I recently came across an example where I was registering to download content and the site required me to tick the opt-in checkbox - while submitting the form - in order to download the content: 16 Tips to Capture Marketing Consent for GDPR – CleverTouch .
I used their chat feature to inquire about this since much of what we've learned is that you cannot make the ticking of the opt-in checkbox required. The response I received was as follows:
The GDPR legislation talks about a "balance" in the exchange when it comes to opting-in - we take the view that if we're giving away content for free, there is a balance that you will provide us something in return. If you don't want to provide us that then that's OK - you just won't get the content. As another example, if this was a paid for event then we wouldn't capture opt-in as well, as that would indicate an imbalance (revenue + an opt-in for 1 event registration).
Again, just wanted to share yet another interpretation/implementation of the GDPR laws. Thoughts?
First, I'm not a lawyer. Best to discuss with legal counsel.
That being said, I would agree with them - if you want to get the content, you must check the box.
For a Contact Us form, or a free trial, perhaps that is less certain - Yes, I want the free trial but no, I don't want extra marketing. Requiring opt in there would likely lead to lower conversion rate.
What CASL and GDPR say is that you cannot "pre-check" the box for them, that is to assume the opt in for the person. You must take a free action that is explicit and deliberate to opt in. Even for events, we were asked that the scanner or tablet be presented to the Lead for opt in checkbox.
I can see more companies following this model. I mean there really shouldn't be a reason why we aren't allowed to do this... The person is submitting their information on their own and checking the box on their own. Kinda like a restaurants "right to refuse service to anyone". No info, no free whitepaper. I think it's pretty sweet!
Hi Keith - it's not that they're refusing to let someone download the content without filling out the form, it's that they require the user to tick the "opt-in/consent" box. If you don't, they're blocking you from receiving the content.
I just spoke with my team member and they said that you must still offer the asset even w/o opt in checked.
Again, I'd spend some time with legal if you plan to follow such a model.
Our legal team is of the same belief (that you still must provide access to the content; and not force someone to provide their consent). I just found it interesting when I came across this today - especially the reason given by the site owner - and wanted to share this with the community.
In actuality, i'm not following the approach in discussion, to play devils advocate and stir the pot here, I still really don't think there is a problem with this method. I mean we spend alot of time/money to make the content we produce. What law requires us to make it available/free to all people? In other examples the business has the right to define terms, like a bouncer at a nightclub saying that you aren't allowed in unless you comply with the dress code, or a 5 start chef not allowing guests to request food restrictions. As businesses, don't we reserve the right to offer our services/content only to people that agree with our terms?
I think for the most part, you're preaching to the choir here, Keith. The same thing applies with the online/targeted advertising models that support much of the commercial content that's available online. Without the ability to target, profile, etc., many of these sites wouldn't be able to turn a profit/remain in business. GDPR is what it is (and there's no doubt that it's causing a lot of frustrations/uncertainty for many of us - and the companies that we work for). And included with that are the risks that businesses are willing to take in how they continue to operate.
I was sent another perspective from a company based in the UK:
It too, contains some contradictory information from what many of us have been exposed to thus far (experts, legal team, etc.) - especially on pages 8 onward. In fact your nightclub analogy was used here as well. Here are some interesting perspectives from this document:
PECR treats the use of email for marketing communication differently depending on whether it is sent to ‘individual subscribers’ or to ‘corporate subscribers’.
PECR allows electronic direct marketing communications [email] to be sent to corporate subscribers (business email addresses of individuals working for incorporated entities) without prior consent, unless the recipient specifically requests not to receive emails from the sender (“opt-out”). Each direct marketing email should include an “unsubscribe” option to allow the individual to notify the sender that he/she no longer wishes to receive emails from the sender.
The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.’
Our compliance team was under the same belief, that you should offer content without requiring an opt in. This is a very helpful post. Thanks, Dan Stevens.
But what if the content contains calls-to-action like "Contact our sales to find out more"?
If you imagine a process map, a business might be doing the responsible thing and checking for consent at the very start of an interaction with a potential new customer. Now the customer has actively refused that consent and missed the opportunity to get past our consent gate.
It doesn't seem fair or reasonable that a business now has to implement a consent gate at every possible interaction if the customer changes their mind. If you contact sales, are they expected to provide a collection statement and information about privacy and receive explicit consent before storing any personal information? A reasonable business might say, hey, our sales people don't have the time or skills for that.. it seems like quite a burden on the sales person to have to record and manage consent.
my thoughts on this are scattered (and entirely my own without legal skills or knowledge!)