Re: Form Visibility Rules

Totally agree with Josh.  You cannot legally rely on any inferred data, as it's known to be unreliable.  "I didn't know you were in Canada" is not an excuse.

Yes, I agree the inferred location cannot be relied upon. It is set only once (never updated after the first visit) and is often inaccurate (due to VPNs and whatnot). When I reached out to Marketo support they recommended not using it to determine location of individuals, but rather get a ballpark snapshot of where visitors as a whole are coming from.

Danish,

I do not believe it is possible to have the visibility for the opt-in field dependent on the country value since the form cannot see the form submitter's country value. So I was just suggesting a work-around of having the country field visible on the form as pre-filled so the visibility for the opt-in field has something to reference.

I do not believe it is possible to have the visibility for the opt-in field dependent on the country value since the form cannot see the form submitter's country

It's certainly possible.

If you are able to use PreFill, then you can add Country to the form but hide it from view (not as field type Hidden, but hidden using CSS) if it has an initial value.  That value will still be used in Visibility Rules.  Any lead that doesn't have an existing value should still see the dropdown so they can choose one.

Please ask for Country and make it required if you want to comply.

Josh - I am updating my forms to populate an opt-in check box when someone selects Canada as their country. Do you know if I can make the opt-in check box a require field since the only people who will see it are the people who choose Canada? I don't want all of the non-Canadians to have form completion errors because they aren't checking a box they will never see!

Making a checkbox required is also unethical - and potentially illegal (such as with the upcoming EU GDPR).  So basically what you're saying is "unless you check the opt-in box, you cannot submit the form"

Making a checkbox required is also unethical... what you're saying is "unless you check the opt-in box, you cannot submit the form"

But that's not a priori unethical. It's the same logic as not letting somebody download software unless they agree to a EULA. How else do you indicate to someone that they must not submit a form unless they understand what you will do with their data, and what they are allowed to do with your data?  That's not the same as forcing them to submit the form!

Stepping in from my vacations in Spain

The new EU GDPR makes it extremely clear that the consent must be traceable and opposable, meaning the double opt-in, if not explicitly mentioned by the GDPR, is in fact a must have, expecially when the IP address is the company's and cannot be used to prove who filled out the form.

The GDPR also makes it clear that the consent has to be explicit and well informed. I have not yet had a clear feedback from the lawyers whether this means that all details have to be provided on the forms or if a link to a terms and conditions page is enough.

But on this "explicit and well informed content" point, one thing is sure, as stated by Sanford, pre-checking the opt-in box is forbidden, and misleading is even worse.

One also needs to know that, per the GDPR, at any point in time, an individual can ask for his data to be removed or modified and vendors have to provide a mechanism for this. Not sure of the best way to achieve this, though

Per the thread above one should not mix 2 issues :

1. The approval of purchase or usage conditions for a service. Example of this would be acceptance of a EULA for downloading a trial version. This can indeed be a pre-requisite for submitting a form. In other terms, the vendor has the right to ensure that the visitor checks the box prior to been allowed to submit the form. But this has nothing to do with privacy, nor opt-in.
   Some confusion can come from the fact that some EU countries were using this technique so far for the opt-in. I am not sure yet whether this will be strictly forbidden with the GPDR (still working on with lawyers), but anyway I do think this is bad practice for lead generation content. Saying to someone "You can only get my white paper if you agree to receive marketing emails in the future" would be very very badly perceived in most countries and upset many people.
2. The opt-in on receiving further Marketing communication, which really falls directly under the GDPR.

I concur with Dan on the fact that operational emails are not impacted by the GDPR, yet the definition what is an operational vs Marketing email has to be strictly enforced. Remember that 2 of the characteristics of the GDPR are the very high level of penalties that any breach can lead to and the extra-territoriality (it applies to any company doing business in the EU, not only to companies located or headquartered in the EU).

More globally, the GDPR will probably foster the need for subscription centers, rather that one-off opt-in/opt-out

My 2 cents,

-Greg

This is pretty much what I've been trying to convey throughout this discussion - Greg obviously has a more eloquent way of explaining this. And forgive me, Sandy, I interpreted some of your replies above as saying it's OK to force a user to check an opt-in checkbox, equating it to an EULA/terms-of-use scenario. Which is what triggered this thought-provoking debate here.

Maybe i'm misunderstanding the question.  So we're not telling the user that they must click the "opt-in" checkbox if they want to proceed?  Similar to how we use "implied" consent when someone visits our website (primarily for countries outside of North America that have strict cookie policies:

This will no longer be acceptable after May of next year (to comply with GDPR).  So I was just thinking the same is being done here - but with an opt-in checkbox.  Kind of like forcing a user to check it, even though they don't want to opt-in to future marketing emails.

Either the checkbox must be checked to proceed, or the checkbox must not have been checked if the person doesn't proceed (contrapositive!). But that doesn't mean the person must proceed: they aren't being forced to do anything.

Again, like explicit consent with a EULA. Not implicit ("if you do this thing that isn't principally consenting, you have also consented") consent.

Thank you Sanford Whiteman​ and Dan Stevens​ for your responses to my question. I'm still relatively new to Marketo AND I'm trying to figure out the best way to comply with the CASL and other anti-SPAM laws, so your feedback has been very helpful.

I guess I hadn't thought about the fact that requiring an opt-in checkbox for Canadians might be unethical. We send an autoresponder email with the information a lead requests via the form completion, so my thought was to add the check box when someone indicates that they're from Canada so I can ensure documentation of their consent before I send them the autoresponder. My company used to take the form completion (along with brief disclaimer text saying that we will email product info to people submitting the form) as confirmation that the person is giving consent for us to email them with the info they've requested, but I don't believe that counts as "express consent" for CASL.

I probably need to get a better understanding of CASL and EULA to figure out how to proceed from here.

It's not unethical or illegal to present an UNchecked checkbox, correctly labeled with jurisdiction-specific text indicating what's being agreed to if checked.

Don't know how we started going down the road of unchecked-by-default checkboxes with explicit agreements being problematic. They're the opposite of problematic: they're the only way -- short of digital signatures -- to allow people to grant express consent on the front end.

The other options are checked-by-default (illegal in many countries) or unchecked-but-with-misleading-text (illegal in even more countries, since it could fall under false advertising or other trade practices).

I think what's still unclear, Sandy, is that for a user to proceed in submitting the form - and making the field required, aka "checked" - it might not align to some of the new laws/regulation coming down the pike.  I see what you're saying about liking this to EULAs, but I'm just not sure that would fly in the eyes of the EU (and I realize we're only dealing with Canada in this instance (where CASL laws are also very strict) - but if they market/sell their services to EU countries, GDPR would apply to them). 

Cayce, going back to the original question, why not just have the opt-in field appear for Canadian users?  Why do you want to make this a required field that someone must "check" in order to submit the form?

Wow, this appears to be a much more complicated issue than I originally thought! And it sounds like there's even more I need to look into regarding some upcoming changes in EU laws.

My plan is to only have the opt-in field appear for users who select Canada as their country. I wanted to make the opt in checkbox a required field because once a person complete one of our web forms (for instance, a web form to request pricing information from us), we normally send an email response with the pricing information they've requested. If the person doesn't checked the opt-in consent box, if I understand the rules correctly, we wouldn't be able to email with the information that they've completed the form to request in the first place. Perhaps I'm overthinking the issue, but I work for a small company and I'm the only person responsible for email marketing compliance, so if it's not done right, any problems that come from non-compliance will fall back on me.

Perhaps I need to leave the opt in box as not required, and set up a rule that alerts a sales rep to follow up by phone with info requested from a Canadian via web form vs. sending that info in an email.

Thank you again Dan Stevens​ and Sanford Whiteman​ for your input on this question. I think you both make good points, and I'm sure there are many other marketing professionals who would benefit from more clarification/training on how best to comply with the various laws, especially as they keep changing!