“by a clear affirmative act”
“This could include ticking a box when visiting an internet website, choosing technical settings … or another statement or conduct which clearly indicates in this context the data subject’s acceptance
Silence, pre-ticked boxes or inactivity should not therefore constitute consent”
“concise, easily accessible and easy to understand, [using] clear and plain language and, additionally, where appropriate, visualisation be used”
“This is of particular relevance in situations where … the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising”
Example | Why is it good or bad? |
The first tick box uses a positive action to signify agreement , while the second tick box reverses this logic; using a positive action to signify refusal. The wording here is confusing, going against expected practice. Asking someone to click to opt-out, especially after asking someone to click to agree, is going to mean that customers who want marketing will not be on their mailing list; and those who don’t want marketing will be added to the list and will probably complain at a later date. The ambiguity in this process will make it easy for someone to argue that they hadn’t intended to give marketing consent and likely to be seen as non-compliant. | |
The wording here is again going against expected practice by asking someone to click to opt-out. While not confusing like the previous example, it's still not what is expected. While choice is good, the number of choices for similar items without much explanation may be confusing or simply annoying. If something is confusing or annoying it’s likely to be ignored. And looking at GDPR, if inactivity cannot constitute consent, failing to opt-out does not mean consent. | |
The wording for the second checkbox is an example of how to avoid the issues in the previous examples. Simple and clear wording, requiring a “positive act” to indicate consent. Additionally, this process introduces a pre-ticked box. A pre-ticked box is permitted in some situations. The European ePrivacy Directive (PECR in the UK and UWG in Germany) allow a pre-ticked box for limited mailing to customers. The pre-ticked box is still allowing a choice – the customer can choose to refuse; but it is not consent as per GDPR standards, so this form of permission is to a lower standard and may still cause confusion or complaints. Finally, the final statement sets the expectation that some types of email will still be sent. Remember that transparency is important not just for legal requirements but for consumer trust in your brand and the success of your marketing programme. | |
An issue with ticked or pre-ticked boxes is that you have to content with inertia and apathy. Unticked boxes to indicate acceptance or refusal are both at risk of staying unticked, regardless of the customer’s preference. A smart alternative to consider are radio buttons. Where the website form process requires a selection (opt in or out) to be made. This avoids the inertia effect while still providing choice and enabling you to demonstrate a positive act confirming consent. | |
The best way to use tick boxes may be to get rid of them completely! What you need for consent is a clear affirmative act and a process which is concise, transparent, intelligible ... using clear and plain language. Instead of tick boxes and trying to decide how to word something, all that may be needed is a simple piece of design, wording which explains exactly what's happening and a simple process, inviting your customer to provide their email address if they wish to sign up. Want to know more? |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |