Open rafeeJ opened 4 years ago
https://www.litmus.com/blog/5-things-you-must-know-about-email-consent-under-gdpr/
By the sounds of it, we need to have a way of tracking consent and when it is given and we need to have a way of unsubscribing. The former is something we can track when the server receives the call from the modal that @benlellouch has implemented. The latter is slightly more difficult, I'm thinking we should have a writeforchange.uk/unsubscribe where the user can enter their email address and we remove them from the consent collection?
You can implement the unsubscribe option using user tokens. I haven't looked at this repo's code in a while but it should be straight forward using the itsDangerous
package - documentation is here. It's worth looking into.
In general - does adding a mailing list necessitate some inclusion of a GDPR statement (regarding email storage)? probably worth filing a bug request for it as it'll certainly be useful for moderation/admin page email storage.
Originally posted by @davidswarbrick in https://github.com/Write-For-Change/emaildrafter/pull/47#issuecomment-648448099