Consent determines a customer's ability to receive marketing communications. Consent can be implicit or explicit, but you should understand the differences between these two types of consent because laws such as CAN-SPAM, TCPA, CCPA, and GDPR have changed the way customer data and communication is handled.
- Opted Out customers cannot receive marketing messages on any channel. Transactional messages, for example, order receipts and shipping notifications, are exempt.
- Opted In is a situation where customers provide their personal information (like an email address or phone number) to an organization with the expectation that they will receive marketing communications as a result.
Implicit consent
Implicit consent means an individual has provided their information for a business purpose, but not explicitly stated that they want to receive marketing communications. The customer profile denotes implicit consent as Unknown Consent because the consent value is null or unknown in the customer database.
For some channels, like email, Optimizely Data Platform (ODP) defaults to include customers with implied consent when sending marketing messages. For other channels, like SMS, ODP defaults to requiring explicit consent for marketing messages. Learn more about best practices for SMS consent and compliance.
You can update consent preferences on the Account Settings > App Consent Settings page to control how marketing messages are sent on channels where this option is available.
- When the Default Consent column is set to Opted In, ODP treats customers with implicit consent (Unknown Consent) as being opted in and sends the marketing messages on this channel.
- When the Default Consent column is set to Opted Out, ODP treats customers with implicit consent (Unknown Consent) as opted out and does not send messages. This setting ensures that marketing on the corresponding channel is only delivered to explicitly opted-in customers.
Explicit consent
Explicit consent means an individual has given their explicit permission for you to send them marketing campaigns by manually opting in themselves. A form submission that includes an email address or phone number field is not sufficient for explicit consent, unless it includes a checkbox that the individual must click to agree. ODP includes customers with explicit consent in marketing campaigns by default.
Explicit consent opt in examples
Incorrect:
Your customer has not yet submitted their phone number and checked a box for opting in for SMS communications from you, but you send them a message and provide them the option to opt out. This method is prohibited because you have not obtained prior consent.
Correct:
You collect email addresses in a web embed form, where your customers can enter their email and check a box for opting in for SMS communications from you. After your customer submits the form, you can send your first promotional message along with opt out instructions.
See the example below for proper explicit opt in for email or SMS communications:
Import explicit consent
You can import an explicit consent event from another system into ODP using a CSV file, API, or the ODP Web SDK. The event is specific to an identifier (such as an email address), not to the entire customer profile.
The following example shows a correctly formatted consent event file, where the action is opt-in (to include the identifier in marketing communications) or opt-out (to exclude the identifier from marketing communications). If a customer has multiple identifiers on which they could receive messages, you must follow this process for each. File names for these imports begin with zaius_events.
Import explicit email consent from Shopify
Shopify syncs a true/false customer field to ODP called Shopify Accepts Marketing, along with a timestamp for when this value was set. Shopify sets this field when someone selects the Keep me up to date with news and offers checkbox when checking out.
- If the Shopify Accepts Marketing field is true, ODP uses this as explicit consent Marketing Opted In.
- If the Shopify Accepts Marketing field is false, ODP uses this as explicit consent Marketing Opted Out.
If the timestamp on the value is before the last time consent was updated in ODP, ODP keeps the current consent status. For example:
- February 22 – The customer opts in to marketing when they order. Shopify sends the Shopify Accepts Marketing = true with a current timestamp to ODP, which updates the customer's identifier in ODP as explicit Marketing Opted In.
- February 28 – The customer revokes consent after receiving an email. The Shopify Accepts Marketing value on their profile does not change, but the specific email identifier from which they revoked consent updates to Marketing Opted Out with the current timestamp.
- March 3 – The customer logs into their Shopify account online and changes their shipping address. Shopify sends a customer update to ODP with Shopify Accepts Marketing = true with a timestamp from February 22. Since that timestamp is before the customer's latest consent record, this value is ignored, and the customer consent value remains Marketing Opted Out.
ODP checks the Shopify Accepts Marketing field for updates during any Shopify customer update, like an order or account change.
Filter customers in or out of ODP email campaigns by adding the following AND expression to your customer segment:
- Customers with attributes - Shopify Accepts Marketing - Is not - True
In addition to the Shopify Accepts Marketing value, email consent data for existing Shopify customers is synced back to the Shopify Accepts Marketing field nightly when changes occur in ODP. ODP does not create new Shopify customers but updates existing customers.
Effect on ODP content
When you create web modals and web embeds, you validate the email or phone number and opt in fields to ensure that the form is submitted with identifiable information and proper consent. Learn more about each field validation below:
- Email or Phone – Ensures that the submission is properly attributed to a customer profile.
- Opted In – Ensures that the submission provides explicit consent for future marketing communications. By default, this field also includes a general disclaimer about the purpose of the approval that you can customize.
ODP favors explicit consent in these situations as it provides you (the sender) more protection concerning email privacy and compliance regulations. Additionally, it provides transparency for your customers (the recipient) concerning their future relationship with your brand's marketing communications.