Addressing Mailchimp and Newsletter service privacy concerns

A few weeks back, @hlashbrooke and I jointly-published a post that announced Mailchimp as the chosen newsletter service for the Community Team. In the following days, members of the community shared concerns about the lack of transparency in the newsletter service selection process and the privacy implications of using a newsletter service. I had published a follow-up post last week, to shed more light on the process behind the MeetupMeetup All local/regional gatherings that are officially a part of the WordPress world but are not WordCamps are organized through https://www.meetup.com/. A meetup is typically a chance for local WordPress users to get together and share new ideas and seek help from one another. Searching for ‘WordPress’ on meetup.com will help you find options in your area. newsletter service selection. The current post is a second follow-up that will hopefully address the concerns that were raised by community members about community organizer and meetup group member privacy.

I have privacy law concerns about using a third-party service such as Mailchimp for contacting Meetup organizers. Is this move legal and GDPR-compliant?

WordPress chapter meetups are part of Meetup.com’s “Meetup Pro” network. When people join a WordPress meetup via Meetup.com, they agree to their privacy policy which states that, “Members who administer a Meetup Pro network, known as ‘network administrators’ have access to the content within their groups, including information about group participants.” (see 3.2 Group Networks). Meetup.com also makes it possible for WordPress chapter group members to share their email address with the network administrators of the Meetup Pro account.

The Community Team has been sending monthly newsletters to WordPress chapter group organizers since 2018. The reasons behind the suggestion that the quality of those newsletters could be improved if they were sent via a dedicated email newsletter platform are outlined in this blog post.

According to privacy consultants (in this case, people who oversee Automattic’s various privacy policies) who gave pro bono advice on this question, GDPR and other privacy laws do not require an organization to seek data subject consent (consent from subscribers) to change email platforms. It is not a legal or GDPR requirement to obtain consent for which platform is used to send emails, just as an individual is not required to obtain permission for which email platform they use to send emails to their friends, family, and other contacts.

Thus, it was clear to us that there are no privacy issues with changing the newsletter vendor. Hence, the list of meetup organizers, who had already given permission for meetup.com to share their email addresses with WordPress chapter network administrators, was exported to Mailchimp. Ongoing email newsletter preferences will be managed there.  

What is the privacy policy of Mailchimp?

One of the concerns raised was that Mailchimp could potentially use the contacts we upload for their marketing purposes. As mentioned in the Privacy for contacts section, Mailchimp support confirms that contacts will not be used for marketing purposes. Their usage is restricted to the following cases:

  • To enforce their terms
  • To protect the rights and safety of Members
  • To do anything required to protect itself legally and to fulfill its legal obligations
  • To provide support and improve the service
  • For internal data analysis purposes
  • To fulfill other business obligations

However, as mentioned in the privacy policy, Mailchimp may use data collected from those community deputies, who use the community Mailchimp account to send newsletters to the community, for marketing purposes. This is common with many third party services and it does not pose privacy risks to the larger community.

Furthermore, if any community member does not want to have their contact information being used for the internal data analysis purposes of Mailchimp or wants to get their personal information erased, they can get this done by submitting a Data Subject Access Request.

How does someone know that an email from WordPress Community Support is being sent through Mailchimp?

All newsletters sent through Mailchimp will have a notification included in the footer of the email. The footer for all future Mailchimp emails will contain the following information: 

This email was sent to you via Mailchimp. You are receiving this email because you opted in at our website: https://central.wordcamp.org or through https://meetup.com/pro/wordpress

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit the following URLs:

https://wordpress.org/about/privacy/
https://central.wordcamp.org/
https://make.wordpress.org/community

What emails will be sent using Mailchimp?

The WordPress Community Team sends email newsletters to meetup organizers every month. The newsletter contains news, updates, and essential information for WordPress community organizers all over the world. As outlined in an earlier post, Meetup.com was being used to send these emails previously, so there is no change in the number and types of emails that will be sent now that Mailchimp is being used. Each month, Mailchimp will be used to send the meetup organizer newsletter to approximately 1,600 meetup organizers (out of 2,000+ organizers) who have subscribed to emails from Meetup.com. Please note: only people who have subscribed to Meetup.com emails will be contacted via Mailchimp. That’s a total of one email per month (typically sent on every second Friday of the month), which amounts to 12 emails per year.

It would also be ideal to use Mailchimp to send the annual meetup organizer and member surveys (aimed at meetup organizers and meetup group members respectively), as well as any critical announcements that are relevant to the entire community.

What is the benefit of using a different platform, such as Mailchimp, for sending newsletters?

Meetup.com has been an unreliable platform for sending newsletters with several pain-points like non-delivery of emails, lack of formatting options, inability to reach out to specific meetup groups, lack of data on engagement, and lack of separate email lists, to name a few. Many organizers complained to us about missing the newsletter emails. During the recent meetup group inventory, many organizers did not receive the emails that were sent to them via Meetup.com. Using a dedicated email newsletter vendor, we can communicate with meetup group members more reliably about the program and convey any urgent and time-sensitive information without worrying about organizers missing our emails. We can also make those messages easier and more enjoyable to read. 

Can I unsubscribe to emails from Mailchimp?
Yes, you can always unsubscribe by following this link, or by clicking the “unsubscribe” link in the footer of any email received via Mailchimp. The team will be implementing a widgetWidget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user. on make.wordpress.org/community that will make it easier for community members to subscribe  and unsubscribe from emails. 

Additionally, community members can also submit a Data Subject Access Request if they wish to prevent their data from being used for internal data analysis or if they want their personal data to be erased from MailChimp servers.

Will Mailchimp be used for marketing emails to organizers?

No. This list will only be used for emails that support the legitimate interests of the global community team: to help people learn to use and contribute to WordPress. Community organizers and meetup members will only receive messages that support this mission. 

What if I want to revisit the email newsletter vendor discussion, and suggest a different approach? 

One of the reasons why Mailchimp was chosen as a newsletter service was because it offered a Pay as you go plan that allows us to effectively ‘test’ the service without lock-ins. We have only spent $150 with them for 5000 emails. We can always choose to cancel our plans of using Mailchimp and move to a different service, if there are better options. 

If you feel that there is a different newsletter service that the team can use, please feel free to share more about them in the comments on this post. Feel free to refer to the past discussion in the Make/Community blog on newsletter services, and the list of shortlisted services for reference.


The Community team remains committed to protecting the privacy of our event attendees and group members, and it’s great that the members of the WordPress community  help hold us accountable on this. 

Are there any concerns about this project that you would like to see addressed? Do you have any feedback on the project to share? Share your thoughts and concerns in the comments. 

This post was prepared jointly by @hlashbrooke and I.

The following people contributed to this post: @adityakane @andreamiddleton @bph @camikaos @courtneypk @francina @kcristiano @rmarks and @sippis

#newsletter #newsletter-service #newsletter-service-selection