Ultimate Guide to Privacy Friendly Newsletters

Rebecca // June 11 // 0 Comments

Creating an email newsletter can be a great way to build community. Small businesses and entrepreneurs might use them to share content and create an audience. However, it can be tricky to get privacy right; subtle clues or default settings may communicate to your audience that you don’t respect their privacy. To build trust and a loyal audience, it is important to get privacy right.

With this guide, I’ll help you decide what features you need to choose an email newsletter service, and how to set one up. I’m not a lawyer so this is not legal advice. I am a privacy expert with tons of research on what people want when it comes to data privacy. I’m not affiliated with any of the services described here, and I don’t get any commission from these links.

Why might you care about privacy in an email subscription newsletter? If you are a medium or large company, or you are based in the European Union, you are probably already aware of privacy regulations like GDPR. You may also care about privacy if you are a small business, entrepreneur, or just trying to grow an audience. In your quest to build a community, you want to make sure your newsletter audience feels respected and safe. This may be more urgent if your newsletter topic is sensitive; for example, if your topics include personal issues such as health, sexuality, or money. Also, if your email topic is political or associated with political movements, your community might be more privacy-sensitive. In all these cases, this article can help you figure out your key requirements and point you to potential choices.

Although it’s tempting to send emails from my own account, bulk emails sent from private accounts look like spam and will be blocked. You need a newsletter provider. Searching for a privacy-friendly email newsletter can be difficult. There are many types of privacy-protective email services that do not provide newsletters. For example, some companies that host email servers (e.g. https://runbox.com/ ) but do not offer newsletter services. There are other companies that host secure encrypted email services (e.g. https://proton.me/mail ). These services look interesting but aren’t designed to make email newsletters easy.

Consider these four requirements for choosing an email newsletter service:

  1. Data should be hosted in the EU or Switzerland
  2. Easy to use and setup with WordPress
  3. The email service should have as few trackers as possible
  4. The newsletter signup should be usable for my audience

Data should be hosted in the EU or Switzerland:

The first challenge was to find an email marketing service that kept all the data either in Switzerland or in the European Union. Why? Many Europeans are uncomfortable with their data being hosted elsewhere. They are uncomfortable with the access some governments might have when their data is stored outside the EU. Only some countries offer an adequate protection of their data, and according to a decision titled Shrems II, the US doesn’t offer an adequate protection of Europeans’ data. I live in Switzerland and specifically want to target businesses in Europe, so I’m particularly concerned about where data is hosted. If you are a business serving Europeans, you may need to pay attention to this as well.

Luckily there is a site that lists European email marketing service:

https://european-alternatives.eu/category/email-marketing-services

This above link missed a few privacy-friendly European alternatives including:

Easy to use and setup

Perhaps your goal is to get your newsletter up and running as quickly as possible. In this case, you likely do not want to host your own email service or write code. You are a busy entrepreneur or business owner, and you want to start creating your emails without spending too much time on technical stuff.

You may be like me and use WordPress or other website templating tools to minimize the code you needed to write. I use WordPress and ThriveThemes. ThriveThemes has an email subscription template that can be easily integrated with different email marketing services on this list: https://thrivethemes.com/integrations/

However, ThriveThemes does not currently provide integration for any of the privacy-friendly services described in the next section.

The email service should have as few trackers as possible on the email.

When you send an email newsletter, you may want to know how many people opened it, and how many of those people click through to any included links. Ideally, this helps you learn which emails people like, so you can improve your newsletter. However, the fundamental email protocols aren’t designed to track whether an email is opened. Therefore, in order to keep track of whether an email was read, an email newsletter service might include what is called a “tracker” in the email. This could be, for example, an invisible pixel image that the person reading the email can’t see. I won’t go into the details of how trackers work, but the most accurate trackers can’t be easily turned off. That means that the reader of your email doesn’t have a lot of control over whether you get read receipts (or not). But privacy-sensitive people might not appreciate trackers.

Another problem with tracker tech in email newsletters is that it can be difficult to understand who hosts the trackers. Are the tracker images hosted in the EU? Where is that traffic going? Is the email newsletter service relying on some other company to provide them? Do I have to dig through all their privacy policies and terms of use to understand?

For the purpose of this article, I tried to find which newsletter services have privacy-friendly tracking options. In general, I found two types of email newsletter services. One type makes it really hard to learn about the tracking technology. The other type is really upfront in that they don’t use trackers or have very restricted tracking.

Below is a list of the services that were upfront about privacy and tracking. Each one has a slightly different method of dealing with tracking. Here is a summary from reading the marketing and websites of the five privacy-friendly options.

Friendlyhttps://friendly.ch/ has it’s own analytics software that is hosted in Switzerland

SendStackhttps://getsendstack.com/ does not have tracking at all for opening newsletters

Mailcoachhttps://mailcoach.app/ allows you (the newsletter writer) to control whether readers are tracked when they open emails, but it is not clear where the information is stored.

Buttondown.emailhttps://buttondown.email/ Allows you to control tracking whether tracking occurs.

Keila: https://www.keila.io/ : Allows you to opt-out of tracking, but you need to host your own email to do so.

For many of you, tracking may not be an important criterion. Your readers may not be bothered by trackers, or they may not be aware of them. Maybe your newsletter is so fire that your audience is happy with the trade-off of free content for being tracked. It’s up to you to decide how important the tracking is.

I used SendInBlue (now Brevo) due to integration with my existing site, but it isn’t in the privacy-friendly list here. If you aren’t sure whether your existing newsletter service uses trackers, you can read their documentation, or you can install a privacy plugin and send yourself an email. I combed SendInBlue’s online documentation to try to understand how they track read receipts, but I didn’t get a clear answer. In the end, I installed a plugin called Ugly Email (https://uglyemail.com/) to see if there are trackers in SendInBlue emails. I did not find a tracker in my SendInBlue email.

The newsletter signup should incorporate usable privacy

People should be able to make privacy decisions based on clear information. The information should be true and helpful. Most privacy policies and legalese do not help people make privacy decisions. Don’t ask people to agree to a privacy policy or terms of use when those documents aren’t easy to read. Therefore, design your newsletter subscription page to be absolutely clear about what people are getting into. Be absolutely clear that they will get periodic emails.

Some newsletter templating services may have GDPR options that claim to help you comply wih GDPR. Pay attention to if these options add more value than just telling your audience what that you will send them emails. For example, the image below allows an email campaign to “Enable GDPR fields.”

The newsletter signup control has a checkbox titled “Enable GDPR fields”

If you selected “enable GDPR fields”, the when people signup for your newsletter, they will see a checkbox with a commitment to accept my newsletter and the data privacy statement. There is also some language about SendInBlue with their Terms of Use. There are a couple problems with this:

  1. The legalese is intimidating. There is a separate checkbox with some scary language about the reader “agreeing” to receive my newsletter and my data privacy statement.
  2. I tried to read the Terms of Use and I found it inscrutable. It seemed to be written for the newsletter owner, and not for my newsletter reader.

The intent of GDPR is to make sure that people know what they are getting into. The intent is not to force people to check checkboxes they don’t understand. The design of a checkbox and legalese meets the letter of GDPR, but not the intent.

Audience view. If I enable GDPR fields include a checkbox with “I agree…” . Note the legal text about SendInBlue with the Terms of Use.

A checkbox is only useful if you will use the email for two different things. For example, if you need the email to fulfill an order, and at the same time want to sign them up for a newsletter. Those are two different things. Then a separate checkbox would be needed, so people can choose to sign up for the newsletter in addition to the order fulfillment. In general, if this page is only used to sign up for a newsletter, the checkbox is not needed as long as you are clear about my purpose.

To be clear, design the email subscription signups for clarity and simplicity. The description should clearly states that it is an email subscription page, and the button should says “subscribe.” Use a double opt-in so your new audience member has to read their email and click again to subscribe. Also, be sure that your audience can unsubscribe at any time with one click.

Summary

This article has described some criteria for a privacy-friendly newsletter. You have a list of email newsletter services that are hosted in the EU or Switzerland, to help with GDPR compliance or if you have an audience in Europe. You also have a second list of privacy-friendly email marketing services that allow you to control tracking. I discussed the importance of ease of use and integration. and how I checked for privacy compliance. Finally, you can now confidently create a user-friendly subscription page without legalese.

Technical topics are explained at a high level in this article, but there are resources at the end for people who want more.

An email newsletter is a great way to build community. With these tips, you should find it easier to implement a privacy-friendly newsletter.

More Resources:

One Byte at a Time, Data Reimagined by Jodi Daniels, Justin Daniels has a nice breakdown of sensitive categories as determined by different laws https://redcloveradvisors.com/book-sales/

This blog post from Katharine Jarmul has a nice explanation of going even further to create a privacy-friendly email.

Shrems II is described here https://www.gdprsummary.com/schrems-ii/

Study on the length and cost of reading privacy policies. “The cost of reading privacy policies.” McDonald, Aleecia M., and Lorrie Faith Cranor. Isjlp 4 (2008): 543.

Wired has an article on how to tell if your emails are tracked. https://www.wired.com/story/how-to-tell-which-emails-track-you/

Washington Post has an article on blocking email trackers: https://www.washingtonpost.com/technology/2022/02/01/email-tracking-privacy/

About the Author Rebecca

Dr. Rebecca Balebako builds data protection and trust into software products. As a certified privacy professional (CIPP/E, CIPT, Fellow of Information Privacy) ex-Googler, and ex-RANDite, she has helped multiple organizations improve their responsible AI and ML programs.

Our Vision

 We help companies build data protection that their users love.

Privacy by Default

respect

Quality Process

HEALTH

Inclusion

>