As a marketer, the dream is to be able to build and launch campaigns to grow your audience and sell your product or service. Pretty straightforward – right? Well, as marketers know it is rarely so straightforward. There is much to consider before launching any campaign, including anti-competition laws, IP issues, consumer protection laws and data privacy laws. It can seem like these are waiting in the long grass to trip you up and expose your business, but data privacy laws aren’t designed to do this, and if applied correctly, marketers can happily exist within these laws and all the while build healthy DATA relationSHIPS with their users.
A good example of this and one that many marketers aren’t aware of, is that businesses are often able to market to existing customers without their explicit consent.
If your organization has obtained an individual’s contact details ‘from a customer … in the context of the sale of a product or service’ a separate explicit consent to direct marketing may not be required if the following conditions are met:
- the direct marketing is in respect of your organization’s similar products and services only; and
- the individual has been given a simple means of refusing the use of their contact details for direct marketing purposes, at the time that the details were initially collected, and, if they did not initially refuse the use of the details, in each subsequent communication.
So, in simple terms, if you’re contacting someone who has bought from you before, you’re talking about a similar product/service and you gave them the opportunity to refuse direct marketing when they made the purchase you should be fine. This is often referred to as the “soft opt-in”
An obvious question arises here: What if there was an opt in box for marketing that the customer didn’t click, can we market to them based on the soft opt-in?
Example of compliant collection where the soft opt-in can be relied on:
Example of non-compliant collection practice:
What about using a pre-ticked opt-in box?
A common collection practice that is seen in many online shops is a pre-ticked opt-in box. As covered in this article, a pre-ticked opt-in box is not considered valid consent under GDPR or ePrivacy Directive, so should never be used if relying on consent as the legal basis. But since the legal basis for the soft opt-in is legitimate interest and not consent, one might wonder if a pre-ticked opt-in box can be used. Let’s explore this below.
While a pre-ticked opt-in box does allow a customer to refuse marketing as they can untick the box to show they do not wish to receive direct marketing, there are flaws/gaps with this collection practice. Some of the issues here are:
- The customer is not informed about their right to opt-out of direct marketing at any time.
- Many European supervisory authorities recommend using an opt-out box, so it is unclear how they would look upon a pre-ticked opt-in box.
So, while a pre-ticked opt-in box may technically fulfil the requirement of giving the customer a means to refuse direct marketing, it is not airtight. It is strongly recommended to use an opt-out box instead.
This highlights the importance of having your collection practices and opt-in/opt-out boxes configured correctly at every collection point on your website. Obviously, there are always nuances involved and the laws differ depending on jurisdiction. Our Collect product automates this for you and if you want to discuss the issue in more depth, we’re always on hand to help so don’t hesitate to contact us on either firstname.lastname@example.org or Michael@dataships.io.