This update includes information about new features aimed at supporting GDPR compliance. If you are a European organization or process the data of European residents, you may be affected by the GDPR. We highly recommend consulting legal advice to assess your liability and any necessary changes to your processes.
We're also hoping to schedule calls with every affected CSL customer. We've emailed staff at each organization, but you can also see our checklist here: https://docs.google.com/docume
We've continued our GDPR compliance work. Here's what's new on that front:
- In the previous release note, we mentioned that we're now tracking email opt-in consent types. This will allow admins to know what type of consent a person saw when they took action on the site. Whenever opt-in settings are changed, we'll now automatically create a new opt-in type and set that new type to active.
To see your organization's email opt-in types, you can now go to admin homepage > Settings > Email Opt-in Types tab. †
- Any current and historic email types (NB: for most organizations, you will see a single opt-in type that matches your current opt-in type and includes all historic signatures) can be set to mailable or not (from admin homepage > Settings > Email Opt-in Types). †
An example of how this might be used: Organization A has historically implicitly opted all users into their email comms. After seeking legal counsel, they've decided to have an explicit opt in for future email communications. They add that new opt-in box to their forms and new signers are tagged with the new opt-in type. Until May 25, Organization A sets both the historic (implicit) and new (explicit) opt-in types to be mailable. On May 25, Organization A sets the historic (implicit) opt-in type to not mailable and leaves the new (explicit) opt-in type as mailable. Their lawyers are pleased because people who have not explicitly and affirmatively opted in to receiving email communications are not continuing to receive email from petition creators.
As with all things GDPR, we strongly recommend seeking legal counsel to ensure that your organization understands and complies with all data privacy and electronic communications laws, which include things like GDPR, PECR, etc.
- Information about email opt-in types now also includes Contexts to help admins understand where consents came from. Some possible contexts include: web form (standard signatures on petition pages), offline (through the offline signature form and bulk entry tool), external (this could include consents that have happened in other places like your main CRM), and email (for organizations using DOI). When an organization asks CSL to perform a CSV upload of signers, we'll also be able to specify which opt-in version applies to the listed signers. †
- Email opt-in types can now have external IDs. External IDs will allow organizations to refer to opt-in types in a consistent way throughout their systems. To set an external ID, go to admin homepage > Settings > Email Opt-in Types tab > Edit. †
- It's now possible for organizations to change a user's email opt-in information (for all signatures/event RSVPs or for a single signature/event RSVP) in ControlShift via API. We've not yet added documentation to our developer site, but feel free to send us an email or check https://developers.controlshiftlabs.com/ for updates.
- Listing email opt-in types and data processing consent content versions is now possible via API. Monitor https://developers.controlshiftlabs.com/ for updated information.
- The member activity JSON export, which may be helpful for GDPR's data portability requirement, now includes email_opt_in_type information.
Updates / Bug Fixes
- Admins can schedule blast emails from petition creators to be sent at a specific time in the future. However, while we allow admins to schedule emails, we didn't previously allow admins to cancel unsent scheduled emails. We've updated the code so that admins can now cancel these emails by going to the All emails list, finding the previously scheduled email, clicking the email's subject, and clicking to cancel. (Admins can also go to the petition > Admin > Blast Emails > subject > Cancel.) †
- The petition creator's Email Supporters page has been updated to provide more detail about who will be receiving the email. In the To section, email writers can now see additional details about how many of their supporters opted-in to receive email and have remained subscribed. A similar update has also been made to the email moderation view and the email's admin view. †
Updates / Bug Fixes
- Admins can schedule event invitation emails from event hosts to be sent at a specific time in the future. However, while we allow admins to schedule emails, we didn't previously allow admins to cancel unsent scheduled emails. We've updated the code so that admins can now cancel these emails by going to the All emails list, finding the previously scheduled email, clicking the email's subject, and clicking to cancel. †
- On the All events page (/org/events) events can now be filtered by their associations. These filters allow you to see only the events associated (or not associated) with a local group collection, calendar, or petitions. †
Nothing new in groups, TakeCharge, or VisitThem.
† This feature required new text strings. If you're using the platform in a language other than English, you may need to provide updated translations.