Regulations about data and privacy frequently evolve and change. New laws may go into effect without your knowledge, or existing laws may be interpreted differently by regulatory authorities against the transforming digital landscape. It's important to monitor how you contact your customers to comply with the law.
This article outlines some best practices for complying with the various regulations and data protection that may apply to your business.
What is Consent?
Consent is a common feature of most privacy, marketing and/or consumer data laws. Under a wide swath of different laws in different regions, you need consent of the email recipient to contact that person with a marketing email or other direct marketing communication. Typically, the law where the email recipient is located is the law that applies to your marketing communication. For example, if your business is located in London, U.K., and the recipient is located in Canada, you will need to comply with Canadian marketing and data privacy laws when sending a direct marketing communication.
Obtaining the appropriate consent—collecting consent—is critical. It respects the rights of your prospective customers and is usually legally required. Many laws carry significant fines for failing to appropriately collect consent before sending a direct marketing communication.
Best Practices for Collecting Consent
When collecting consent, it’s important to inform customers about what they can expect by subscribing to your marketing and what you will do with the data you collect.
AdRoll makes it easy to add consent to your forms by toggling the consent fields in the legal compliance tab.
When toggling the consent fields to ‘On’, AdRoll will include a consent message that you can use or customize to meet your needs and legal obligations. We suggest consulting with your legal counsel or other privacy professionals to ensure that the content is suitable for your specific regulatory requirements as this can vary significantly depending on the country that you’re operating in and where your customers are located.
What Qualifies as Consent?
The GDPR is a landmark data privacy law protecting Europeans. One of the cornerstones of the GDPR is its explicit definition of what constitutes consent. Specifically, consent must meet the following requirements:
- Freely given: the person must not be pressured into giving consent or suffer any detriment if they refuse.
- Specific: the person must be asked to consent to individual types of data processing.
- Informed: the person must be told what type of data collection and processing for which they are giving consent.
- Unambiguous: A collection of consent must be made using clear and simple language.
- East to withdraw: the person must be able to easily withdraw their consent at any time.
- Clear affirmative action: the person must expressly consent through action—doing or
See Article 4 of the GDPR. The Brazilian data privacy protection law (LGPD) shares a similar definition.