Re: Requests for consent must be freely given, specific, informed and unambiguous by a statement or by a clear affirmative action

Sending tracked and untracked links is exactly what we're doing...

per asset, not per person.

You don't need to send 2 links to the same person... if you don't know someone's consent status, send them the untracked link because they're assumed to not have consented, and give them the option upon clicking. What's the other case? You can't use the click itself as consent, that's clearly in violation.

I'm not sure we're talking at each other.

Person A consents to be in our database but chooses to opt-out of email tracking.

Person B consents to be in our database and chooses to opt-in to email tracking.

Person A and B both qualify for our send campaign. It is impossible* to send them the same asset but have one person tracked and the other not. (It is burdensome to develop two pieces of content, one specifically designed for untracked links).

Ergo, we needed Person A to choose to opt-in to email tracking or else we can't send them emails.

*OOB

This is interesting. Same question. Should we all be setting up two download emails, one with tracking and one without tracking per asset. (If now, we send download emails as a way to send the actual asset?) At my previous company, we just linked directly to the asset after the person filled out the form, so we didn't have to do download emails. I wonder if more people are going to move to that model.

One email, one intelligent token will do it.

I guess with your *OOB that makes sense. But since we tokenize content anyway, we now just use a Velocity token -- done!

what's the gist of that approach?

#if ( $opted-in-to-email )

<a href="$token-link-1">

#else

<a href="$token-link-1" class="mktNoTrack">

Yep, or with less repetition:

#set( $canBeTracked = $convert.toNumber("0${lead.canBeTracked}") )
<a class="$display.message( "{0,choice,0#mktNoTrack|1#}", $canBeTracked )" href="${link}">Le Click, C'est Chic</a>

Note that #if($opted-in-to-email) won't work with Marketo boolean fields (exported as strings in VTL) because all strings are boolean true.

Change “opted-in-to-email” to “opted-in-to-be-tracked/processed”. If they haven’t opted in to email, you’re not sending them any email.

Hi Keith - it's not that they're refusing to let someone download the content without filling out the form, it's that they require the user to tick the "opt-in/consent" box.  If you don't, they're blocking you from receiving the content. 

I just spoke with my team member and they said that you must still offer the asset even w/o opt in checked.

Again, I'd spend some time with legal if you plan to follow such a model.

hmmmm, interesting.

But what if the content contains calls-to-action like "Contact our sales to find out more"?

If you imagine a process map, a business might be doing the responsible thing and checking for consent at the very start of an interaction with a potential new customer. Now the customer has actively refused that consent and missed the opportunity to get past our consent gate.

It doesn't seem fair or reasonable that a business now has to implement a consent gate at every possible interaction if the customer changes their mind. If you contact sales, are they expected to provide a collection statement and information about privacy and receive explicit consent before storing any personal information? A reasonable business might say, hey, our sales people don't have the time or skills for that..  it seems like quite a burden on the sales person to have to record and manage consent.

my thoughts on this are scattered (and entirely my own without legal skills or knowledge!)

Our legal team is of the same belief (that you still must provide access to the content; and not force someone to provide their consent).  I just found it interesting when I came across this today - especially the reason given by the site owner - and wanted to share this with the community.

Our compliance team was under the same belief, that you should offer content without requiring an opt in. This is a very helpful post. Thanks, Dan Stevens​.

In actuality, i'm not following the approach in discussion, to play devils advocate and stir the pot here, I still really don't think there is a problem with this method. I mean we spend alot of time/money to make the content we produce. What law requires us to make it available/free to all people? In other examples the business has the right to define terms, like a bouncer at a nightclub saying that you aren't allowed in unless you comply with the dress code, or a 5 start chef not allowing guests to request food restrictions. As businesses, don't we reserve the right to offer our services/content only to people that agree with our terms?

I think for the most part, you're preaching to the choir here, Keith.  The same thing applies with the online/targeted advertising models that support much of the commercial content that's available online.  Without the ability to target, profile, etc., many of these sites wouldn't be able to turn a profit/remain in business.  GDPR is what it is (and there's no doubt that it's causing a lot of frustrations/uncertainty for many of us - and the companies that we work for).  And included with that are the risks that businesses are willing to take in how they continue to operate.

I was sent another perspective from a company based in the UK:

https://marketlocation.com/wp-content/uploads/2018/03/ML_GDPR_Brochure_2018_singlepages2.pdf

It too, contains some contradictory information from what many of us have been exposed to thus far (experts, legal team, etc.) - especially on pages 8 onward.  In fact your nightclub analogy was used here as well.  Here are some interesting perspectives from this document:

PECR treats the use of email for marketing communication differently depending on whether it is sent to ‘individual subscribers’ or to ‘corporate subscribers’.

PECR allows electronic direct marketing communications [email] to be sent to corporate subscribers (business email addresses of individuals working for incorporated entities) without prior consent, unless the recipient specifically requests not to receive emails from the sender (“opt-out”). Each direct marketing email should include an “unsubscribe” option to allow the individual to notify the sender that he/she no longer wishes to receive emails from the sender.

The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.’