GDPR compliance

@siteimpulse

I don’ think a checkbox about data processing is needed. An ‘affirmative action’ from the user is sufficient to give consent, entering their email and clicking the button is that affirmative action.

Consent can be withdrawn (by unsubscribing), data can also be deleted (by unsubscribing).

The only data held for public subscribers is their email address – that should be checked with admins of the blog via email or contact form. Registered user data is broader but is handled by WordPress for checking and deleting.

@mattyrob

The problem is, you have to collect each consent separately.
If a user agrees to have their data processed for sending new post notifications – and you’d like to send them also a newsletter or any promotional emails – you have to add a checkbox for every additional purpose.

@siteimpulse

That explains what you meant when you were talking about different consent.

I am not sure how that could be implemented easily allowing admins to set up an unknown number of check boxes, each with a different text description.

Hi, at least ( AFAIK ) a consent checkbox and a text and link to legal policy is mandatory.

Using this plugin as it is right now may bring serious legal consequences, this is not a whim, sorry.

Please, if you are not adding this feature, tell use, so we delete the plugin and find another one ( I’d really don’t like, this plugin works great ).

Hi @mattyrob,

I have the same concern.

Subscribe2 is a really good plugin, but it is not GDPR compliant as it stands right now.
A checkbox and a legal text with a link to privacy policy are needed, like said before by @diegobrouard and @siteimpulse.
It’s not a whim, it’s a real legal issue. I have clients who asked me to change this on their sites in order to be GDPR-compliant.

Could you add this feature in a new update ?

@jayjay2015

I have not been a code committer to Subscribe2 for 4 years so I am not in a position to update the code:

https://subscribe2.wordpress.com/2014/11/29/subscribe2-and-subscribe2-html/

It is already easily possible to add a privacy policy and a legal text and I would think GDPR requires this even without using Subscribe2 if you allow membership or even comments on your site.

Check boxes are another area of discussion entirely. A user is required to take ‘affirmative action’ under GDPR. In other words they must do something active to opt in, you cannot assume they are opting in unless they opt out.

So, there are some aspects of Subscribe2 in terms of AutoSubscribe that likely need turning off, but a user entering their email into a field and clicking ‘subscribe’ does not need a check box if you have explained clearly what they are subscribing to. That is my understanding and I’m more than happy to be shownI am wrong.

Hi,

So, there are some aspects of Subscribe2 in terms of AutoSubscribe that likely need turning off, but a user entering their email into a field and clicking ‘subscribe’ does not need a check box if you have explained clearly what they are subscribing to. That is my understanding and I’m more than happy to be shownI am wrong.

No, it’s the exact same situation as a contact form. You have your contact form and you have, at the very end, a agreement field with a required checkbox (uncheked by default). And this is the case for every single contact forms of your site. Most contact forms plugins on wordpress have already updated this legal requirement.

Furthermore, the differents legal departments (i.e many lawyers, legal experts, …) of the companies i’m working for, told me that this is mandatory. I will not argue with them on this topic, and if they want me to change this on their site, i will.

If there is no update for this matter, i will switch to another plugin.

@jayjay2015

As I started above:

I have not been a code committer to Subscribe2 for 4 years so I am not in a position to update the code:

As you’ll also note the current code committers don’t visit these forums, I just help where I can.