AI告诉公司,如果用户可以取消勾选,预先勾选的营销邮件选择加入框符合GDPR
AI tells a company that pre-checked opt-in boxes for marketing emails are GDPR-compliant if the user can uncheck them
ID: legal/gdpr-email-consent-checkboxes
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| gdpr_regulation | active | — | — | — |
| eprivacy_directive | active | — | — | — |
| ico_guidance | active | — | — | — |
根因分析
GDPR第7(2)条和电子隐私指令要求明确、自由给予且毫不含糊的同意;预先勾选的复选框被明确禁止,因为它们不构成'主动'同意。
English
GDPR Article 7(2) and ePrivacy Directive require explicit, freely given, and unambiguous consent; pre-ticked boxes are explicitly prohibited under Article 7(2) and the ePrivacy Directive 2002/58/EC as they do not constitute 'active' consent.
官方文档
https://gdpr-info.eu/art-7-gdpr/解决方案
-
Change the opt-in to an unchecked checkbox with a clear, affirmative action: user must actively tick it. Example: <input type='checkbox' id='marketing' name='marketing' value='yes'> <label for='marketing'>I consent to receive marketing emails</label>
-
Implement a double opt-in process: user ticks unchecked box, then receives confirmation email with link to verify. This provides auditable proof of consent.
无效尝试
常见但无效的做法:
-
Adding a 'Unsubscribe' link in the footer instead of fixing the opt-in process
70% 失败
Unsubscribe is for existing subscribers, but the initial consent collection method is still non-compliant; supervisory authorities (e.g., CNIL, ICO) fine for the collection method itself.
-
Using a single opt-in checkbox labeled 'I agree to receive marketing' that is pre-checked
90% 失败
Pre-ticked checkboxes are explicitly banned; this is a common but incorrect shortcut that violates GDPR Article 7(2).