When registering to a Discourse forum, the user is never asked whether they consent to be subscribed to the activity summary newsletter.
Either the registration form should include a checkbox asking for consent, or the activity summary should be disabled by default.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
We generally work to a rule of three and given you are the only person that is requesting this, it’s unlikely that we’ll get to it any time soon. In the mean time you can add a checkbox to your own registration screen if you want to.
IANAL but I would argue that consent is only one of the grounds for processing under GDPR. It is not always explicitly required. When signing up to a forum, the legal ground would be “performance of a contract”.
If you disagree with that, it’s up to you as a forum owner to set Settings - User Preferences - default email digest frequency to “Never”.
Plus it is part of discussion and that is the ground functionality of a forum. But if there is purpose to send ads or anytyhing else that is outside the main scope of a forum then consent is needed for that.
My e-store can and will send emails connected with transactions and useraccount — technical and legal stuff — and a user hasn’t other option than accept. I don’t need even ask, because the law says I must send those. But I can’t send marketing emails without given consent.
Wordpress has own mailing list and because it isn’t automatic, but needs joining, I can send (almost) what ever I want.
Discourse takes care of commenting of the Wordpress, plus other discussion. As said, I can send automated mails of topics, but nothing else (sure, there is obvious loophole…)
No. Receiving emails because of receiving an answer to a post or comment I made is ground functionality. But receiving weekly emails about “Popular Topics” that I did not subscribe to is not.
In that case, what is stopping you from unsubscribing, given you know how?
You can do it via your settings, or more conveniently via a link at the bottom of the email.
Laws and regulations differ across jurisdictions. We provide the tools to be compliant with those that we are aware of that may affect our open source users and customers, but whether forum owners choose to use them or not is up to them.
Users here at Meta get instructions on how to unsubscribe via the email.
The weekly summary e-mails seem like they can be a part of the ground functionality of a forum, as they can help to engage new members by notifying them about what is being talked about.
I also agree it could be a good improvement for there to be a notice about those and choice given to new users about being subscribed to those in the registration form.
You may need to create a feature request topic so people can vote if they are in support of that feature.
It is only your opinion that time frame or ancient mailing list mode is some how fundamentally different that weekly. But it is not. It is totally same.
That improvement is already in place If the necessary explanations, such as what is collected, why, how long, and what emails are sent and why, are not provided, then it is an admin error, not a system issue. This information can be found on the /about page, for example.
The grey area is whether we should seek consent at the time of account creation. However, the tools are already available.
Therefore, there is no GDPR violation, and no improvements are needed. It is both the admin’s and the user’s responsibility to use the available tools.
Nothing is, but I shouldn’t have to, because I shouldn’t have been subscribed in the first place, and given how popular Discourse is, I’m very much fed up of having to deal with it every time I register on a Discourse-powered forum.
What’s that ?
That’s a dark pattern that GDPR fights.
That’s clear, not grey.
Which you are not using properly.
Which includes this very forum’s admin’s responsibility.
This has become contentious and nothing of value is being discussed. The ways you can use the available tools to solve the problem in the OP have been clearly outlined so I’m closing this topic.
If the necessary explanations, such as what is collected, why, how long, and what emails are sent and why, are not provided, then it is an admin error, not a system issue. This information can be found on the /about page, for example.