Monday 30 November 2020

It's privacy time!

As you've no doubt gathered, at Smartmessages we are very keen on privacy and preserving the rights of subscribers. Today adds an important privacy upgrade: tracking consent.

When someone consents for us to send them email for marketing purposes, we are required to be able to demonstrate that they did so with full transparency (GDPR's accountability requirement) and via an explicit, informed opt-in mechanism (a requirement of PECR / EPD rather than GDPR). So when we gather someone'e email address for the purpose of sending them messages, that is all that we are asking them for; at no point are they asking to be tracked, and historically, nor have we asked them if it's ok if we do. This is a clear contravention of the purpose limitation. That changes today. All of our subscribe forms now include a tracking consent checkbox (with polite copy!), and if a subscriber does not check it, they are not tracked. As simple as that!

We have long allowed account holders to do without user tracking (indeed, it is turned off altogether by default), and we have also always honoured "do not track" requests from browsers. Today's addition is to request opt-in consent for tracking of opens and clicks as part of the subscribe process. The reason for adding this is quite straightforward: the law requires it. GDPR's principles include this requirement for purpose limitation:

"Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes"

This means that we can't take someone's data for one thing, and then use it for something else, in this case, we can't take someone's email address so that we can then send them mail, and then use it for tracking.

Then the principle of data minimisation applies:

"Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed"

Taking a minimal approach (as this says), the only thing we require in order to send them email is their email address. We can ask for further data or processing permissions (such as tracking), but it's not specifically needed, so we require consent and be disabled by default.

You can read more about how exactly our tracking of opens and clicks works, and how they interact with the account-wide tracking setting and the Do Not Track header in our privacy docs.

All of our reporting features have been updated to support this change as well – you will now see how many subscribers have enabled tracking, and anonymous tracking records are marked clearly on reports.

Fundamentally though, this is all about putting control in the hands of the subscriber, where it belongs, which is one of the principles of privacy by design, also part of GDPR.

Meanwhile, all of this has been delivered on top of a major low-level update to our PHP code base: all of our code now runs in "strict types" mode, and we are taking full advantage of the strong typing features of PHP 7.4 – we will be looking at our migration to PHP 8.0 next.

We have also been paying attention to performance – you'll find things are even snappier than they were already: better caching, better compression, smaller code sizes, and better use of HTTP/2, while maintaining our customary levels of security.

No comments:

Post a Comment