The mailing list for listmasters using Sympa

[<address@concealed>]

The European data protection regulation GDPR itself will hardly set more
strict standards to subscription forms or wording, for example. Phrasing them
is left to the marketer (and often their lawyer). Surely, data security
officials and marketing organizations among others make their own
interpretations and recommendations. For instance, in the United Kingdom
Information Commissioner's Office has made very strong suggestions. According
to these instructions a request for consents should be, in addition to the
lawful requirements for clarity and transparency:

1  Free from prefilled checkboxes
2  Granular, for example: “I give my consent for sending marketing material
about trainings, but not about jobs, and not for SMS marketing.”
3  Separate from other subjects, for example orders (unbundled).

Even though in many European countries marketing organizations and data
security officials haven't given specific instructions yet, it is still
wortwhile to check your own forms – not only for new regulations but for good
marketing practices. The characteristics of a good form are, for example:

1    Clarity – no complex language or euphemisms
2    No action isn't considered as action (“Choose this if you don't want to
receive marketing.”)
3    No prefilled checkboxes
4    Privacy policy and other data security documents can be easily viewed
5    Unambiguous: the subscriber easily understands what they are subscribing
and from who
6    Convincing: it's reassuring to see a promise that data will be kept safe
and won't be given to third parties.

There is one point I am wondering: If I have a look around, I see only lists
that asks me to confirm points 4/5/6 while subscribing with unchecked boxes:
4 Yes, I have read and I understand the privacy policy (link)
5 Yes, I want to subscribe and will receive all the e-mails, other subscribers
will send too the xyz list.
6 ... (this yes-checks should be recorded with the subscription)

(The following double check in / confirming by clicking on the link is GDPR
conform.)

Of course, I can ask to my software guy to code something like this for our
lists, but as this is required for all the lists arround the world with at
least one European subscriber, wouldn't it not be easyier to ad this kind of
GDPR check boxes to Sympa once for all?

Best regards
E.R.