I discovered a disturbing thing yesterday when exporting my Mailchimp e-mail contacts for IFF. Mailchimp has more personal data than I asked for. When signing up for my weekly digest, all I want to know is an e-mail address. It’s the only thing I need to know for sending an e-mail to a person. I deliberately do not ask for names or other details. The less I know, the better considering the chances of data breaches and GDPR legislation. After exporting my contact list from Mailchimp I found out the service has more data on record than I asked for. For instance for one person who registered for my e-mail subscription list I have a first name, a last name and birthday on record. I’ve never had input fields for that information in my subscription form, so how do those personal details end up in my contact list on Mailchimp?
The only explanation I can think of is that Mailchimp keeps unique ID’s based on an e-mail address. The data that person discloses to a Mailchimp mailing list then ends up in all other mailing lists that person subscribes to using the same mail address. A hint for that explanation are the ID numbers that I also received in my data export from Mailchimp. All users are assigned two ID numbers, a LEID and an EUID. This is Mailchimp’s explanation about these ID’s:
LEID is the unique identifier for a contact, specific to an audience. EUID is the unique identifier for a contact on the account level, across all audiences.
Whatever the reason and mechanics behind Mailchimp’s user ID’s, I’m really shocked to find out I own personal data I never asked for. Even worse, the person subscribing to my mailing list never agreed for me to have that data. A serious breach of trust (and the law).
There is more data in the export file. IP address is logged at opt in and again when confirming ones subscription. Latitude and longitude. And based on that information country and province are logged. I was under the assumption I only asked for an e-mail address and that would be the only thing on record. I was wrong.
My conclusion is that I should never have used Mailchimp in the first place for sending my automated blog digest. I exposed my readers to a data collector. I deeply apologize for that.
I am now switching to a WordPress plugin called Mailpoet. The sign-up data is stored in the database belonging to this blog. The only data I transferred from Mailchimp to my blog are e-mail addresses, as subscribers agreed to when signing up. The only extra information that is logged are IP addresses when signing up and confirming. With that data I can prove consent for signing up to anyone asking (or a subscriber to prove an e-mail address was misused for signing up). I will delete my account for IFF with Mailchimp and remove the export files on my computer.
This case clearly shows how easy it is to collect excess data. Lesson learned.