XF 2.0 Where can I adjust the email notifications for all users to adhere to GDPR regulation?

[Ewok]

Hello All,

In order to meet GDPR regulations, we need to adjust how many and which emails we send to our users.

Where can we adjust the email notifications options for all users?

By default they are all enabled....how can we change this to avoid GDPR issues?

Thanks

 

[Mr Lucky]

Which section of GDPR is this?

 

[webbouk]

If you have to do it I suppose the easiest way would be to back up your database and then run several SQL queries to change all notification statuses.

 

[Ewok]

Which section of GDPR is this?

https://www.gdpreu.org/compliance/email-marketing/



Hope this helps.

 

[Ewok]

If you have to do it I suppose the easiest way would be to back up your database and then run several SQL queries to change all notification statuses.

Yes, you actually have to get explicit consent of your users having opted in. So anyone sending emails, needs to be able to prove their users willingly asked to be emailed/notified/alerted.

I am a bit surprised that so many people are not aware that GDPR is not just cookies, and personal data....it's email contact as well.

 

[webbouk]

How, if you are asked, can you prove that they have opted in or out?

Nearly all websites are offering the end user the option of agreeing or not (ie more info) and this agreement is confirmed by means of a cookie that when detected means that the notice is not shown.
But there is no record at the website's end as to who has or who has not agreed so their choices cannot be proven if I'm not mistaken.

 

[Mr Lucky]

https://www.gdpreu.org/compliance/email-marketing/



Hope this helps.

Not really because that is about marketing mailing lists.

 

[Ewok]

How, if you are asked, can you prove that they have opted in or out?

Nearly all websites are offering the end user the option of agreeing or not (ie more info) and this agreement is confirmed by means of a cookie that when detected means that the notice is not shown.
But there is no record at the website's end as to who has or who has not agreed so their choices cannot be proven if I'm not mistaken.

If you read the GDPR documentation, you'll notice they are not really concerned with how you get it, as long as you can prove it when/if they audit you.

 

[Ewok]

If you have to do it I suppose the easiest way would be to back up your database and then run several SQL queries to change all notification statuses.

Do you have any idea how to get that script? Is that something XF can help out with?

 

[Ewok]

Not really because that is about marketing mailing lists.

Once you get into the GDPR documentation, you'll notice the line getting very thin between email marketing and an email notification. At some point you'll have to decide if it is worth the risk for you or your business.

 

[Mr Lucky]

Once you get into the GDPR documentation, you'll notice the line getting very thin between email marketing and an email notification.

So where is the thin line? The part you quoted had a very thick line.

 

[webbouk]

Do you have any idea how to get that script? Is that something XF can help out with?

I would suggest you raise a ticket for that within the Customer portal as you would need someone who knows the tables and columns that need changing

 

[Ozzy47]

This should do it, https://xenforo.com/community/threa...ault-for-registered-users.137214/post-1191444

 

[Martok]

There should be no need to switch off emails to existing users, only set registration defaults to off for new users. For existing users, you can communicate with them about the change and let them decide if they want to change their preferences on emails (by giving them direct links to the relevant sections of their account and preferences).

Note that the reference above for GDPR is for email marketers, which isn't what forum emails are (unless you are spamming them with site emails for marketing purposes).

 

[Ozzy47]

Agreed, there should not be a need, but some admins are OTT with this GDPR nonsense. So best to give them what they wish.

 

[webbouk]

If you read the GDPR documentation, you'll notice they are not really concerned with how you get it, as long as you can prove it when/if they audit you.

A bit presumptuous in your reply and you still haven't answered my question - how can you prove that a website user has given you permission when there is no log of who has accepted, should you be audited?

 

[Mr Lucky]

A bit presumptuous in your reply and you still haven't answered my question - how can you prove that a website user has given you permission when there is no log of who has accepted, should you be audited?

Maybe via showing them emails wherein they asked to be on a mailing list. That is just one possibility.

 

[Laron]

There should be no need to switch off emails to existing users, only set registration defaults to off for new users.

Are you sure they should be set to off? When a new user signs up, you can have the option below available for new registrations, as per Chris D's thread here. This means it doesn't matter what you have set to on, right?



If they don't tick that, then they can't sign up. I assume "updates" covers all xenforo email notifications.

The question remains however, about existing users? Yes, you can inform them that they can turn off their default email settings and unsubscribe from any type of email alert, but this is not how GDPR works, as if they don't then you need proof that they agreed to have emails sent to them originally and I'm not sure if that proof is there. (I don't think it is actually, unless the proof sits in the privacy policy they agreed to when signing up?: "We may use your email address to inform you of activity on our site" is in the new policy, but what was in the 1.5x one and can you prove that they agreed to this if you changed the policy or if that was not in it?)

Mr Lucky brings up a good point as this is not marketing. So does GDPR apply to a forum where emails are simply alerts/notifications and updates by the forum admins? With two days left, I'm a bit concerned about this as I have seen no clear answers on this forum that helps me understand this email situation in a confident way.

 

[Martok]

Are you sure they should be set to off?

Yes, boxes for emails should be opt-in, not pre-ticked.

Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.

https://ico.org.uk/for-organisation...ion-gdpr/lawful-basis-for-processing/consent/

That's also quoted in the Consent section of that post.

If you are requiring that they receive news and updates by email (which I think is a bit dodgy tbh) then you will need to clearly state that (and still leave the option unticked). They will then tick the option if they are daft enough happy to accept this or if not then they will not register.

 

[Laron]

Yes, boxes for emails should be opt-in, not pre-ticked.

But they are opting in already from ticking this,



so it shouldn't matter if the defaults are set to on, once that is ticked, especially when they are the ones who are triggering the email alerts from interacting with the forum. With a few exceptions, such as the addons that enable an email when a user is mentioned/tagged, and a weekly digest, which are not opt-in, but both should be covered under this "Receive news and updates from us by email" (which can't be ticked/set by default).