Summary
The WordPress Plugin Handbook requires that every plugin which collects, uses, stores, or passes personal data to a third party should suggest privacy policy text to site administrators using wp_add_privacy_policy_content(). See: https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/
In practice the vast majority of plugins that handle personal data do not implement this, leaving site administrators without the information they need to write an accurate privacy policy.
What to check
Plugin Check should detect when a plugin appears to handle personal data — indicated by usage of functions or patterns such as:
...and warn if wp_add_privacy_policy_content() is not called anywhere in the plugin.
Summary
The WordPress Plugin Handbook requires that every plugin which collects, uses, stores, or passes personal data to a third party should suggest privacy policy text to site administrators using
wp_add_privacy_policy_content(). See: https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/In practice the vast majority of plugins that handle personal data do not implement this, leaving site administrators without the information they need to write an accurate privacy policy.
What to check
Plugin Check should detect when a plugin appears to handle personal data — indicated by usage of functions or patterns such as:
wp_remote_post()/wp_remote_get()sending data to external URLssetcookie()or$_COOKIE$_POST/$_GEThandling personal fields (email, name etc.)...and warn if
wp_add_privacy_policy_content()is not called anywhere in the plugin.