Symphony.

A new extension, “Campaign Monitor” is now available for download. Comments and feedback can be left here but if you discover any issues, please post it on the issue tracker.

I think I’ve alluded to this extension before, but now I’ve finally cleaned it up a little to put up here. I have some cool ideas to extend this extension, so be sure to check back every so often :)

Awe. Some.

You should let Campaign Monitor know. They regularly blog about CM extensions for other platforms, and it occurred to me that extensions like this and others with hooks into big name services (Mint?, Basecamp?) would be a good way to promote Symphony.

Thank you for releasing this, I look forward to trying it.

It’s a great idea indeed. But you should be aware that using email services like Campaign Monitor may be a legal problem in countries with strict “Data Protection Acts” (i.e. privacy laws). From the README of my Email Newsletters extension:

In many countries special recipient opt-in and opt-out procedures may be required, and you might encounter the need to store opt-in evidence on your server.

In addition to that, in countries like Germany you wouldn’t even be allowed to transfer any personal data like email addresses to countries outside of the European Union. One exception is a recipient (company) in the USA who joined the Safe Harbour agreement which has been signed by the USA and the European Union in the year 2000. (This will mean that the company in the US must obey the according Safe Harbor Principles.) AFAIK, only around 1000 companies joined. More information can be found here:

• http://export.gov/safeharbor/ (general information)
• https://safeharbor.export.gov/list.aspx (list of companies)

Many companies in the USA simply don’t understand that this may be a real show-stopper for clients in the European Union.

BTW: This legal situation was the reason to develop the Email Newsletters extension. :-)

[EDIT]: Hmmm, Campaign Monitor seems to be in Sydney — so they can’t… But this means that there’s probably no way to use them without legal problems if you are located in the European Union (especially Germany).

Wow, thanks for those insights Michael. I must say Germany seem quite strict about it. Required opt-in/out procedures and logs is fine, but not allowed to “transfer any personal data like email addresses to countries outside of the European Union”… What a show stopper for SaaS companies around the world, including us here in Norway (not in the EU). Do you have any more references on these laws in Germany?

Ouch, they certainly are fairly hardcore rules! That must be fairly frustrating if a provider in Germany doesn’t offer the same services as one in another country. What do you use in Germany instead of CM/MailChimp?

@briandrum I plan to shortly, there’s still some things I’d like to tidy up first (and add).

Yes, Germany is indeed stricter than most of the Germans think! :-) There is for example an open discussion about Google Analytics which might be illegal here because it is sending user data (like the IP address) to the USA. Still many companies don’t care, but the time may come.

I did the above research some time ago (before I started building my own extension), and there is not much left apart from some fragments in my brain… But it should not be diffcult to find the most important facts using Wikipedia. Like this one:

Die Richtlinie 95/46/EG (Datenschutzrichtlinie) verbietet es grundsätzlich, personenbezogene Daten aus EG-Mitgliedsstaaten in Staaten zu übertragen, die über kein dem EG-Recht vergleichbares Datenschutzniveau verfügen. Dies trifft auf die USA zu, da diese keine umfassenden gesetzlichen Regelungen kennen, die den Standards der EG entsprechen.

(Source: http://de.wikipedia.org/wiki/Safe_Harbor)

My short translation: You may not transfer personal data from EU member states to states which don’t have a comparable level of data privacy (laws). This includes the USA because they don’t have regulations which conform to EU standards.

If you think about it, it makes perfect sense, doesn’t it?

An interesting point here is: The privacy policy of a company doesn’t help — it’s the legal obligation that counts.

What a show stopper for SaaS companies around the world

Yes, indeed. And a real issue for developers from the EU. How about Norway? Do you think you have comparable privacy laws? I don’t know, to be honest.

@brendo: I don’t know any email service providers in Germany which can be compared to Mailchimp or Campaign Monitor. There are some, but they are much more expensive. And I assume that their applications will not be as elegant as Mailchimp’s or Campaign Monitor’s applications. One reason for this assumption is the market (German speaking people, or even the EU — which means one language per country!) being rather small compared to “all the world except some strange countries” (the target market of US companies).

As I said, after a lot of research I decided to build my own Symphony extension.

There is for example an open discussion about Google Analytics which might be illegal here because it is sending user data (like the IP address) to the USA.

Google Analytics now offers settings to store anonymized IP adresses only.

Guess this is compliant to our paranoid laws now and you don’t even have to inform your users about Google Analytics on your site, since none of the other collected data counts as personal (like the IP address).

@brendo - do you have a MailChimp version of this extension?

No, we’ve never had to work with Mailchimp.

The concept could probably be reused though, you’d just have to update the function that contacts the API.

MailChimp?

Campaign Monitor updated to version 0.9.1 on 18th of February 2011

Hey Michael,

according to this article (in German language) MailChimp did join the Safe Harbor agreement recently. And it seems the blog author really knows what he is talking about.

You are right by the way, there is no email marketing service in Germany that even comes close to MailChimp.

So that's why I'm probably going to use it on my new website.

I talked to a lawyer the other day who said that unfortunately Safe Harbor has turned out to be a stub. She would not recommend to rely on this anymore due to missing control mechanisms on the American side, opening Safe Harbor for misuse — as a simple way to get into data business with Europeans (in many cases without meeting the related privacy policy demands).

I don't say that MailChimp does anything wrong!

But we (the "European side") seem to have no chance to control or ensure that the regulations are actually met by the companies taking part in the Safe Harbor agreement. And in general American companies and authorities tend to think that Europeans (especially Germans) are simply a bit strange when it comes to this "data privacy" thingie.

From a legal point of view it may still be ok for you to rely on Safe Harbor. But I wouldn't, just because I myself really like (most of) German privacy laws and regulations.