GDPR and the EU and Opt-in Confirmation

There’s a lot of discussion going on about just what GDPR requires, and of who, and in which jurisdictions. German organizations in particular have been more aggressive than most about wanting to see opt-in confirmation for years and now seem to be adding “because GDPR” to their arguments.
I’m still not sure how this is going to shake out, but I’m beginning to see list owners take externally visible action.

I’ve been a subscriber for four or five years – it’s a good mailing list, run well, and I doubt it has any delivery issues beyond the unavoidable.
So this is a permission pass solely because they’re not sure whether I’m an EU resident, and aren’t 100% sure their opt-in confirmation data is squeaky clean (I subscribed as part of downloading an app of theirs, but after five years I couldn’t tell you whether that was technically confirmed opt-in or not, and I’m sure they can’t either).
Zoomdata aren’t taking any chances on confirmation. This isn’t a single “click to confirm you want to stay on the list” permission pass, rather it goes to a form that asks whether I’m an EU resident and if I am requires me to check an “Opt-in to email communications” checkbox and then click on a link in a confirmation email.
I’m not an EU resident today but may be an EU resident in the near future – yet my email address won’t change and nor will my mailing list subscriptions. That does make me wonder how valid it is to be capturing opt-in permission solely for recipients who are EU residents today.
Also are non-EU residents likely to claim they live in the EU because they’ll be treated better as far as their privacy is concerned, much the same as telling Facebook or Twitter you live in Germany provides you with better content filters?
I guess I’ll be seeing more of this in my inbox over the next few weeks. How are all y’all handling GDPR compliance?

Related Posts

Confirmed Opt-In: An Old Topic Resurrected

Looking back through my archives it’s been about 4 years or so since I wrote about confirmed opt in. The last post was how COI wasn’t important, but making sure you were reaching the right person was important. Of course, I’ve also written about confirmed opt-in in general and how it was a tool somewhat akin to a sledgehammer. I’m inspired to write about it today because it’s been a topic of discussion on multiple mailing lists today and I’ve already written a bunch about it (cut-n-paste-n-edit blog post! win!).
Confirmed opt-in is the process where you send an email to a recipient and ask them to click on a link to confirm they want the mail. It’s also called double opt-in, although there are some folks who think that’s “spammer” terminology. It’s not, but that’s a story for another day. The question we were discussing was what to do with the addresses that don’t click. Can you email them? Should you email them? Is there still value in them?

We have to treat the addresses as a non-homogenous pool. There are a lot of reasons confirmation links don’t get clicked.

Read More

US-EU Privacy Shield Approved

Since the Safe Harbor rules were struck down by EU courts, the US and EU have been in negotiations to replace it. This morning (pacific time) the EU approved the new rules called Privacy Shield. WSJ Article

Read More

GDPR and Whois data

For folks who aren’t following the discussion about whois records and GDPR compliance there’s a decent summary at vice.com: What Is Going to Happen With Whois?

Read More