An email address is indeed considered personal data. I spent weeks trawling through GDPR hell; it's just about as unintelligible as it gets. The irony
Yeah, they are not much into being intelligible and accessible...
I was asking about it because I'm working on a post over in Secret Writers' Business board called "Writers beware", with a list of things people should aware of if they want to stay out of trouble. https://writersanctum.com/index.php?topic=817.0
Maybe it should say something like:
"Mailing list incentives: There don't seem to be any clearcut regulations in GDPR preventing writers from offering free books or other give-aways in return for mailing list sign-ups. However, it's worth being careful as you might run into trouble. Your sign-up page should clearly state what the mailing list is for, and how you'll use the emails. Also make sure that it's easy to unsubscribe from your mailing list."
How does that sound? Any links I could provide to substantiate that?
It sounds good. Again, there won't be any links. This regulation is about Facebook, Google and cia selling out our information, not about mailing lists, and does not address them. It's not an anti-spam regulation. The closest I found was the one I posted about consent, which must be freely given. That's the point people are using to claim forbids newsletter incentives.
You can also take a look here:
https://gdpr-info.eu/art-5-gdpr/ This is about the main principles. Again, the idea is that people know when their data is being collected, consent to it, and know for what this data is going to be used.
Thanks for compiling this information.
Not an expert, but I think the critical thing with GDPR is to be clear why you need someone's personal information, such as email address, and what you are going to do with it.
That's how I see it. Some people interpret it differently, which is fine.
Then the only things I actually need to execute it is the email address to send it to. That's it. No first name, no country of origin or anything else. So, I minimized what I collect to exactly what I need to execute the contract.
Yes, if you think that you shouldn't be using unnecessary information, there's no need to collect names. I also ask only for the email.
It's funny that some people freak out about newsletter incentives, while still having their Facebook pixels, for example, without asking for consent or informing their visitors. Lots of people find it super creepy to get ads for sites they visited outside Facebook, and, in a way, it gives them that horrible sensation that Facebook is following them.
When GDPR came about I removed Google analytics from my websites. I don't think the EU is going to come after tiny websites, but it was a good moment for me to reflect whether I should be giving my visitors' information to Google. And I don't find Google that nefarious.
Mark Dawson’s GDPR episode is below. They get a lawyer on to talk about the rules. She’s very cagey, as at the time they recorded it, the legislation was still unclear. Not much has changed since though - it’s still pretty unclear!
https://selfpublishingformula.com/episode-117/
I thought that was murky as hell, and excessively cautious, which is understandable.