While opt-in rules in the U.S. and the EU differ, the intent remains the same. These laws aim to protect consumers against unwanted marketing communications.
The EU follows GDPR legislation, which is more comprehensive than regulations in the US. One of the biggest differences between the two legislations is that the US does not require opt-ins for email marketing. Even so, many businesses in the U.S. collect opt-ins for enhanced transparency, and to ensure they are being compliant to customers around the world.
Disclaimer: This content is for informational purposes only and should not be construed as legal advice.
Opt-in rules in the United States at a glance:
- In the U.S., opt-ins are required for SMS marketing but not email marketing.
- SMS marketing requires express written consent. Thanks to the E-SIGN Act, written consent can apply to a website form submission, text message, point of sale, or other electronic transaction -- but it must contain the proper verbiage.
- Regardless of if you use SMS or email as a communication channel, you need to give people a clear way to opt-out of your marketing messages.
Opt-in rules in the European Union at a glance:
- In the EU, opt-ins are required for both SMS marketing and email marketing purposes.
- Opt-ins should be specific, granular, clear, prominent, documented, and easily withdrawn. This means that you need to get separate consent for separate channels -- vague or blanket consent is not enough.
The laws that define opt-in rules in the U.S.
In the U.S., there are two laws that govern digital marketing messages.
- The CAN-SPAM Act: The CAN-SPAM Act’s main purpose is to limit email spam.
- The Telephone Consumer Protection Act (TCPA): The main purpose of the TCPA is to limit telephone solicitations. This explicitly includes prerecorded voice messages, SMS text messages, and fax machines.
The CAN-SPAM Act simplified
Below is a simplified version of the FTC's Compliance Guide.
What you can do:
- Send email marketing messages without getting prior consent. The CAN-SPAM Act allows email marketing messages to be sent to anyone, without permission, until the recipient explicitly requests that they stop (opt-out).
What you can't do:
- Use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
- Use deceptive subject lines. The subject line must accurately reflect the content of the message.
What you must do:
- Tell recipients how to opt-out of receiving future emails from you. Your message must include a clear explanation of how the recipient can opt-out of getting emails from you in the future.
- Honor opt-out requests promptly. You must honor a recipient’s opt-out request within 10 business days.
- Monitor what others are doing on your behalf. Even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law.
- Tell recipients where you’re located. Your message must include your valid physical postal address.
The Telephone Consumer Protection Act (TCPA) simplified
Below is a simplified version of what you should and shouldn't do -- specifically as it relates to SMS marketing.
Unlike email marketing, SMS marketing requires an opt-in for promotional messages.
What you must do:
- Get express written consent for promotional messages.
- Maintain a “Do Not Contact” list for all of your business contacts.
- List your business name, message frequency, and applicable messaging rates when contacts opt-in.
- Provide contacts with an “opt-out” like “STOP”.
What you can’t do:
- Don’t purchase lists of phone numbers containing contacts who haven’t opted in.
- Don’t text a contact before 8 am or after 9 pm, local time.
- Don’t send messages pertaining to alcohol to non-age-verified numbers.
- Don’t send messages with anything that’s graphic, hateful, violent, or confidential.
Legislation that defines opt-in rules in the EU
In the EU, the General Data Protection Regulation (GDPR) governs opt-in rules for SMS and email marketing. The GDPR requires opt-ins to be "specific, granular, clear, prominent, documented, and easily withdrawn."
Here are some best practices for collecting opt-ins according to the Information Commissioner's Office (ICO):
- Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
- Explicit consent requires a very clear and specific statement of consent. Frame it as a question and explicitly ask them if they want to opt-in.
- Keep your consent requests separate from other terms and conditions.
- Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
- Be clear and concise.
- Name any third party controllers who will rely on the consent.
- Make it easy for people to withdraw consent and tell them how.
- Keep evidence of consent – who, when, how, and what you told people.
- Keep consent under review, and refresh it if anything changes.
- Avoid making consent to processing a precondition of a service.
How to collect opt-ins from your customers using Carts Guru
Carts Guru makes it easy to collect opt-ins and stay compliant, no matter where you are or what channel you’re using to communicate with your customers. If you’re a Shopify customer, go to your Shopify settings and activate the box to collect opt-ins when customers are checking-out of your store.
Widgets are also an effective way to capture non-identified leads and get your website visitors to opt-in to receive marketing messages. You can use a pop-up, a flyout, or prompt customers to spin a wheel. Carts Guru lets you fully customize your widgets to perfectly fit your website design, and then use them to collect SMS, email and Funnel opt-ins from your website visitors.
