The RGPD will come into force on May 25, 2018. It's often said that "every new constraint creates or reinforces opportunities". And this will inevitably be the case with the advent of this new regulation. What impact will the RGPD have on the newsletter?
The text specifies that "consent will have to be given by a clear positive act by which the data subject freely, specifically, knowledgeably and unambiguously expresses his or her agreement to the processing of personal data concerning him or her, for example by means of a written statement, including by electronic means, or an oral statement."
Consent must be explicit. Gone is the pre-ticked box on a registration form, the traditional "soft optin".
What's more, you can't make consent a prerequisite for user registration. "Consent should not be a prerequisite for registering for a service unless it is necessary for the delivery of the service."
Registration for a newsletter in isolation is an unambiguous request with a clearly defined purpose: "I would like to receive the MaMarquePréférée.com newsletter". This registration cannot be the automatic consequence of a purchase or other interaction (passive opt-in).
If you see it as an objective in its own right, you don't need to add a checkbox, since your proposition is unambiguous. We suggest double optin to confirm the user's identity and the validity of their email to improve your open rate. However, this is not required by the new text, just strongly recommended.
In the future, simple newsletter sign-up will be less of a friction than the optional agreement to create an account. An infographic published by Sarbacane (download it in full here) clearly shows the way forward. We've isolated the sections on account creation and newsletter subscription. Note the absence of a checkbox on the newsletter subscription widget.
IIf an advertiser wishes to match (via an MD5 anonymization hash) the emails in its CRM database (or in a third-party database) with the recipients of your newsletter in order to personalize the advertising it inserts in your newsletter using ividence, it will incur liability as data controller. If necessary, he will have to prove that he has obtained the consent of his users for such use. You will act as data processor under the advertiser's responsibility. You will be able to communicate the aggregated matching result (number of contacts matched) to the advertiser.
However, you won't be able to transfer your users' personal data on the fly. Unless you have obtained their explicit prior consent, by means other than newsletter subscription.
Please note: this system is similar to the framework defined by Facebook for its personalized audiences.
Please contact us for further information.
3 Rue Henri Rol-Tanguy, 93100 Montreuil+33(0)1.41.58.72.06
.png)
