Opt out? Opt Down? What about all of these options on these consent banners that I’m seeing that are asking me if I want to allow all? In this all encompassing Opt Out guide we will educate you about the differences and how words can be interchanged but have the same intention to Allow, Accept, Understand Your Choices, and the ability to select choices instead of the all or none opt in or opt out model but rather the ability to chose between performance cookies, functional cookies, and targeting cookies when deciding if you want to opt partially in or not at all. What is the meaning of opt-out, and why do you need it? In this article, we’ll unravel the mystery of ‘opt-out’ and understand why it’s crucial in today’s digital world.
One of the key data privacy differences between the EU and the US is in how they view consumer consent.
In the EU, for example, you first have to get their consent before you can send them a marketing email newsletter. This is called an opt-in. However, in the US, you don’t have to get user consent (no opt-in necessary).
In both cases (EU and US), you must give consumers the option to withdraw their consent at any time. This is called “opting out.”
Let’s dive into more details right now.
Key Takeaways
To opt out of something means to withdraw your consent or permission to process your data.
Most data privacy laws, apart from the ones in the US, require an opt in.
Article 7(3) of the GDPR requires a business to offer an opt-out, with potential consequences if not offered.
An opt-out should be clear, easy to follow, and responded to quickly.
What is the Meaning of Opt Out?
What is the Meaning of Opt Out.png
To “opt out” of something simply means withdrawing your previous user consent. This can apply to a wide variety of online platforms. For example, if you’ve been subscribed to an email list when you no longer wish to be on that list, you can unsubscribe from it. This means you “opted out” of the list.
You should also be able to opt out of cookies and online tracking, telemarketing calls, health information sharing, and more.
Do You Need an Opt Out Option?
While an opt in isn’t always required (we’ll talk about the differences in a moment), EU and US data privacy laws, such as the GDPR and the CCPA, require a business to offer an opt-out option.
In particular, Article 7(3) of the GDPR says: “The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.”
On the other hand, California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), which amends it, also give consumers the right to opt out.
The difference between CCPA and CPRA here is that, under the CCPA, businesses must only provide consumers with the right to opt out of data collection and selling their data. The CPRA later added the right to opt out of sharing their data.
Not sure if your business is compliant with data privacy laws? Get in touch with us today to find out.
Opt Out vs Opt-In: Key Differences
Opt Out vs Opt-In Key Differences.png
We can say that there are two schools of data privacy. An opt in school and an opt-out school.
According to the opt in school, the consumer must give explicit consent before a business can process their data.
Contrary to that, the opt-out school says that businesses can collect and process data without user consent (except for children) until the consumer takes action to withdraw consent.
Now let’s look at some key differences between the two:
Most Data Privacy Laws Follow the Opt-In School
The opt in school follows the EU’s General Data Protection Regulation (GDPR), but also some other data privacy laws like the LGPD (Brazil), PDPA (Singapore), PIPEDA (Canada), and others.
The only notable representative of the opt in school is the United States. Specifically, all five states that have so far passed a data privacy law (California, Nevada, Colorado, Virginia, and Maine) take the opt-out approach.
It should be noted, however, that some of these laws still require an opt in when it comes to minors.
Specifically, the CPRA amended the California Consumer Privacy Act (CCPA) by stipulating that a business must receive permission from a parent or a guardian to process or share the personal information of a minor. Failing to do so will incur a fine of $7,500 per violation. Meanwhile the GDPR which is the EU’s framework has it where the user needs to opt in and provide explicit consent where as you will see preference management toolbars in other locations that pre-check the boxes.
Opt-In Prioritizes Privacy Protection, Opt-Out Data Processing
The opt-in school prioritizes data protection. Before a business can process consumer data, it has to get their permission.
The opt-out school, on the other hand, focuses on data processing. Until the consumer says they don’t want their data processed, the business can do so.
Opt-In is More Transparent than Opt-Out
One of the main problems with the opt-out approach is that, since the consumer didn’t really agree to anything, it’s harder for them to withdraw their consent later because they don’t know what they consented to in the first place.
The opt-in school is more transparent as it falls to the business to explain the specific purposes of data processing before getting user consent.
Opt-In Provides More User Control than Opt-Out
With opt-in, users have much more control over how their personal information is collected and shared and for what purposes.
That can be difficult, however, in the opt-out approach.
How to Ensure Opt Out Options?
How to Ensure Opt Out Options.png
When offering an option to opt out, you first have to follow the following principles:
Provide an easy-to-follow opt-out process
Respond to each opt-out request promptly
Use clear language to explain the opt-out request
Here are some ways to ensure opt-out on a website:
Include a “Privacy Setting” Section in the Account Settings
Provide a “privacy settings” section in the account or user setting where the consumer can manage their data privacy, including opting out of data processing and sharing. This is only applicable to a very specific type of website, but if this can apply, it should be done.
Add an Unsubscribe Link
If you’re sending email marketing newsletters, ensure you have an unsubscribe link at the bottom of each newsletter that recipients can click on to stop receiving your emails.
Provide a Cookie Consent Banner
If your website is available to consumers in the EU, you are legally required to obtain cookie consent. The best way to do this is via a cookie consent banner, where they can manage their cookie preferences.
Here, you can also offer a prominent “opt-out” link or button for consumers to withdraw user consent at any time.
Enable Opt Out via Live Chat or Customer Support
If you have a live chat or offer customer support, you can also handle opt-out requests that way for users who prefer more direct communication.
Need help with implementing opt out options on your website? Captain Compliance has your back. Get in touch for a free consultation today.
Opt Out Examples
As we mentioned, there are a few ways to offer an opt-out option to consumers. Here we’ll give a few good examples of how others did it.
Good Examples
Indiegogo
IndieGoGo’s opt-out page is clean, with no unnecessary elements, yet it is still granular, allowing users to unsubscribe from specific things.
For instance, one can opt out of recommended campaigns but still stay in the loop for campaigns they support.
Just Property
Just Property unsubscribe page is not only clear, but it is also on-brand. It successfully uses the brand’s colors, fonts, and other elements, which are often missing from unsubscribe pages.
Groupon
Unsubscribe pages don’t have to be boring, and Groupon is the perfect example of it. They add a funny opt out page.
Bad Examples
Bonobos
TheBonobos unsubscribe page looks well-designed, and the question “How much Bonobos do you want in your life?” is engaging, so what’s the problem then?
Where Bonobos made a mistake in forcing the users to re-enter their email to let them unsubscribe. Instead, what they should’ve done is automatically unsubscribe you when you click the button but then give you the option to resubscribe via email.
RunHubrys
While the “never mind, I don’t want to change anything” button is quite clear, the same definitely can’t be said about the unsubscribe button. Their “Unsubscribe me!” is not nearly prominent enough, as it isn’t a button and can be mistaken for plain text.
How Can Captain Compliance Help?
Knowing the nuances of data privacy law is one thing, but implementing it is another. If you want help with compliance, then you’re in luck. Captain Compliance has leading compliance experts ready to help your business make big steps forward.
Get in touch with Captain Compliance today to implement proper compliance protocols and ensure future compliance for your business.
FAQs
What do you mean by opt-out?
To “opt out” of something simply means to withdraw your consent to it or to stop taking part in it. For instance, when you unsubscribe from an email marketing newsletter, you let the company that was sending you the newsletters until now that you no longer wish to receive them.
Take a look at our ultimate guide to cookie consent best practices.
What is the purpose of opt-out?
The purpose of opt-out is to let the business you’ve subscribed to know that you no longer agree to the processing or sharing of your data.
Do you need to implement a cookie consent on your website? Here’s a full guide to doing it.
What is an example of opt-out?
One of the most common examples of opt-out is the email unsubscribe link or button.
Article 7(3) of GDPR states that you must provide an option for users to withdraw their consent. Here’s what happens if you fail to comply with GDPR’s cookie consent.
What is the rule of opt-out?
Always provide a clear, easy-to-follow opt-out and respond promptly to every request.
The right to opt-out is one of the 6 rights related to personal information under CPRA. Read how to protect consumer privacy under CPRA.