We have both opt-in and opt-out consent practices in today’s data privacy regulations. The CCPA, for instance, is an opt-out consent practice. Consent is still largely opt-out despite growing privacy concerns in countries such as the United States, Switzerland, Hong Kong, and Australia.
Opt-in vs Opt-Out Cookies
Since introducing the e-Privacy Directive in the EU, cookie laws have become much stricter. Two of the most notable changes have been enabling opt-in and opt-out in cookie consent banners.
Opt-in consents require websites to obtain explicit consent from users, whereas opt-out content is where cookies are marked consent by default unless the user denies the request or withdraws the consent at a later time.
With this approach, non-essential cookies are active by default and only deactivated once a user opts out. Organizations must let users view the opt-out cookie consent banner first and then drop the cookies to stay compliant.
Opt-In & Opt-out: When and How to Use
Opt-Out under CCPA
The California Consumer Privacy Act provides consumers with the right to opt-out and prevents businesses from selling their data.
Companies complying with CCPA must have clearly defined policies and procedures to help consumers with their right to opt-out of the sale of their data. The CCPA requires businesses to have an option for users to click “Do Not Sell My Personal Information.”
How Does Opt-Out Work in CCPA?
Opt-out applies only to California consumers over the age of 16. Businesses must honor the consumer’s right to opt-out unless the consumer consents to opt-in to sell their personal information.
What Does CCPA’s Opt-Out Mean for Businesses?
The CCPA applies to businesses having:
- More than $25 million in annual revenue
- Have personal information on 50,000 people or households annually, or
- Receive more than 50% of their revenue from the sale of personal information
Businesses that meet these criteria and sell to California residents comply with the CCPA. It grants California-based users the “right to opt-out” of selling their data (Section 1798.120 (a) of CCPA.
Opt-In under GDPR
GDPR has a global impact on all businesses that receive traffic from EU citizens, even if these businesses are located outside the EU.
GDPR requires that users must have the option to enable cookies freely. Since multiple cookies exist, including advertising and analytics cookies, users must have different opt-in options for the different cookie categories.
GDPR defines consent as “freely given, specific, informed and unambiguous” given by a “clear affirmative action.” Assigning consent by a lack of response or pre-filling inboxes is not permissible.
Opt-In in GDPR
Opt-in under the GDPR applies to any organization operating within the EU and any organizations outside of the EU that offer goods or services to customers. In short, most large corporations need to comply with GDPR and provide an opt-in option.
Cookie banners are an easy way to gain user consent. It doesn’t matter where the opt-in is on the page, but the information must be easily accessible. And it should not disrupt the user’s navigation experience.
How Does GDPR’s Opt-In Work for Businesses?
Since the GDPR applies to all businesses and organizations established inside and outside the EU, regardless of whether the data processing takes place in the EU or not, the opt-in requirement applies to them.
How Can Adzapier Help?
Organizations must consider consent requirements before installing any tracking technology on the user’s equipment and collecting their data.
Privacy concerns will emerge as new legislation is passed. Consumers are more careful with their data and will take extra measures to protect it.
Consumers will expect more options from the brands they follow. Together, we can provide data privacy options that are best for both consumers
Check out <<Marketers Guide to Data Privacy>> for more information.