Marketing Compliance
      Back to home
      1. Knowledge Centre
      2. Marketing Compliance

      The Soft Opt-In Exception: Do Pre-Ticked Boxes Meet the Requirements?

      Wondering if pre-ticked boxes are compliant for collecting email subscribers? This article explains when pre-ticked boxes fail to meet requirements, and how to align with DPA guidance and soft opt-in regulations.

      Some eCommerce stores believe they are collecting subscribers compliantly at checkout by relying on the soft opt-in exception and using a pre-ticked box. However, this approach is non-compliant in several scenarios outlined below.

      Situations Where Pre-Ticked Boxes Are Non-Compliant

      1. Relying on Consent as a Legal Basis:
        • The store is relying on consent as the legal basis for direct marketing - a pre-ticked box does not collect valid consent, see this guidance from the UK's ICO.
        • The store might believe that they are collecting records of consent in their Marketing Automation Tool or eCommerce platform however these are not valid proof of consent if collected using a pre-ticked box.
      2. No Legitimate Interests Assessment (LIA):
        • Without conducting and passing a Legitimate Interests Assessment (LIA), reliance on legitimate interests to justify a pre-ticked box is non-compliant.
      3. Used in Jurisdictions Requiring Explicit Consent:
        • There is no soft opt-in exception in certain jurisdictions, instead explicit consent is required for marketing communications (e.g. Norway, UAE, Australia, New Zealand). A pre-ticked box does not meet this standard because it relies on inaction rather than clear, affirmative consent. For stores with customers from these countries, using a pre-ticked box means they have not collected the required level of consent, rendering any marketing sent to these customers non-compliant. 
      4. Marketing Beyond the Soft Opt-In Scope:
        • If marketing content extends beyond the store’s own products/services similar to what the customer purchased, the use of a pre-ticked box is non-compliant.
      5. Re-subscribing Unsubscribed Contacts Without Explicit Opt-In
        • Once a customer unsubscribes, explicit opt-in consent is required to resume marketing. A pre-ticked box does not meet this standard, as it does not constitute a clear, affirmative action.  If an unsubscribed customer is presented with a pre-ticked box and does not untick it, this does not qualify as valid consent, making re-subscription non-compliant.

      Guidance from Data Protection Authorities

      European Data Protection Authorities (DPAs) recommend using an unticked opt-out box when relying on the soft opt-in exception. For example:

      Conclusion

      Pre-ticked boxes may seem like a convenient way to collect email subscribers, but they often fail to meet compliance requirements under data protection laws. By following guidance from Data Protection Authorities and using mechanisms like unticked opt-out boxes where appropriate, businesses can ensure their email marketing practices are both compliant and trustworthy. Prioritizing transparency and proper consent mechanisms not only mitigates legal risks but also builds stronger customer relationships.