Here's a idea - it is somewhat related to the thoughts @lvl99 mentioned in #3... what if there was a standard way to make a site's privacy policy filterable? We could define sections of the privacy policy for each of the following and then allow plugins to hook their content into any/all of them

• What data is collected from the user
• What we do with the data / why the data is collected
• Who the data is shared with (e.g. third-parties)
• Where the data is stored, how access to the data is protected
• How long data is retained
• What options the user may have about data collection and use
• How the user can access, update, or delete the collected data

It might even be possible for a plugin to register a new section.

It might even be possible to detect changes in the text a plugin filters and highlight changes to the user since their last acceptance of the policy.

Perhaps these filterable sections could be added to a site's privacy policy using shortcodes or something.

Yes! Love this one.
Not sure about the 'register a new section', but all the rest would be great!

It's a great idea, and in fact the interface would support this in terms of a privacy text field for each plugin to use. That means that you would in essens be able to create one single privacy text based on the combined texts from each plugin.

I would say that that text probably should undergo some website specific modifications before it's shown to users, but the basis of detailing (plain text) descriptions on how each part of a WP site is using data is available.

The moderation of this text is out of scope on the interface, but could come in a GDPR plugin at some point.

I'm proposing these shortcodes for each section. Then the site owner can add them to a privacy policy doc and whatever registers the shortcode could poll each plugin for their contributions for any/all sections?

• What data is collected from the user [privacy-what-personal-data-collected]
• What we do with the data / why the data is collected [privacy-why-personal-data-collected]
• Who the data is shared with (e.g. third-parties) [privacy-sharing-personal-data]
• Where the data is stored, how access to the data is protected [privacy-storing-personal-data]
• How long data is retained [privacy-retaining-personal-data]
• What options the user may have about data collection and use [privacy-user-options-personal-data]
• How the user can access, update, or delete the collected data [privacy-user-managing-personal-data]

Some plugins may not need all of these (e.g. if a plugin doesn't share anything with a 3rd party, it won't need to hook that.

By keeping them in sections like this, it will make the final doc easier to manage and easier for the site owner's to intersperse anything else they want to add.