@DReffects2 - I appreciate you've done extensive research as applicable to your situation jurisdiction. We have expended an enormous amount of time and resources aiding our EU clients with GDPR compliance to the best of our abilities and it's our understanding, we've actually done more than most similar platforms. A temporary line has to be drawn somewhere or we're going to end up with, as Matt said, a barrage of half-baked features and checkboxes everywhere. We have consulted with the ICO, our largest EU clients and perused legal resources and are confident that our implementation as of 4.3.3 will help satisfy your compulsory requirements under the GDPR. I know you don't like the "let's wait and see" approach on your remaining potential concerns, but that is in fact a key purpose of the judicial system -- interpreting and providing subsequent guidance on existing regulation.
We are committed to adapting and accommodating as needed, I assure you. We aren't, however, able to go crazy and toss things in based on armchair interpretations. From a layman perspective, a simple checkbox here and there seems easy. From a development perspective - you need to do something with that checkbox. As the contact form, when configured such, is merely an email form, there's nothing to do in the same way there's nothing to do when you actively send someone a traditional email -- you're sending the email because you want to initiate contact. If you wanted a "simple" checkbox on the contact form that's simply sending an email, you then need to provide a mechanism for obtaining consent, store the email address, store the consent, provide a mechanism to withdraw the consent to store the email, etc. None of that is necessary based on reasonable interpretations of the GDPR, so as developers with finite resources, we need to weigh out these requests that amount to a fair amount of development time with limited basis and simply say, if you're super concerned about untested, unchallenged, extreme interpretations for things like this, it's likely best, for your own peace of mind, to simply not use the feature.
I say with confidence that although ultimate compliance with any local, national or international law or regulation is the responsibility of the community owner; 4.3.3 is GDPR friendly. If you feel you need to be more restrictive based on additional member state requirements, interpretations or even personal peace of mind - you can of course disable embeds, disable the contact form, disable spam mitigation, disallow tech support and/or peruse third party solutions. It's my opinion, however, the EU authorities are not intending to cripple the Internet or make it cumbersome, inconvenient and unenjoyable to use; only to hold providers, controllers and processors to task for safeguarding data... and in that regard, it's only a good thing.
There's a lot of information, opinions and suggestions floating through the comments here and it's difficult to keep track of. We welcome you to engage us via a support ticket for software and corporate specific information and, of course, you may use the client forums to discuss various scenarios, share opinions, tips, etc.
We appreciate the feedback and participation. Let us know if we can be of further help.
Pinned topics still appear at top of list?
Changing forums count as new page for Google Analytics?
Do prefix tags still show in fluid view?
Forum color works well with custom icon?
