Tick boxes and the opt-in process aren’t new to email marketers. With the advent of GDPR the concepts of information transparency and consent have become ubiquitous, but these concepts have been at the heart of a successful marketing programme for a decade before GDPR became law. The email industry is self-regulated quite effectively through the use of email filters, blocklists, and the monitoring of sender reputation. What this means is that for a marketer to hit the inbox successfully and consistently they need to generate a good sender reputation. And that means being clear about the marketing at the point of sign-up to set the right expectations, and then meeting those expectations by delivering messages that are expected, wanted and valued by recipients.
In addition to that self-regulation and set of simple core principles, the GDPR has introduced some additional requirements, raising the bar for consent. Marketers must explain more, be more transparent, but keep the language simple and concise. Under the GDPR consent can’t be bundled with any other agreement, can’t be a condition of a service and consent opt-in boxes can’t be pre-ticked.
This short guide explains those requirements and gives some examples to explain.
GDPR – Relevant Specific Requirements
The use of ticked or unticked boxes – Recital 32
Under the GDPR a person gives consent
“by a clear affirmative act”
“a clear affirmative action” is explained as:
“This could include ticking a box when visiting an internet website, choosing technical settings … or another statement or conduct which clearly indicates in this context the data subject’s acceptance
Silence, pre-ticked boxes or inactivity should not therefore constitute consent”
Choice of wording and layout – Recital 58
In order for consent to be valid, the person must know what they are accepting. The principle of transparency requires that information provided should be:
“concise, easily accessible and easy to understand, [using] clear and plain language and, additionally, where appropriate, visualisation be used”
“This is of particular relevance in situations where … the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising”
Experienced marketers already understand that opt-in processes that are ambiguous, confusing or misleading are unlikely to generate the trust required to build an effective mailing list and marketing programme. But now in addition to this; wording or processes which are ambiguous or confusing are unlikely to satisfy GDPR consent requirements.
Some examples showing this in practice
|Example||Why is it good or bad?|
The first tick box uses a positive action to signify agreement , while the second tick box reverses this logic; using a positive action to signify refusal.
The wording here is confusing, going against expected practice. Asking someone to click to opt-out, especially after asking someone to click to agree, is going to mean that customers who want marketing will not be on their mailing list; and those who don’t want marketing will be added to the list and will probably complain at a later date.
The ambiguity in this process will make it easy for someone to argue that they hadn’t intended to give marketing consent and likely to be seen as non-compliant.
The wording here is again going against expected practice by asking someone to click to opt-out.
While not confusing like the previous example, it’s still not what is expected. While choice is good, the number of choices for similar items without much explanation may be confusing or simply annoying.
If something is confusing or annoying it’s likely to be ignored.
And looking at GDPR, if inactivity cannot constitute consent, failing to opt-out does not mean consent.
The wording for the second checkbox is an example of how to avoid the issues in the previous examples. Simple and clear wording, requiring a “positive act” to indicate consent.
Additionally, this process introduces a pre-ticked box. A pre-ticked box is permitted in some situations. The European ePrivacy Directive (PECR in the UK and UWG in Germany) allow a pre-ticked box for limited mailing to customers.
The pre-ticked box is still allowing a choice – the customer can choose to refuse; but it is not consent as per GDPR standards, so this form of permission is to a lower standard and may still cause confusion or complaints.
Finally, the final statement sets the expectation that some types of email will still be sent. Remember that transparency is important not just for legal requirements but for consumer trust in your brand and the success of your marketing programme.
An issue with ticked or pre-ticked boxes is that you have to content with inertia and apathy. Unticked boxes to indicate acceptance or refusal are both at risk of staying unticked, regardless of the customer’s preference.
A smart alternative to consider are radio buttons. Where the website form process requires a selection (opt in or out) to be made. This avoids the inertia effect while still providing choice and enabling you to demonstrate a positive act confirming consent.
The best way to use tick boxes may be to get rid of them completely!
What you need for consent is a clear affirmative act and a process which is concise, transparent, intelligible … using clear and plain language.
Instead of tick boxes and trying to decide how to word something, all that may be needed is a simple piece of design, wording which explains exactly what’s happening and a simple process, inviting your customer to provide their email address if they wish to sign up.
I hope this explanation and examples help you to understand the rules and give you some inspiration on how to make your opt-in process more effective!
Please leave feedback below and/or hit the “like” button to show this type of content is useful.
You can ask questions and provide suggestions for helpful email deliverability topics in the Q&A area Q&A – SAP Emarsys Email Deliverability.
And if you’d like to find out more about SAP Emarsys Customer Engagement you can visit the community page: SAP Emarsys CX.