From 043bfeec0dfb989c1b6cbdd89e8e20e46cd3fc5a Mon Sep 17 00:00:00 2001
From: Brian <brian@brianhaas.li>
Date: Sun, 5 Apr 2026 07:55:16 +0200
Subject: [PATCH 1/3] update legal situation

---
 src/wp-admin/includes/class-wp-privacy-policy-content.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/class-wp-privacy-policy-content.php b/src/wp-admin/includes/class-wp-privacy-policy-content.php
index c505df9b81644..792311e1a105e 100644
--- a/src/wp-admin/includes/class-wp-privacy-policy-content.php
+++ b/src/wp-admin/includes/class-wp-privacy-policy-content.php
@@ -601,7 +601,7 @@ public static function get_default_content( $description = false, $blocks = true
 			/* translators: Privacy policy tutorial. */
 			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.' ) . '</p>';
 			/* translators: Privacy policy tutorial. */
-			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third party providers, whether that is through an agreement such as Privacy Shield, model clauses in your contracts, or binding corporate rules.' ) . '</p>';
+			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third party providers, whether that is through an agreement such as the EU-U.S. Data Privacy Framework (DPF), Standard Contractual Clauses (SCCs), or binding corporate rules.' ) . '</p>';
 		} else {
 			/* translators: Default privacy policy text. */
 			$strings[] = '<p>' . $suggested_text . __( 'Visitor comments may be checked through an automated spam detection service.' ) . '</p>';

From 4030a6ef5c9ff1a7a417ec804e6528778d5175d1 Mon Sep 17 00:00:00 2001
From: Brian <brian@brianhaas.li>
Date: Sun, 5 Apr 2026 08:56:41 +0200
Subject: [PATCH 2/3] Update data transfer tutorial text for legal accuracy

---
 src/wp-admin/includes/class-wp-privacy-policy-content.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/class-wp-privacy-policy-content.php b/src/wp-admin/includes/class-wp-privacy-policy-content.php
index 792311e1a105e..e82651c854af2 100644
--- a/src/wp-admin/includes/class-wp-privacy-policy-content.php
+++ b/src/wp-admin/includes/class-wp-privacy-policy-content.php
@@ -601,7 +601,7 @@ public static function get_default_content( $description = false, $blocks = true
 			/* translators: Privacy policy tutorial. */
 			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.' ) . '</p>';
 			/* translators: Privacy policy tutorial. */
-			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third party providers, whether that is through an agreement such as the EU-U.S. Data Privacy Framework (DPF), Standard Contractual Clauses (SCCs), or binding corporate rules.' ) . '</p>';
+			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'Where applicable, European data protection law requires personal data of individuals in the European Union or European Economic Area, and personal data otherwise subject to that law, to be protected when transferred outside the European Union or European Economic Area. In addition to listing where the data is transferred, you should explain the legal basis and safeguards relied on for the transfer, such as an adequacy decision, Standard Contractual Clauses, or Binding Corporate Rules, and describe any supplementary measures used where relevant.' ) . '</p>';
 		} else {
 			/* translators: Default privacy policy text. */
 			$strings[] = '<p>' . $suggested_text . __( 'Visitor comments may be checked through an automated spam detection service.' ) . '</p>';

From 86477985cbe9af10710b4ab6e049e45c7b0e1bd6 Mon Sep 17 00:00:00 2001
From: Brian <brian@brianhaas.li>
Date: Sun, 5 Apr 2026 09:45:48 +0200
Subject: [PATCH 3/3] cleaner wording

---
 src/wp-admin/includes/class-wp-privacy-policy-content.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-admin/includes/class-wp-privacy-policy-content.php b/src/wp-admin/includes/class-wp-privacy-policy-content.php
index e82651c854af2..d3b829d9c4d19 100644
--- a/src/wp-admin/includes/class-wp-privacy-policy-content.php
+++ b/src/wp-admin/includes/class-wp-privacy-policy-content.php
@@ -601,7 +601,7 @@ public static function get_default_content( $description = false, $blocks = true
 			/* translators: Privacy policy tutorial. */
 			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.' ) . '</p>';
 			/* translators: Privacy policy tutorial. */
-			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'Where applicable, European data protection law requires personal data of individuals in the European Union or European Economic Area, and personal data otherwise subject to that law, to be protected when transferred outside the European Union or European Economic Area. In addition to listing where the data is transferred, you should explain the legal basis and safeguards relied on for the transfer, such as an adequacy decision, Standard Contractual Clauses, or Binding Corporate Rules, and describe any supplementary measures used where relevant.' ) . '</p>';
+			$strings[] = '<p class="privacy-policy-tutorial">' . __( 'Where applicable, European data protection law requires personal data of individuals in the European Union or European Economic Area, and other personal data subject to that law, to be protected when transferred outside the European Union or European Economic Area. In addition to listing where the data is transferred, you should explain the legal basis and safeguards relied on for the transfer, such as an adequacy decision, Standard Contractual Clauses, or Binding Corporate Rules, and describe any supplementary measures used where relevant.' ) . '</p>';
 		} else {
 			/* translators: Default privacy policy text. */
 			$strings[] = '<p>' . $suggested_text . __( 'Visitor comments may be checked through an automated spam detection service.' ) . '</p>';