sends data to the manufacturer in the background (updates, license checks, etc.). This must be disabled to be consistent with the European Data Protection Law (GDPR). Without deactivation, this plugin may no longer be used in Europe.

For example, data is sent here: /wp-content/plugins/buddypress-media/app/main/controllers/template/rtmedia-functions.php:3645

By the way: Sending data (phone home) is not allowed for plugins published on wordpress.org.


#2

Hey Jan,

Thanks for your concerns.

What we are doing is fairly common and is in consistent with WordPress.org guidelines. We contribute a lot to WordPress project and community so we unlikely to miss such a guideline.

The update+license check code works only when a user purchase licenses for addons that are hosted on our server and enters the license key. So unless a user enters the license key, the plugin doesn’t send any data to our server. This is how most freemium plugin works in WordPress.org directory. If you see any issues with our implementation of this, we would be happy to rectify it. :slight_smile:

About GDPR - we are watching closely how other plugin developers are doing it. We will definitely take any necessary action much before May 25.

For time being you can remove license keys (if you have any) and the license check would stop.

We always support and respect data privacy of our users, so if you see any issues of data being sent anywhere without a user consent, we will fix it for our all users globally.

Regards,

–NItun


#3

Hi Nitun,

when removing the license keys from the three plugins I´ve purchased they won´t work any more I guess. When purchasing or enabling your plugins I have never asked if it´s ok to send data to your server. As you surely know, IP addresses are also considered as private data under the new law. So it’s not okay just to contact other servers in the background.

Beyond the data protection issue, I’ve noticed that the update / license checker runs very often and severely degrades the performance of the whole site and the backend. I’ve already written to you - unfortunately nothing has changed. For a test, a check once a day would be sufficient.

I would be really great if rtMedia would change this behavior to ensure data protection and max performance of the sites!

Best regards, Jan


#4

Hi Jan,

Rahul from rtMedia team.

Our add-ons work perfectly without license keys.

Our plugin does not send any data unless you add a license key. We need to send license key and related data to our server. Otherwise how we can verify licenses and track activations?

The new law is not in effect yet and as I said before we will take necessary action before May 25.

Our license handling mechanism is handled by a library from https://easydigitaldownloads.com. The same library, I believe, used by more than 1000+ premium theme/plugin provider and likely active on 100k WordPress sites across the internet.

We check license once a day only and use WordPress cache to store results. It appears that on your site some other plugin is flushing cache frequently.

We do not do any kind of data mining so unnecessary check puts a load on our server as well without us benefiting from it either good or evil way.

Rest, we are following the issue closely and expecting an update from WordPress core team for plugin authors. The core team in its recent blog post https://wordpress.org/news/2018/04/gdpr-compliance-tools-in-wordpress/ talked about the plan to put:

New section on privacy will be added to the Plugin Handbook. It will contain some general information on user privacy, what a plugin should do to be compliant, and also tips and examples on how to use the new privacy related functionality in WordPress.

Once new guidelines are there, we will make necessary changes.


#5