Digital marketing is one of the most effective ways to reach your audience and extend your customer base around the world. Depending on your product or service, you can have customers in India, Switzerland and the United States while operating out of France.
However, all these places have their own data regulations and laws that must be understood and upheld. Failure to do so could result in serious fines. GDPR represents these laws for the whole of the European union. However, individual courts within these countries have their own legal interpretations. So, how do you know what rules to follow?
One such country that has caused much confusion is Germany. Many of our clients have contacted us asking whether a double opt-in is required by German law. That’s why we’ve put together this blog post to talk about the situation and what you need to do if you want to market to or within Germany regarding opt-ins.
Please note that the information gained here is via the process of research and experience. It is by no means legal advice and does not pretend to represent itself as such. You should always talk to your own legal council before determining your corporate direction.
To begin we’ll go into a little background, but if you just want the answer, click here to skip to it.
Why is opt-in required?
Due to the many laws and regulations around the world, marketers who do not choose to use any kind of opt-in measures can land themselves in big trouble.
CAN-SPAM in the US, CASL in Canada, and the GDPR in Europe all impose fines that can easily reach into the millions of dollars. Each of these regulations, and many other laws across the world, demand that marketers use an opt-in process before marketing to any potential recipients.
What is a double opt-in?
Before marketers can send any kind of marketing communications to a contact, that user has to “opt-in”, or agree, to have those communications sent to them. Marketers who fail to do this, and fail to keep a record of this, are liable for hefty fines.
A double opt-in refers to the process where a marketer will obtain permission from their audience first through something like a consent check-box in a form, then send another notification (requiring action on behalf of that individual) to confirm that they wish to receive marketing communications.
Double opt-ins are a great way to add people to your email list knowing that their email address is valid and that they really do want your communications. They offer a belt and braces approach to ensure that your leads are engaged from the start and that you don’t fall foul of any marketing rules or regulations.
Does Germany require double-opt in for email marketing?
Now onto our main question for this blog post.
The answer is - strictly “no”. By word of the law, you do not have to collect double opt-in consent, but you probably really should.
Germany falls under the European Union, and broadly uses GDPR as their source of email marketing regulation. The GDPR states that only a single opt-in is required by marketers to remain compliant.
In addition to this, Germany also has its own local regulations that govern marketing. Section 7 of the “Gesetz gegen den unlauteren Wettbewerb” (UWG), or Act Against Unfair Competition as we would call it in English, states that marketers may not communicate with individuals without their prior consent. It doesn’t however explicitly state that this consent must be obtained through double opt-in.
Whilst this may be the word of law, in practice these rules need to be tested through the local courts in each country.
In the case of Germany, the courts have consistently ruled that explicit consent requires action. Their reasoning for this is that there is no way to definitively prove that an individual signed themselves up as a recipient for marketing communications without having some form of confirmation from a trusted source.
As a reminder, GDPR also says that checkboxes may not be automatically checked within forms, and that the decision to choose should lie directly with the person completing the request. This is reinforced by the position in the German Federal Data Protection Act.
Ultimately, the German courts have gone on record as stating that single opt-in is by no means sufficient to prove consent. The German Federal Supreme Court has stated that double opt-in is a more appropriate means, as long as the transactional email sent for this purpose is completely neutral. This means that the email cannot offer any promotions or marketing messages other than the consent communication itself - we feel that this must be made clear.
The short of it is that, while there is no strict law that states marketers need to use double opt-in processes, they still need to use it if they want to avoid legal complications within Germany.
Be right, all the time
We here at Demodia get questions like this from clients on a regular basis. As we work with businesses around the world, we have become adept at the different data laws and best practices expected from these companies. So if you have your own question, then reach out to us.
Contact us now for an initial consultation, or let us know how we can help you achieve more.