What support is iModules providing for explicit opt-in. We're considering putting a content block on all outgoing emails asking folks to explicitly opt-in to our marketing. We'd envision a link or button that takes folks to a page where they can read about what they are opting into and would be able to click a button to opt-in. Is there support for this?
Date
Votes
8 comments
-
Germaine Ward Official comment Hi Jay. That's a great question. We are currently working on the approach to manage the opt-in process. We will be adding content here to outline this as well as the other requirements of GDPR starting soon.
-
Andrea Ganier Hey Jay!
I'm so glad you mentioned the need for explicit opt-in. This topic has been much on my mind. There are some data structure pre-requisites that we'd need to meet before making this feature available.
- An opt in state record for every category / every person
- A shift from record based to email address based subscription management.
Hope that provides some context.
Andrea
-
Jay Jennings Thanks, Germaine.
Andrea, in terms of GDPR, the opt-in has to be person, not email address, based - from what I understand we need to maintain a record that anyone in our database has opted-in to being, well, in our database.
-
Kelsey Fernandez Hey Jay,
Would you be willing to share a sample of your communication going out to EU citizens? Our team is starting the process and looking for example communications. Feel free to email me kfernan9@gmu.edu. Thanks!
-
Jay Jennings We haven't finished crafting communications yet, I'm afraid. When I see it I'll send it on to you. #abovemypaygrade
-
Jay Jennings In addition to email, we believe we will need to get explicit opt-in on every single form because the GDPR requires explicit consent whenever you gather information that will be used for marketing and things like email addresses and names are used in marketing. Duh.
We are planning to put a checkbox with the following language on all forms (donations, events, forms, etc.)
"By checking this box, you consent to Darden sending you emails about our news, events and thought leadership. Your email address also helps us keep your content relevant when you visit our website and social media. We think you will find our content valuable, and you can unsubscribe or opt-out at any time."
The issue is process - there is no way to get a report across all forms of people that have submitted the form without checking that box. So we'll need to actively monitor it. We'll make it a profile field I think and use the data change history report. Hopefully that will work.
Thoughts?
-
Andrea Ganier Jay,
I really like where you are headed.
What you are doing is a smart workaround until we can refactor email subscription categories. I love your wording. If you ever change it - you will want to keep track of which EU folks opted in under language A vs. B etc.
The only thing I will add is that you may want to be clear about what other university entities (if any outside Darden) will be getting access to the email address from the form submission.Why the work around is needed (a history lesson)
Several years ago we made email subscription categories a non member field to support folks with 200+ categories. The downside to that was we lost the ability to add those check boxes to any form type easily.
Why did I recommend the extra wording?
E-Privacy Directive states that to qualify for the "opt-out" marketing exception...
- Details collected must be in context of sale where opt-out was offered
- Marketing must relate to first party - similar products or services.
- Third Party marketing requires prior consent
Items one and two are tricky for Higher Ed because of the nature of the constituent-entity relationship and structure of universities.
What sale is the one that counts? Which entity has gotten consent?
- Application fee? - Admissions, Student Affairs?
- Tuition payment - Bursar's Office, Registrar?
- Athletic event ticket after graduation? - Athletics only?
- Donation? Foundation only?
Item three is most clear - Sending Insurance Company emails to EU alumni is not okay.
Why did I recommend keeping track of verbiage?
As defined by GDPR consent must be
- Freely given
- Informed
- Specific
- Unambiguous
- Clearly Distinguishable
- Easy to withdraw as to give
- Auditable (who consented, date/time of consent, consent statement, history of opt outs)
- Not conditional on access to service
Disclaimer: Editorial Content below this point...
To be in a place where we are expressing respect for the constituent and taking consent seriously - we should be allowing individuals (regardless of EU residency) to
- Control their subscriptions status at every form touch point and in front of login
- Easily understand who they are getting email from and why
- Introduce mechanism for opt in confirmation
-
Jay Jennings Thanks, Andrea.
We are likely different than most in that we have a high percentage of international alumni and they move around frequently. For that reason we can't really identify individuals as EU folks vs. non-EU folks - everyone is going to have to be considered EU.
And to be clear, GDPR requires explicit, non-pre-selected, opt-in, rather than opt-out. We will actually be putting an additional link in the footer of all emails we send through iModules to our GDPR data request form - not only can people unsubscribe but they have to be able to easily request a number of things, including the right to be forgotten, the ability to get a copy of the data you have on them, etc.
I feel like we are well ahead of most schools but we're still really scrambling. The inability to have explicit opt-in to email categories and the inability to have tracking turned off by email address (i.e. don't send the tracking image to these email addresses because they don't want to be tracked - MyEmma for example has this tool) is making it hard to shoehorn what we need to do into iModules.
Please sign in to leave a comment.