Profile picture
Thomas Baekdal @baekdal
, 13 tweets, 3 min read Read on Twitter
Note to publishers: The burden of proof in terms of GDPR is with the ‘data controller’ (that’s you), not your data processor (like the service you use for email newsletter). So, you can get consent via your own forms on your own site and that’s perfectly fine. /1
What I mean is that I see many publishers who feel they are forced to redesign and reaquire all the email subscribers because their newsletter service says so. This is not a GDPR requirement. You are the data controller, they are the data processor. /2
The only thing you really have to do as the ‘data controller’ is to make sure that all your data processors are GDPR compliant and not using any of the data outside the scope of what people signed up for (which must be limited and specific) /3
As long as this is in place, and that everyone on your list signed up voluntarily, and that you newsletter is specific, everything is fine. /4
See also: theguardian.com/technology/201…
Example: When people sign up for Baekdal Plus, I ask them if you also want to get the newsletter. This is *fully* GDPR compliant. And when I then manually add them to my newsletter list (on MailChimp) it's still 100% GDPR compliant even though I'm not using MailChimp's forms.
Article 7 (1):​
“Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”
It's the 'Controller' (me) who should be able to demonstrate consent, not Mailchimp.
So when MailChimp is now telling everyone to delete their lists and start over with their 'GDPR compliant forms', this is not a legal requirement from a GDPR perspective. MailChimp is not the data controller.
Another important thing. There is nothing in GDPR that dictates that newsletter signup forms *must have a checkbox* on them. What it actually says is this:
This means that, if you have a form that is explicitly about that one newsletter you send out, the signup form itself (people entering their email) is enough to define consent. You don't have to also add a checkbox to ask for consent again.
The only reason why the checkbox comes into question is because a lot of sites do other things when they also want people to get the newsletter. For instance, you might have a web shop checkout form, where you also want people to get the newsletter. [cont]
In that case, you need additional affirmative action for the newsletter, like a checkbox that people have to click. So, you only need an extra checkbox that people have to click if the main form is for something else so that the newsletter is an extra action.
But right now we see a lot of newsletter services (like MailChimp) saying: "Oh you really need redesign your forms so that you have both the email signup and the extra checkbox". No... you don't. There is nothing in GDPR that dictates this.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Thomas Baekdal
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @baekdal see all

Profile picture
Note to tech companies: It is not possible for publishers to 'ask for consent' upfront without losing a considerable amount of traffic. So we need a new system, not this 'oh you should just ask people for consent' digiday.com/media/googles-…
The idea of tech companies asking to be co-controllers completely ignores how people behave online. Nobody would agree to this willingly, so tech companies are not solving anything. People would just say no... or worse, leave, instead of agree to tracking.
What Google is suggesting is insane because they would never allow this themselves. Can you imagine visiting Google and they would then have a dialog box asking "Before you can visit Google, will you give us consent to also give all your data to Amazon?" They would never do this.
Read 6 tweets
Profile picture
The amount of completely wrong, misleading, or openly deceitful 'facts' in this article is just staggering: This is all the data Facebook and Google have on you. theguardian.com/commentisfree/…
1: "Google knows where you’ve been"

Yes, that part is potentially questionable, especially when they are pulling it together from multiple Google services.
2: "Google knows everything you’ve ever searched – and deleted"

This is how search works. They are using it to make search more relevant. But this is something you are doing 'on Google'. It's 100% consent based. ... oh and every publisher does this too. It's called analytics.
Read 20 tweets

Related threads

Profile picture
The #EDPB published the *long awaited* draft #GDPR Territorial Scope #Guidelines today, which also have a section dedicated to the “legal representative” issue. Some takeaways below ⬇️ Thread time 1/14 edpb.europa.eu/sites/edpb/fil…
An “establishment” of a non-EU entity in the EU doesn't require a registered branch/subsidiary. Any stable arrangements will be taken into account 4 data protection law purposes.But merely the fact that the company’s website is accessible from the EU is not an "establishment"2/14
A processor in the EU is not deemed to be an “establishment” of the non-EU controller in the EU. The existence of the controller-processor relationship does not trigger the application of the #GDPR to the non-EU controller 3/14
Read 14 tweets
Profile picture
(thread) Do you want to take control of your online presence? Check out what the #GDPR offers! #GDPRexplained gdprexplained.eu
The #GDPR is the new EU regulation that protects you from having your personal data abused by private businesses, state administrations and other organisations. #GDPRexplained gdprexplained.eu
Personal data is any information that can be linked to an identifiable individual. It can be very broad since linking can be done by connecting pieces of information you leave behind in many different (online & offline) places. gdprexplained.eu #GDPRexplained
Read 8 tweets
Profile picture
This troll has published a thread attacking @Femi_Sorry for his video on EU democracy. I don’t like feeding trolls, but this one is getting attention for the wrong reason and his thread deserves detailed rebuttal. It’s a staggering tissue of lies and half-truths.
The EU always consults national govts in areas where it has exclusive competence. It does this through the “comitology” process - a network of committees in which member state governments advise, consult, and manage the EU civil service in its work.
When it comes to actually legislating in areas of exclusive competence, in the vast majority of all cases the Member States (Council) and elected MEPs are the legislators acting on a proposal from the Commission.
Read 32 tweets
Profile picture
Will #eprivacy be the next expansion of #gdpr? MSFT #Skype, #Whatsapp, Facebook #Messenger would have to provide #privacy controls/consents/disclosures for tracking/logging realtime communication and messaging.
technologyreview.com/the-download/6…
This matters in a few ways. First, live chat and messaging are features of many kinds of products and services. So #ePrivacy jurisdiction may touch nearly every website, service, and gadget.
Second, #ePrivacy demands transparency for the middle part of a call, exactly where companies like @Amazon, @Google, @Skype and @SlackHQ create new value and new partner ecosystems. Translation, bots, commerce to enhance your conversation will need specific disclosures.
Read 8 tweets
Profile picture
Facebook is confronting EU users a new “terms of service” dialogue that denies access until a user opt-ins to tracking for ad targeting, and various other data processing purposes...
These Terms refer to the “data policy” that says “we use the information we have about you – including information about your interests, actions and connections – to select and personalise ads, offers and other sponsored content that we show you.”
The data policy also says “We use the information [including] the websites you visit and ads you see … to help advertisers and other partners measure the effectiveness and distribution of their ads and services, and…” See facebook.com/about/privacy/…
Read 37 tweets
Profile picture
Looks like another early-morning wake-up to catch Cambridge Analytica's regulator @ICOnews giving oral evidence to @CommonsCMS tomorrow. I might be livetweeting the livestream if Information Commissioner Elizabeth Denham offers any new revelations. parliament.uk/business/commi…
2/ Hopefully you've seen @Billbrowder give testimony about his Magnitsky Act campaign. Despite his accent, he's a British citizen, asked to talk about disinformation campaign waged against him. @DamianCollins jests that Russian Embassy and Brietbart have gone after @CommonsCMS
3/ @edwardlucas articulates how "fairness doctrine" in media coverage can be exploited by Kremlin propaganda mouthpieces that spray doubt over reasonable positions as media especially BBC oblige 'both sides' rather than understand that position as state propaganda.
Read 32 tweets

Trending hashtags

#government #prophecy #GDPR #unmasked #Guidelines #ethics #justified #domestic #Shameless #DecommercializeJustice #historical #gdpr #soldier #death #legal #inferiority #newspapers #blackbox #digital #Brexit #privacy #hatred #terror #AutonomousVehicle #Brussels

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!