# AI tells a company that pre-checked opt-in boxes for marketing emails are GDPR-compliant if the user can uncheck them
- **ID:** `legal/gdpr-email-consent-checkboxes`
- **Domain:** legal
- **Category:** regulatory_barrier
- **Error Code:** `GDPR_ART7_PRE_TICK`
- **Verification:** ai_generated
- **Fix Rate:** 85%
## Root Cause
GDPR Article 7(2) and ePrivacy Directive require explicit, freely given, and unambiguous consent; pre-ticked boxes are explicitly prohibited under Article 7(2) and the ePrivacy Directive 2002/58/EC as they do not constitute 'active' consent.
## Version Compatibility
| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| gdpr_regulation | active | — | — |
| eprivacy_directive | active | — | — |
| ico_guidance | active | — | — |
## Workarounds
1. **Change the opt-in to an unchecked checkbox with a clear, affirmative action: user must actively tick it. Example: ** (95% success)
```
Change the opt-in to an unchecked checkbox with a clear, affirmative action: user must actively tick it. Example:
```
2. **Implement a double opt-in process: user ticks unchecked box, then receives confirmation email with link to verify. This provides auditable proof of consent.** (98% success)
```
Implement a double opt-in process: user ticks unchecked box, then receives confirmation email with link to verify. This provides auditable proof of consent.
```
## Dead Ends
- **Adding a 'Unsubscribe' link in the footer instead of fixing the opt-in process** — Unsubscribe is for existing subscribers, but the initial consent collection method is still non-compliant; supervisory authorities (e.g., CNIL, ICO) fine for the collection method itself. (70% fail)
- **Using a single opt-in checkbox labeled 'I agree to receive marketing' that is pre-checked** — Pre-ticked checkboxes are explicitly banned; this is a common but incorrect shortcut that violates GDPR Article 7(2). (90% fail)