Art. 7 GDPRConditions for consent
- Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
- 1If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. 2Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.
- 1The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent.
- When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
Indeed, the Xenforo standard privacy policy says that
In addition to notifying you of activity on our site which may be relevant to you, from time to time we may wish to communicate with all members any important information such as newsletters or announcements by email. You can opt-in to or opt-out of such emails in your profile
And IMHO, this privacy policy is a little bit imprudent. The consent for the gdpr must be freely given, specific and unambiguous.
And with that privacy policy you are subscribing a user to a newsletter automatically when the user registers to your site (the consent is not freely given). You are not being specific, and you are being very ambiguous (maybe you are subscribed to a newsletter, maybe not. Maybe you will receive staff notifications, maybe not). In other words: the user does not know exactly, what he is consenting for.
Last but not least, your are not using Xenforo to send your newsletters, you are using Sendy. And in Sendy you have a beautiful gdpr field, that will be empty if the Nobita plugin removes it from the synchronization.
@truonglv: I can understand that some webmasters think that they don't need this feature, but please, make it optional, don't remove it after spending your time and effort adding it.
I do not target EU residents. I do not operate from the EU. I do not have to observe GDPR.
@Mouth: I don't know what kind of forum do you have, but I can not believe that you don't have registered users from the UE. Nowadays that is statistically impossible.
Regards.