To Opt-in or Opt-out that is the question

Alex Franch
March 17, 2023

Table of Contents

Opt-in or Opt Out- What Does it Really Mean?

Sending Electronic Communications or in human talk (Emails and SMS) we must follow a set of rules. Many people confuse these with GDPR but really they are covered by GDPR’s cousin the ePrivacy Directive.

💡 The ePrivacy Directive sets out what you can and can’t do in terms of electronic communications and cookies!

There are 4 ways in which we can justify sending Emails and SMS to customers and potential customers. We can justify it following an Opt-in or Opt-out rule.

Opt in

You can assume a customer “opted in” when they’ve clearly given their consent for you to send them emails and sms.

💡 In the eyes of the law, this is when a user gives user does an affirmative action to offer their consent.

In real life:

  • Happens using a checkbox
Opt in

"But my users accept terms and conditions and in the terms, they already agree to Marketing emails?"

WRONG. This is a common misconception. However, under the GDPR it is not valid to attribute consent to acceptance of terms and conditions. If the people you want to send emails to have already accepted your terms and conditions - you still need to add an additional checkbox like the one above.

Strange Exception 1: Double opt-in

Like opt-in but you need to do it twice. For example via a form with a checkbox as in the image below and then a person clicking a link in an email to confirm their consent.

Double opt in

Weird Exception 2: Soft-opt in

Of course things can’t be as simple as A or B. There’s this grey area is called soft opt-in.

‘Soft opt-in’ says that you can send marketing messages if a customer has previously purchased or expressed interest in offers or services. You can only use soft opt-in when you're offering similar goods or services.

For example, if a customer buys a Tesla you can send them emails regarding to cars or a charging port or so. However, you must give the customer the chance to opt-out every time you contact them. This must be clear.

Opt out

Means that you can send communications until a user revokes their consent. A pretty important thing is that you should allow for customers to revoke consent at any time.

Opt out

How do I know if I can use one or another?

Well... it depends on mainly two things:

  1. Which country you’re sending marketing communications to 🇪🇺🇬🇧
  2. If you’re marketing to Individuals 🏠🙋 or Businesses 🏢👩‍💼

Interactive Tool

Use the free tool that we've built below to find out if you need to use opt-in, soft-opt in or double-opt in. See a tutorial on how to use the tool here or below:

🔰 We’ve built a small FREE tool to help you with this. It lives here. Find out of you if should use Opt-in, Opt-out, Double-opt in or Soft opt-in! 🔰

Want help with your GDPR? Book a call here to find out why Privasee is the trusted partner for hundreds of businesses!


Alex Franch is the co-founder and CEO of Privasee. With a background in computer science and cybersecurity, it is no surprise that he is a highly analytical problem solver; now putting these skills to use within the data privacy space. Alex is passionate about GDPR, and productivity and spends a lot of time doing sports as he values the importance of having a work-life balance. He is excited to help businesses generate documentation, and become and maintain GDPR compliance through the Privasee platform.

Get Compliant in <1 Hour

Are you Fully GDPR Compliant?

Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.