Allow email digests to be configured opt-out instead of opt-in

[julianlam]

Opt-in is required by law in Canada, but other countries may not have similar restrictions and some forum owners may have no problem sending daily digests out to their users.

The default will be maintained: opt-in for daily digests.

[a5mith]

Wouldn't this be considered a grey area though, as the emails that are sent aren't considered marketing. It's information regarding that users specific account, if notifications are included. Which, at least in the EU, isn't regulated. However I can imagine it would be different if we're just sending an email stating "look at these topics", which may fall under marketing.

The ICO in the UK, says the following:

You may send or instigate the sending of electronic mail for marketing purposes to an individual subscriber where:

• you have obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient; (signing up to a NodeBB Forum)
• the direct marketing material you are sending relates to your similar products and services only; (the NodeBBs forums topics or notifications to that user)

I would say that this falls under both of those, they have given you their email address, and the emails being sent are in relation to activity on their account, you have X notifications for example. As each email is tailor made to the customer, it's not really marketing.

Their should be a note on the "make it opt out" that they should look at their local law on emailing users and apply any terms and conditions as necessary to make it abundantly clear that a user is opting in to this agreement. As you would need to remove any liability of a user in Germany (for example), sending emails to his users and getting a hefty fine for it. And claiming he didn't know he couldn't. I'm not saying that would happen. But I've seen worse. This springs to mind

Specifically, this line

"John Lewis argued that because I had not opted-out of receiving their emails, I had automatically opted-in.

[psychobunny]

Yeah I had a read on the Canadian spam law yesterday and I think daily digests are okay as long as you're not advertising a product. But hell if I know, better be safe than sorry I guess.

NodeBB does currently have an optional ToS setting where you could have users agree to receive emails etc if you want to be sure. On 12 Nov 2014 13:56, "Aaron Smith" notifications@github.com wrote:

Wouldn't this be considered a grey area though, as the emails that are sent aren't considered marketing. It's information regarding that users specific account, if notifications are included. Which, at least in the EU, isn't regulated. However I can imagine it would be different if we're just sending an email stating "look at these topics", which may fall under marketing.

The ICO in the UK, says the following:

You may send or instigate the sending of electronic mail for marketing purposes to an individual subscriber where:

-

you have obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient; (signing up to a NodeBB Forum)

the direct marketing material you are sending relates to your similar products and services only; (the NodeBBs forums topics or notifications to that user)

I would say that this falls under both of those, they have given you their email address, and the emails being sent are in relation to activity on their account, you have X notifications for example. As each email is tailor made to the customer, it's not really marketing.

Their should be a note on the "make it opt out" that they should look at their local law on emailing users and apply any terms and conditions as necessary to make it abundantly clear that a user is opting in to this agreement. As you would need to remove any liability of a user in Germany (for example), sending emails to his users and getting a hefty fine for it. And claiming he didn't know he couldn't. I'm not saying that would happen. But I've seen worse. This springs to mind http://news.sky.com/story/1272933/spammer-to-pay-damages-after-court-victory

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62772740.

[julianlam]

NodeBB does currently have an optional ToS setting where you could have users agree to receive emails etc if you want to be sure.

I wish that were enough, but for Canada, including it in the ToS doesn't count :laughing: Too bad.

[psychobunny]

I think more importantly we should have an opt out direct link in any correspondence. On 12 Nov 2014 14:04, "Andrew Rodrigues" rodrigues.andrew@gmail.com wrote:

Yeah I had a read on the Canadian spam law yesterday and I think daily digests are okay as long as you're not advertising a product. But hell if I know, better be safe than sorry I guess.

NodeBB does currently have an optional ToS setting where you could have users agree to receive emails etc if you want to be sure. On 12 Nov 2014 13:56, "Aaron Smith" notifications@github.com wrote:

Wouldn't this be considered a grey area though, as the emails that are sent aren't considered marketing. It's information regarding that users specific account, if notifications are included. Which, at least in the EU, isn't regulated. However I can imagine it would be different if we're just sending an email stating "look at these topics", which may fall under marketing.

The ICO in the UK, says the following:

You may send or instigate the sending of electronic mail for marketing purposes to an individual subscriber where:

-

you have obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient; (signing up to a NodeBB Forum)

the direct marketing material you are sending relates to your similar products and services only; (the NodeBBs forums topics or notifications to that user)

I would say that this falls under both of those, they have given you their email address, and the emails being sent are in relation to activity on their account, you have X notifications for example. As each email is tailor made to the customer, it's not really marketing.

Their should be a note on the "make it opt out" that they should look at their local law on emailing users and apply any terms and conditions as necessary to make it abundantly clear that a user is opting in to this agreement. As you would need to remove any liability of a user in Germany (for example), sending emails to his users and getting a hefty fine for it. And claiming he didn't know he couldn't. I'm not saying that would happen. But I've seen worse. This springs to mind http://news.sky.com/story/1272933/spammer-to-pay-damages-after-court-victory

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62772740.

[julianlam]

Good point. When the templates were made, we didn't have a direct link to the user settings page. This can be done now.

[psychobunny]

No? "I agree to allow you to email me" and they check that box, how is that illegal? On 12 Nov 2014 14:05, "Andrew Rodrigues" rodrigues.andrew@gmail.com wrote:

I think more importantly we should have an opt out direct link in any correspondence. On 12 Nov 2014 14:04, "Andrew Rodrigues" rodrigues.andrew@gmail.com wrote:

Yeah I had a read on the Canadian spam law yesterday and I think daily digests are okay as long as you're not advertising a product. But hell if I know, better be safe than sorry I guess.

NodeBB does currently have an optional ToS setting where you could have users agree to receive emails etc if you want to be sure. On 12 Nov 2014 13:56, "Aaron Smith" notifications@github.com wrote:

Wouldn't this be considered a grey area though, as the emails that are sent aren't considered marketing. It's information regarding that users specific account, if notifications are included. Which, at least in the EU, isn't regulated. However I can imagine it would be different if we're just sending an email stating "look at these topics", which may fall under marketing.

The ICO in the UK, says the following:

You may send or instigate the sending of electronic mail for marketing purposes to an individual subscriber where:

-

you have obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient; (signing up to a NodeBB Forum)

the direct marketing material you are sending relates to your similar products and services only; (the NodeBBs forums topics or notifications to that user)

I would say that this falls under both of those, they have given you their email address, and the emails being sent are in relation to activity on their account, you have X notifications for example. As each email is tailor made to the customer, it's not really marketing.

Their should be a note on the "make it opt out" that they should look at their local law on emailing users and apply any terms and conditions as necessary to make it abundantly clear that a user is opting in to this agreement. As you would need to remove any liability of a user in Germany (for example), sending emails to his users and getting a hefty fine for it. And claiming he didn't know he couldn't. I'm not saying that would happen. But I've seen worse. This springs to mind http://news.sky.com/story/1272933/spammer-to-pay-damages-after-court-victory

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62772740.

[a5mith]

Could this not be completely avoided just by having a checkbox on the registration page?

If opt in is set by default. Then the tickbox says "I do not wish to receive a Daily Digest" If opt out by default, then I DO wish to receive the Daily Digest" Add a little ? next to it which basically explains that forum name may send you information regarding your account, such as notifications specific to you from other users, and the days most popular topics.

I also think that the unsubscribe link should switch off the daily digest without the need to log in. Just to avoid annoyance mostly. If that's possible. You already know the email, generate a unique token with it, something technical like that? :laughing:

[psychobunny]

That's the feature I'm talking about. Its in the settings ACP :p if set, registration requires you to accept the ToS #seekritfeatures On 12 Nov 2014 14:10, "Aaron Smith" notifications@github.com wrote:

Could this not be completely avoided just by having a checkbox on the registration page?

If opt in is set by default. Then the tickbox says "I do not wish to receive a Daily Digest" If opt out by default, then I DO wish to receive the Daily Digest" Add a little ? next to it which basically explains that forum name may send you information regarding your account, such as notifications specific to you from other users, and the days most popular topics.

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62774952.

[a5mith]

Yeah but as Julian said, just putting it in the TOCs isn't enough for canadian law. So I was saying create a specific checkbox, just for the daily digest. That strictly states they opt in or out.

[psychobunny]

Ah but not a setting specifically for emailing though. On 12 Nov 2014 14:11, "Andrew Rodrigues" rodrigues.andrew@gmail.com wrote:

That's the feature I'm talking about. Its in the settings ACP :p if set, registration requires you to accept the ToS #seekritfeatures On 12 Nov 2014 14:10, "Aaron Smith" notifications@github.com wrote:

Could this not be completely avoided just by having a checkbox on the registration page?

If opt in is set by default. Then the tickbox says "I do not wish to receive a Daily Digest" If opt out by default, then I DO wish to receive the Daily Digest" Add a little ? next to it which basically explains that forum name may send you information regarding your account, such as notifications specific to you from other users, and the days most popular topics.

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62774952.

[a5mith]

:stuck_out_tongue_winking_eye:

[julianlam]

I'll freely admit I don't know this issue well enough to say anything for certain, but I believe that having an already-ticked checkbox reading "Sign me up for updates" does not count as informed consent, as would an unticked checkbox reading "do not send me updates".

Either way, I believe we're all in agreement that the daily digest should be opt-in, that is, you have to manually go into profile settings and change the digest frequency to "Daily"

[psychobunny]

Makes sense, sounds less complicated than configuring OP On 12 Nov 2014 14:12, "Aaron Smith" notifications@github.com wrote:

[image: :stuck_out_tongue_winking_eye:]

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62775453.

[julianlam]

I am heavily in favour of CYA. Enabling auto-opt-in in ACP should be behind a bootbox modal telling the admin to check his local laws and regs :stuck_out_tongue:

[psychobunny]

Yeah the already ticked check box is illegal as far as Canadian law is concerned. My original point was that if you mentioned it in the ToS section and the "I agree to the ToS" is unchecked then its completely kosher unless I understood something wrong there On 12 Nov 2014 14:15, "Andrew Rodrigues" rodrigues.andrew@gmail.com wrote:

Makes sense, sounds less complicated than configuring OP On 12 Nov 2014 14:12, "Aaron Smith" notifications@github.com wrote:

[image: :stuck_out_tongue_winking_eye:]

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62775453.

[a5mith]

Well the law would only come crashing down on the Admin of the forum, not you guys. :thumbsup:

An unticked checkbox that states "DO send me a Daily Digest" would satisfy most courts of law on the matter. As the button does not misidentify itself in any way. You are consenting to receiving daily emails. Those emails contain unsubscription links if they change their mind. Everyone is covered then. :thumbsup:

I agree that a ticked checkbox however, would not.

This would be solved quickly if opting in or out was a quick process. At the minute, it's a bit of a ballache, which is what could be annoying forum admins, it's not a quick process for asking people to sign up. Whereas on Registration, the option is right in front of you.

[psychobunny]

Just realized that the ToS feature ought to create a /tos route as well On 12 Nov 2014 14:18, "Aaron Smith" notifications@github.com wrote:

Well the law would only come crashing down on the Admin of the forum, not you guys. [image: :thumbsup:]

An unticked checkbox that states "DO send me a Daily Digest" would satisfy most courts of law on the matter. As the button does not misidentify itself in any way. You are consenting to receiving daily emails. Those emails contain unsubscription links if they change their mind. Everyone is covered then. [image: :thumbsup:]

I agree that a ticked checkbox however, would not.

— Reply to this email directly or view it on GitHub https://github.com/NodeBB/NodeBB/issues/2398#issuecomment-62776420.

[julianlam]

On another note, I really like this design. What do you think @psychobunny / @cnvo ?

[psychobunny]

Its nice, but if possible keep it out of vanilla I want to try simplifying the default theme

[julianlam]

Sounds good, won't add it to vanilla then :+1:

Right now it's a plain dropdown, functional, but kind of boring. Solution in search of a problem maybe :laughing:

[pitaj]

Yet another reason to split digests from core #2455

[smngreenberg]

Sorry to revive this, but I believe this is an incorrect interpretation of Canadian law and furthermore is an essential part of a forums system.

1. These messages do not satisfy the definition of "commercial electronic message" in Canada's Anti-Spam Legislation:

   For the purposes of this Act, a commercial electronic message is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that (a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land; (b) offers to provide a business, investment or gaming opportunity; (c) advertises or promotes anything referred to in paragraph (a) or (b); or (d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.

2. Even if the messages did satisfy the definition above (which they won't), I think they will be exempt from the CASL rules by at least section 6.(6)(d)(i):

   (6) Paragraph (1)(a) does not apply to a commercial electronic message that solely (d) provides notification of factual information about (i) the ongoing use or ongoing purchase by the person to whom the message is sent of a product, goods or a service offered under a subscription, membership, account, loan or similar relationship by the person who sent the message or the person — if different — on whose behalf it is sent,

Note that the checkbox discussion is irrelevant because of this exception, but IMO it's a nice to have thing for the user experience. Aside from this, I also agree having a link to the user's settings page is an important addition regardless of the discussion above (Edit - noticed this is already implemented).

[UI-Jakob]

@smngreenberg is correct. A different way to prove that he is right is by looking at every other forum solution there is. You will always get an email whenever a user gets a reply to one of his/her posts/threads. Right now nodebb receives a lot less traffic than what it would have get if users would be notified when something happen.

At least let the admins decide how it should work. Email notifications is a part of the service in this case since it improves the experience since when a user tries to get an answer to a question they are not going to go back to the site every 5 minutes to check for answers.

[cnvo]

Looks nice @julianlam but I also agree with @psychobunny to keep it away from Vanilla... unless you use the BS modal.

[julianlam]

@smngreenberg Thanks for your contributions toward the discussion! I recently attended a webinar on CASL, and while I certainly am still not an expert on the subject matter, I came to the same conclusion as you have -- that the messages we do send out do not qualify as CEMs.

Though it would still be nice (from a purely personal standpoint) to give users a choice.

[julianlam]

I'd also like to point out the obvious, that the opinions from users vs. admins are at odds. More than once, have inquiries been made asking whether we could make these daily digests opt-in only.

[nodebb-misty]

Issue closed due to inactivity.

---

This is an automated message. If you feel this action was in error, please comment on this issue so it can be looked at again