Re: GDPR Issues

 
From: "Mary Ann Kelley maryann@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED>
In-Reply-To: (no subject)
Date: May 8th 2018
Doug wrote:
"On this basis I can't agree that the profile fields need canning - if the user has consented then I cannot see why they wouldn't be fine AS LONG AS the Privacy Policy outlines the purpose for holding them, how long for and how they may be used beyond the individual's own use (if at all). Again this is something I don't think you Justin can control in every instance of Dada Mail. So the better way would be  to flag it as I have suggested above or by similar means.”

I agree with this. What is allowed is what is stated in the privacy policy, so it seems that you are only responsible for offering that granularity to to the list owner with the explanation that compliance is on them (kind of like you do with allowing disabling the unsubscribe link - tell them what their responsibilities are but still allow it). 

Justin wrote:
"Dada Mail, since way back in the day, has kept records on things like requests to subscribe, confirming subscriptions, unsubscriptions - stuff like that. That information can be teased into a better format, so that it's documented a little nicer. I can write something that migrates that data over really easily. That way, when people request this data, you can show it to them. Easy!

The biggest issue with these records is that they are currently kept in log files, which grow enormous and unwieldy for large lists. I usually rename my log files after a certain amount of time so a new one can be created, but then the data is inaccessible through the view logs plugin. Could the data in these logs be moved to a database?

"Things like using email addresses for tracking purposes is another thing you'll need consent for (I think?) So, I'll be disabling that  on new mailing lists. I can't see a problem with tracking *anonymous data*, so we can still do that, I guess!

This is like the profile fields - it’s all about the privacy policy. I’m pretty sure all the big mailing services are still tracking and linking it to personally identifiable data, IE the email address. This does not seem to be forbidden under GDPR *as long as it is declared in the privacy policy*. 

That said, I think tracking by using the subscriber’s email address is a bad idea since it is publicly displayed in all of the links. Anytime the email is forwarded that tracking link with the email address is forwarded with it, and the subscriber may not realize that at all. If you decide to keep the personally identifiable tracking (which I think is beneficial and can actually be helpful under GDPR if there is a question under the legitimate interest basis for processing data), it would be much better to append the tracking links with a non-identifiable code rather than an email address, and associate the two in the database. 

Regarding tracking, one of the things that I previously mentioned and that is helpful under GDPR, especially when using legitimate interest as a basis for data processing, is to be able to easily find and remove inactive addresses from the list (or request reconsent). Being able to do a search for subscribers who had not interacted with a list through opens and/or clickthroughs (as specified in an advanced search) is not currently possible and would be a feature that would help list owners with compliance.

The absolute best resource that I have found for GDPR is Suzanne Dibble’s Facebook group. Anyone can join (you don’t have to give your info in the first two boxes (although her checklist is hugely helpful), but you do have to agree to read the pinned post. The group is here:

Suzanne is a data protection attorney in the UK, so she is well-placed to explain the various requirements of the regulations. She answers posts and does videos every day on a variety of topics. In addition to helping you bring Dada into compliance, you might find her stuff helpful as it applies to your role as a data controller (for this list) and a data processor (for when you have access to existing list data during upgrades). 
There is an excellent 2.5 hour GDPR overview video here:

Warm regards,

Mary Ann

rss/atom
RE: GDPR Issues
Index
Re: GDPR Issues
  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is a group discussion list (unmoderated)

  • Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

  • Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
  • Bug/Error reports
  • Bug fixes
  • Request For Comments on any changes to the program
  • Help customizing Dada Mail for your own needs
  • Patches
  • Language Translations
  • Support Documentation/Doc editing, FAQ's, etc.
  • Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.