Guess its not that easy, as we all would like to have it. No doubts, the GPDR is a pain in the arse how it´s been rolled out. But not complying with it, means existential risks for everyone not playing by their rules. That in mind and as part of our upgrade from XF1.x to 2.x, we have had some of our website areas, especially our terms and privacy policy, reviewed by our lawyer. Up to now I had not expected, that the link in the newsletter would be a problem. In the meantime, however, we have been taught better.
I already knew, that there would be certain parts of the website, we have to implement changes since we were not 100% GPDR conform and in that 2 hrs I had lots to write down. Anyway, here is what the attorny told us on outgoing mails and in particular the newsletter part:
With the user's consent to receive the newsletter for updates on content with which the user has interacted, we first obtain a legal basis for sending these e-mails. Affin, if the consent would refer to all e-mails sent by us as the operator, we can invoke the legitimate interest according to Art. 6 Paragraph 1 Subsection 1 lit. f GDPR (
http://www.privacy-regulation.eu/en/article-6-lawfulness-of-processing-GDPR.htm).
However, an advertising link becomes problematic at the moment when the advertising is sent in the name and for the benefit of a third party with whom the recipient has no legal relationship subject to the GPDR (Rec. 47 Sentence 3 lit. f EU GDPR,
http://www.privacy-regulation.eu/en/recital-47-GDPR.htm). The permission of the sender to use direct marketing in his newsletters extends exclusively to such advertising which he provides in his own name. The prerequisite for sending other advertorial content is, that the newsletter sender and the advertiser have concluded a marketing and processing contract with corresponding remuneration provisions in advance. - But: all of the above is only valid if the sender acts commercially, i.e. is explicitly a company.
However, if the sender is not legally equated with a commercial enterprise, the legitimate interest in Art. 6 Paragraph 1 Subsection 1 does not apply and instead a documented consent must be obtained from the user in advance and in all cases. In Germany, this is further reinforced by §7 UWG (Law against Unfair Competition (UWG) § 7 Unreasonable Harassment,
https://translate.google.com/translate?hl=de&sl=auto&tl=en&u=https://www.gesetze-im-internet.de/uwg_2004/__7.html). In all other countries of the EU there are affine regulations, as this is part of the national implementation of the GDPR.
In summary, this unfortunately means that all users of the add-on are entitled to a warning and it is only a question of time when an underemployed lawyer or a competitor sees his chance here.
We were a bit surprised by all this, but we had to decide to stop using the add-on. Simply, because we cannot afford the ~5,000 EUR fine per official complaint. Even as I can see no benefit for you in advertising the link to thousands non-tech/non-webmaster users, I would be happy if you could think about the necessity of the link in the mail itself again or if a "Parts of this site powered by DBTech" on the forum pages would not be enough.
![[DBTech] DragonByte Mail](/community/data/resource_icons/5/5153.jpg?1462229109){kind=icon}
