GDPR_ART7_PRE_TICK
legal
regulatory_barrier
ai_generated
true
AI tells a company that pre-checked opt-in boxes for marketing emails are GDPR-compliant if the user can uncheck them
ID: legal/gdpr-email-consent-checkboxes
85%Fix Rate
88%Confidence
1Evidence
2024-02-15First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| gdpr_regulation | active | — | — | — |
| eprivacy_directive | active | — | — | — |
| ico_guidance | active | — | — | — |
Root Cause
GDPR Article 7(2) and ePrivacy Directive require explicit, freely given, and unambiguous consent; pre-ticked boxes are explicitly prohibited under Article 7(2) and the ePrivacy Directive 2002/58/EC as they do not constitute 'active' consent.
generic中文
GDPR第7(2)条和电子隐私指令要求明确、自由给予且毫不含糊的同意;预先勾选的复选框被明确禁止,因为它们不构成'主动'同意。
Official Documentation
https://gdpr-info.eu/art-7-gdpr/Workarounds
-
95% success Change the opt-in to an unchecked checkbox with a clear, affirmative action: user must actively tick it. Example: <input type='checkbox' id='marketing' name='marketing' value='yes'> <label for='marketing'>I consent to receive marketing emails</label>
Change the opt-in to an unchecked checkbox with a clear, affirmative action: user must actively tick it. Example: <input type='checkbox' id='marketing' name='marketing' value='yes'> <label for='marketing'>I consent to receive marketing emails</label>
-
98% success Implement a double opt-in process: user ticks unchecked box, then receives confirmation email with link to verify. This provides auditable proof of consent.
Implement a double opt-in process: user ticks unchecked box, then receives confirmation email with link to verify. This provides auditable proof of consent.
中文步骤
Change the opt-in to an unchecked checkbox with a clear, affirmative action: user must actively tick it. Example: <input type='checkbox' id='marketing' name='marketing' value='yes'> <label for='marketing'>I consent to receive marketing emails</label>
Implement a double opt-in process: user ticks unchecked box, then receives confirmation email with link to verify. This provides auditable proof of consent.
Dead Ends
Common approaches that don't work:
-
Adding a 'Unsubscribe' link in the footer instead of fixing the opt-in process
70% fail
Unsubscribe is for existing subscribers, but the initial consent collection method is still non-compliant; supervisory authorities (e.g., CNIL, ICO) fine for the collection method itself.
-
Using a single opt-in checkbox labeled 'I agree to receive marketing' that is pre-checked
90% fail
Pre-ticked checkboxes are explicitly banned; this is a common but incorrect shortcut that violates GDPR Article 7(2).