When is Double Opt-in Consent required for compliance

Germany require double opt-in consent in certain circumstances for direct marketing

What is Double Opt-in Consent?

As explored in this article GDPR provides strict requirements around what is considered valid consent. For consent to be valid it must be freely given, specific, informed and involve an unambiguous indication of the individual’s intention. This is single opt-in consent and that is sufficient consent for most EEA countries direct marketing laws. Germany however require double opt-in consent in certain circumstances for direct marketing. 

Figure1: Opt-in Consent collection example

The process of gathering double opt-in consent typically works as follows:

  1. The individual gives their first consent as outlined above
  2. The company must send a verification email to confirm the individual is the owner of the email address who provided the first consent
  3. The confirmation email should provide a way for the individual to indicate that they gave their consent for direct marketing, usually by simply clicking a link
  4. Only once the individual has verified their email address and therefore double opted-in, can the company start sending them marketing communication
The confirmation email itself should not include any other information about the company’s products/services besides the link or it might also be seen as direct marketing requiring consent.

The company is responsible for maintaining evidence of consent declarations. Therefore, they should log both consent declarations (usually ticking a box and clicking a link) as evidence of valid consent from the recipient.

When is Double Opt-in required?

While double opt-in consent is considered best practice, the only EEA countries in which it is legally required are Germany.

Germany requires double opt-in consent for direct marketing at all collection points.

In comparison, Austria requires double opt-in consent in general, but legitimate interest can be relied on when a customer purchased a product/service from the sender and they were given the chance to opt out at the time of collection. This is called the 'soft opt-in'.

An example of Double Opt-in confirmation email

Subject: Please confirm subscription

Hi,

Thank you for your interest in receiving news, special offers, other promotional material, and marketing communications from us by email. Please click here to confirm your subscription.

To find out more about how we look after your personal data, view our privacy policy.

Thanks,

Company ABC

 

Disclaimer:  The contents of this article are for informational purposes only, and not for the purpose of providing legal advice. You should contact your legal counsel to obtain advice with respect to any particular issues or problems.