May violate privacy laws in some countries

Thanks for the feedback. For reference, here are the 2 other threads you started about this issue, where I think we talked about this case in details:

• https://www.ads-software.com/support/topic/remove-jetpack-from-the-plugin-repository?replies=19
• https://www.ads-software.com/support/topic/require-notification-when-sharing-address?replies=9

Before using this plugin, I highly recommend that you consult with a lawyer in your country to see if this plugin violates data privacy laws that exist in your country, specifically laws regarding sharing an e-mail address with a third party without consent.

I’d recommend doing the same with just about any other plugin connected to a third-party email service provider, as the same problem will apply with every email subscription plugin.

When a user of your blog enters their e-mail address to make a comment, some features of this plugin share that e-mail address with wordpress.com which is owned by automattic.

If that ends up being a problem in your country, there is a work-around that will allow you to continue to use Jetpack and its Subscriptions module:

1. Under Appearance > Widgets in your dashboard, you can customize the contents of Jetpack’s Subscription form to warn your readers about the service their email address will be shared with: https://i.wpne.ws/Yr3e
2. You can disable the subscription options appearing below the comment form by going to Settings > Discussion in your dashboard, and making sure the 2 subscription options are unchecked there.

Another possibility might be to make a jetpack-eu plugin for users where this is an issue that does the following:

A) Checks to see if a session variable / cookie exists where the user has authorized it. If not:

B) Attach a window.confirm to the submit event – if user agrees, save their agreement in session variable / cookie so you don’t have to bug them every time and then submit.

That would satisfy the legal requirements in the least obtrusive manner to the user as they would not need to be asked every time.

Something like ”This blog uses wordpress.com to manage e-mail subscriptions. Is that okay with you?”

It could either be part of jetpack (satisfying me) or an add-on that requires jetpack for countries / webmasters that require it.

If the confirm cookie is set after asking, it *may* even be kosher to use a cookie associated with wordpress.com (but readable by anyone via JS/Ajax w/ cross-domain hackery) so once confirmed it doesn’t end up asking at every unique blog they visit.

Cookie doesn’t even have to have data, just be there.

Just trying to find constructive solutions.

Thank you for bringing it to the attention of evetyone, AliceWonderFull. You may have saved me a lot of legal trouble.

You can disable the subscription options appearing below the comment form by going to Settings > Discussion in your dashboard, and making sure the 2 subscription options are unchecked there.

Thanks for posting a solution Jeremy. Will changing this option alone make sure that no personal data is sent to wordpress.com? In my country the user’s consent isn’t that much of a problem – as said above it can be handled via a checkbox. The bigger issue is a Terms of Data Processing agreement that corporate entities are required to sign with every third party that gains access to even the least amount of personal data. What is more is the third party is located outside of EU thay need to be a part of the US-EU Safe Harbor.

Will changing this option alone make sure that no personal data is sent to wordpress.com?

No, that option will only remove the option for commenters to subscribe (and thus send their email address to WordPress.com) when leaving a comment.

If you don’t want any of your site data to be sent to WordPress.com, I’d recommend against using any of the modules that require a WordPress.com connection.
You can do so by activating Jetpack’s Development mode:
https://jetpack.me/support/development-mode/

Thank you for the answer.

I don’t mind my website’s data being sent to WordPress.com, the important part is just the user’s data but I assume those are included in the website data.
The main module I’m interested in is Publicize, as the competition’s plugins don’t work with WP multisites. As far as I know it requires WordPress.com connection.
Thanks again for making the situation more clear.

the important part is just the user’s data

In this case, it’s safe to use Publicize.

Comments (and thus data about the users who commented) are only synchronized with WordPress.com when necessary, for the following modules:

• Subscriptions (since we send comments via email to folks who subscribed to one of your posts)
• Toolbar Notifications (since that allows you to moderate comments from anywhere where Notifications are available)
• Enhanced Distribution (since we can then ping search engines and the likes when new content, like a comment, is added to your site)
• JSON API (since that module gives you remote access to your site’s data).

I would also suggest that you do not activate Stats, since like other Stats services, the module also collects data about your visitors (their visits to your site).

I hope this clarifies things a bit. We’re currently working on a document that will make all this information a bit clearer for each module, since right now all you have is the terms of service and privacy policy you agree to when connecting a site to WordPress.com.