Hakim b. Hazim (Allah be pleased with him) reported Allah’s Messenger ﷺ as saying: Both parties in a business transaction have the right to annul it so long as they have not separated; and if they speak the truth and make everything clear they will be blessed in their transaction; but if they tell a lie and conceal anything the blessing on their transaction will be blotted out.Translation of Sahih Muslim, Book 10, KITAB AL-BUYU’ (THE BOOK OF TRANSACTIONS)
In this article, you will learn how to set up a newsletter that is compliant with Islamic principles and with European law (“General Data Protection Regulation“, short: GDPR) at the same time. In the above hadith, Allah’s Messenger ﷺ has set out a general set of rules and Europe’s GDPR law provides instructions on the exact technical implementation to meet these rules.
The implementation of GDPR policies is often perceived as cumbersome. As something you just do because you have to. But Muslims should not shy away from it because it is the best transparency and fairness model existing today fulfilling this Islamic principle. Secular laws just constitute the lowest common denominator of justice and fairness. So feel free to expand your transparency fulfillment measures whenever it suits your particular case.
This is no legal statement because I’m not qualified, but as far as I know, the GDPR is a requirement for all websites that have Europeans as a target group. Even if you are operating from outside the EU. Not complying may result in a legal warning, the enforcement of it is left aside. But as Muslims have higher standards anyway, this shouldn’t be something we think much about.
In general, you should not consider this article as legal advice. Always consult a specialized lawyer in case of doubt.
This article will walk you through the technical details by using two specific tools to implement a newsletter service.
- Sender.net as the 3rd-party newsletter service provider
- Real Cookie Banner for the GDPR-compliant treatment of it
… on a WordPress website.
You might be using different tools. Nevertheless you should be able to apply the same concepts to your specific tech stack.
As a demonstration of the result, you can take the newsletter service of Islamic Marketplace.
So let’s dive in.
Configuring Your Sender.net Newsletter
After signing up at sender.net and completing the registration process, you’ll first want to create your newsletter form. It is the main form with which you collect the email addresses of your audience and that will be embedded somewhere in your website or landing page.
3 things you have to keep in mind here:
- Only the email address may be a mandatory field (“Data minimization requirement”). You may also request other data like the subscriber’s name or address, but these have to be optional fields, meaning subscription should work without filling in these fields. The subscriber’s email address is the only data without which the newsletter service can not work.
The captcha box is not mandatory but recommended to avoid bot registrations.
In the ‘Design” tab of Sender’s form editor you can make the form’s design fit your website’s or landing page’s design.
Setting up Double Opt-in at Sender.net
According to GDPR, you’re not allowed to just collect the email address and then start sending out newsletters. Because you could use anybody’s email address to subscribe him without him knowing. In fact, before the times of Double Opt-in, it was considered a soft attack to register someone’s email address at as many newsletter services as possible, only to annoy the person by having his mailbox overflow and having him to painstakingly unsubscribe from all services again (if that was even possible back then, because that wasn’t always a given). People did this with their boss’ email address when they were fired, for example.
So that’s why we have Double Opt-in today and it’s a mandatory mechanism you have to implement according to GDPR.
At Sender.net you use automations to implement Double Opt-in which are clearly described in the help section. See also their blog post about What is Double Opt-in & Subscription Confirmation Email? After setting up Double Opt-in for this website’s newsletter we ran into a review phase by sender.net’s support which lasted 1-2 days. In this time we could continue configuring stuff, but couldn’t send out any newsletters.
If you’ve gotten this far, you’ve set up everything necessary on the Sender.net side according to GDPR. Now let’s turn to the website/landing page where you embed this newsletter subscription form.
How to Advertise your Newsletter
This is the place where you have to make everything clear to the potential subscriber and not conceal anything, he needs to know to make a healthy decision.
The Subject Area
What are the topics of your newsletter? What can the recipient expect to read? Be clear and precise about it. Do you have sponsored content or are you displaying ads to fund your newsletter? No problem with this, just say it in advance.
Is your newsletter sent out every day or 3 times a year? Whatever it is, tell the subscribers how often they can expect to receive your newsletter. And stick to it, otherwise you could notice many unsubscriptions in your statistics.
Price / Costs for the Subscriber
If your newsletter costs something, then the price must be mentioned here. If your target group are only businesses (B2B) then you must make sure, that only businesses can subscribe and you can show the net price plus VAT in Germany for example. If you also target private persons (B2B and B2C or B2C only) you must show the gross price including VAT and the VAT rate of the customer’s jurisdication.
If your newsletter is free, then say so.
Again: How to Unsubscribe
Tell subscribers how they can unsubscribe from your newsletter like you did in the subscription form. Usually it is by clicking an ‘Unsubscribe’ link at the bottom of each newsletter, which is included per default in sender.net’s newsletter templates.
If you decide to use testimonials from your existing subscribers, which is a good idea btw, adhere to the following: Don’t lie, don’t make any testimonials up! I know, it sounds obvious, but unfortunately in our industry, it is common to cheat on this issue. But as a Muslim, this is no option for you, right?
So you have a decent newsletter subscription form now and a landing page that mentions everything about your newsletter service as clear as possible, without any lies and not concealing anything. Congratulations.
But we’re not done yet.
Enter the Realm of Cookie Banners and Privacy Policies!
Remember, we are dealing with the most advanced internet laws existing today and you have surely experienced cookie banners at some point, even if you’re not located in Europe.
Using a 3rd-party service like Sender.net and embedding a subscription form into your website makes it a case where the user’s consent is required . The user visits your domain, which doesn’t automatically mean, he is ok with loading other website’s content into his RAM (“random access memory”). So you have to get his consent for that.
I’m using Real Cookie Banner for managing consent for 3rd-party cookies or scripts, because I find it’s the easiest WordPress plugin for that. This is no marketing speak, I’m not lying either just to earn some cents via their affiliate program. This is my honest my opinion after having tried out several similar plugins. It should also be mentioned that the Complianz plugin too is very popular and does the same job very well.
Preparing the Cookie Banner
After installation, Real Cookie Banner advises to scan your whole website for external resources. After embedding sender.net’s newsletter form, open the [Scan] tab and let it scan for it.
After a while you’ll notice, that it detects the from’s source: cdn.sender.net
Real Cookie Banner asks you whether this resource belongs to an essential service without which your website wouldn’t work. Technically speaking, no, because your core website still works without the newsletter form. So this external resource is an element for which you need the user’s consent to load it.
Click “No” to open the content blocker configuration. You’ll notice that the CDN URL is already inserted in the URLs / Elements to block field. But this only prevents the external resources from loading. The result would be an empty white area where otherwise the contents are loaded. We also want to add an overlay asking for consent on the whole wrapper HTML element. In my case, the newsletter section is wrapped by a DIV element with the .im-newsletter class. The notation to specify this is:
Add it below the URL. The other fields should be self-explanatory.
You must also connect this to a service which doesn’t exist yet. Click on Create new service or open the Services (Cookies) tab.
Name this service and make sure it belongs to the group of Functional services.
Fill in the other fields and make sure you selected Consent (Opt-in) and activate the switch that says that this service doesn’t set any cookies, but integrates a script. Then save this configuration.
After saving the service configuration, go back to the Content Blocker configuration and to the field Connected Services. You can select the Sender.net service, you just created, from the pulldown list.
The last step is to show a visual content blocker to users who don’t consent to loading the newsletter form.
Now we have configured the following 3 consent scenarios:
- User consents to all cookies and external resources => everything, including your newsletter form will be displayed by default until the user revokes his consent
- User rejects all non-essential cookies and 3rd-party scripts => no cookies and no external resources, including the newsletter form, will be displayed
- User consents to some cookies and service and rejects other (custom choices) => whether your newsletter form is displayed or not depends on these custom choices.
When you open the cookie banners custom choices, the newsletter form you configured is located under Functional.
Click Show service information …
… you’ll see all information you entered in Real Cookie Banner’s service configuration.
So depending on the user’s consent, the newsletter section wrapped inside the HTML element <div class=”im-newsletter”> … </div> (in our example) will be either loaded and shown or not. If the user didn’t consent to loading sender.net’s newsletter form then an element blocker will be shown instead, while the rest of the website works as usual.
In this case, the user still has the chance to load it by clicking the [Accept services and load content] button.
This is how a GDPR-conform content blocker works. And you are also on the safe side from an Islamic perspective, because you respected the user’s choices and let him decide whether he wants to expose his data (ip address, time, browser etc.) to a 3rd-party service like sender.net, or not.
Keep in mind: by calling your website’s URL, you can only assume, that it is ok for the user to load the resources necessary to display your website into his device’s RAM. It is not particularly fair to make him load resources from other websites, he isn’t even aware of, in the process.
But don’t pat yourself on the back too soon, we’re not finished yet 🙂
Now we are done. And again, for the 3rd time, I am not a lawyer and this article constitutes no legal advice. I might have made mistakes or forgotten something and your project might be slightly different and therefore has other technical and legal requirements.
What I wanted to demonstrate with this article is, that in web development, Islamic traditions and secular laws don’t have to be opposites, but complement each other perfectly.
Remember the hadith of Allah’s Messenger ﷺ which I cited in the beginning of this article. It’s about speaking the truth, making everything clear (to your transaction partners) and not concealing anything. If we make the greatest effort in this regard, we may hope for Allah عَزَّ وَ جَلَّ‘s blessings.
This Article is part of the Ethical Website Creation series.
Ethical Website Creation is a way to create websites that take into account all the rights of the user and actively protects them, through the choice of technology or method of implementation.
Targeted at Muslim Web Developers and Muslim Business Site owners!
You will not find this kind of content anywhere else.