We have also to be sure that NO DATA IS COLLECTED without prior consent.
It seems to me that we have to add an attribute on subscription page, like a checkbox, that MUST BE EMPTY and REQUIRED.
If checked on submission, data are stored into the database (user not confirmed) and request to confirm link is sent and so on.
If not checked, then error and NO RECORD is created in the database.
Finally, we should have a way to show, in case of complain, or worst, in case of suit, date/time of that express confirmation.
I’ve tried to edit the subscription page with such attribute (checkbox) but no way to set it as “required”.
Any idea ?
A clear step-by-step way to do this will be very very appreciated, so even a basic user can be safe.
It’s not really possible to make a check-box “required” because in a general case both checked and unchecked are valid.
Possibly a mandatory select list with only one entry (“Yes I confirm”) would do. If the subscriber doesn’t choose that entry then I expect phplist to reject the submission.
Thank you duncanc for your reply.
If I follow your advice, “Yes I confirm” is the only choice and it is pre-selected, which is not compliant with EU law.
Putting as first value a “No” could be fine (changing to Yes and apply is an explicit consent), but in case of “No” phplist should not add the subscriber at all.
@edorizzi You need to use the empty value prefix in config.php
# empty value prefix. This can be used to identify values in select attributes # that are not allowed to be selected and cause an error "Please enter your ..." # by using a top value that starts with this string, you can make sure that the # selects do not have a default value, that may be accidentally selected # eg. "-- choose your country" define('EMPTY_VALUE_PREFIX','--');
Then phplist will reject the submission if the valid value has not been selected
Thank you duncanc, it does work