On the 24th of October 2017, MailChimp announced a u-turn to their customers which led to some social media trending with the hashtag #MailChimpGDPR. As most people know there is a new (well, already in place) law that will tighten up the data protection act to protect consumers and businesses from being contacted without providing unambiguous (opt-in) consent. MailChimp decided that they would reverse their flagship best practice motto to use “double opt-in as default” when their customers sign up a new contact to their mailing list.
The original email stated
Starting October 31, single opt-in will become the default setting for all MailChimp hosted, embedded, and pop-up signup forms. This change will impact all MailChimp users…
MailChimp Single Opt in
This surprising announcement to MailChimp’s EU customers (who were by the way included in the mass mailing) had users taking to Twitter to challenge MailChimp on their decision. Why did they provide single opt-in by default, rather than double opt-in by default with the option to change to single opt-in? Understandably, people were questioning MailChimp’s out-of-the-blue decision and what the effect for the GDPR and companies using MailChimp would be, let alone the risk of huge fines (4% Global Turnover or 20 Million Euros).
On the 30th of October 2017, MailChimp reversed this decision but ONLY for EU account holders. "However, because your primary contact address is in the EU, your existing forms will remain double opt-in. We made this decision after receiving a lot of feedback from EU customers who told us that single opt-in does not align with their business needs in light of the upcoming GDPR and other local requirements. We heard you, and we’re sorry that we caused confusion…"
Why does it matter?
MailChimp appears to have partially recognised the error but doesn’t appear to fully understand why they made an error, only that they’ve got a lot of EU customers complaining.
For MailChimp to remove double opt-in was bizarre as an action (double opt-in is best practice so why change from years of having it as the default?) but its timing appeared to be a bit of a two-fingered wave to the EU and the GDPR.
The ramifications of GDPR are not simply rule changes that are an annoyance to those customers in the EU. They are changes in the law to protect the privacy of EU citizens and they will affect every database in the world.
For example, can ABC Flowers in Connecticut really be 100% sure they have no EU citizens on their list, not just pretty confident but 100% so sure they’d bet €20 million on it sure? Who will be at fault if they didn’t offer the double opt-in? Who will get caught out and blamed? Who will pay the fine? MailChimp? ABC Flowers could be out of pocket – is that a risk worth taking?
There are many Email Service Providers who are based in the EU. We are one of them. NewZapp will be offering all of our customers double opt-in as standard to gain unambiguous consent (as required by the GDPR). For more information on the GDPR please visit the ICO website, read our three part GDPR blog series and our “Keep calm, GDPR is coming” newsletter.
Disclaimer: The above information and materials created by NewZapp Email Marketing are not intended to constitute or provide any legal advice. You should seek advice from a legal professional or contact the Information Commissioners Office to discuss your business needs.