I was going to post this elsewhere, but I think this debate deserves to be revived with a little more attention as we approach the deadline. I’m not convinced I’ve seen enough definitive information on the impact of GDPR on communities.
Discourse have addressed the Data transfer to the US issue with the server move, but there are still fairly fundamental issues here on privacy, deletion and opt-in which I still think most, or all, platforms (not picking on Discourse) have yet to deal with.
One specific issue to consider:
- When the user signs up for an account, can they SPECIFICALLY opt-in to any communications they will receive, including digests, notifications and marketing messages?
It may be enough for individual communities to default all of these settings to “no email”, but what processes are in place to encourage them clearly and easily to change this for the good of community engagement?
I’m not convinced that you should default the Activity Summary to anything other than “never” unless the member chooses to have it. In that case, other than some complex call to action in a post, to visit their preferences, find the email settings and turn it ON, how would you get them to do this? CMs probably need an automated onboarding journey that explains the options and allows them to make the relevant settings. AFAIK this does not exist in Discourse (we are building something for a Higher Logic site).
Does the same apply also for notifications? Do they escape the opt-in requirement?