Implicit and explicit marketing consent

  • Updated

Consent determines a customer's ability to receive marketing communications. Consent can be implicit or explicit, but you should understand the differences between these two types of consent because laws such as CAN-SPAM, TCPA, CCPA, and GDPR have changed the way customer data and communication is handled.

Consent varies across the world, so check the regulations for the regions you are contacting. The following definitions of implicit and explicit consent should help you understand and comply with those regulations to create successful campaigns.
  • Implicit consent – A customer has provided their information for a business purpose, but has not explicitly signed up for marketing communications. With implicit consent, you assume the customer's consent to receive marketing communications (as long as they have not opted out).
  • Explicit consent – A customer has confirmed they want to receive marketing communications (for example, by selecting a checkbox or clicking a button to sign up).

Explicit consent opt in examples

Incorrect:

Your customer has not submitted their phone number or checked a box for opting in for SMS communications from you, but you send them a message and provide them the option to opt out. This method is prohibited because you have not obtained prior consent.

Correct:

You collect email addresses in a web embed form, where your customers can enter their email and check a box for opting in for SMS communications from you. After your customer submits the form, you can send your first promotional message along with opt out instructions.

See the example below for proper explicit opt in for email or SMS communications:

Consent values on customer profiles

In Optimizely Data Platform (ODP), marketing consent is an attribute of each identifier (for example, each email address), not the entire customer profile. The customer profile displays one of the following marketing consent values for each messaging identifier:

  • Marketing Opted In – The customer has explicitly opted in to receive marketing communications for the corresponding messaging identifier. The identifier (for example, the customer's email), is reachable.
  • Marketing Opted Out – The customer has explicitly opted out of receiving marketing communications for the corresponding messaging identifier. The identifier (for example, the customer's email), is not reachable.
  • Unknown Consent – The customer has not explicitly opted in or out of marketing communications for the corresponding messaging identifier. The settings you choose on the App Consent Settings page determine whether identifiers with this consent value are reachable.

Manage implicit/explicit consent for each marketing channel

Manage implicit and explicit consent settings using the Default Consent column on the Account Settings > App Consent Settings page. You can choose either Opted In (implicit consent) or Opted Out (explicit consent) for each marketing channel.

  • Opted In (implicit consent) – ODP treats all messaging identifiers for the corresponding channel as opted in unless the customer has explicitly opted out. Any messaging identifiers with a consent value of Unknown Consent or Marketing Opted In are reachable.
  • Opted Out (explicit consent) – ODP treats all messaging identifiers for the corresponding channel as opted out unless the customer has explicitly opted in. Only messaging identifiers with a consent value of Marketing Opted In are reachable.

For some channels, like email, ODP defaults to Opted In (implicit consent), including customers with Unknown Consent when sending marketing messages.

For other channels, like SMS, ODP defaults to Opted Out (explicit consent), only including customers with Marketing Opted In when sending marketing messages. Learn more about best practices for SMS consent and compliance.

Consult with your legal team for the appropriate settings for your business.

Consent examples for email

Below are three examples of how consent is set in ODP depending on your chosen Default Consent on the App Consent Settings page.

Example 1: Unknown user registers for an account

Scenario 1 – When the user registers for an account, they select a checkbox to receive marketing communications.

  • Default Consent = Opted In (implicit consent) – This sets the consent value for their messaging identifier (the registered email address) to Marketing Opted In. This customer's registered email address is reachable.
  • Default Consent = Opted Out (explicit consent) – This sets the consent value for their messaging identifier (the registered email address) to Marketing Opted In. This customer's registered email address is reachable.

Scenario 2 – When the user registers for an account, they do not select a checkbox to receive marketing communications. This sets the consent value for their messaging identifier (the registered email address) to Unknown Consent.

  • Default Consent = Opted In (implicit consent) – This customer's registered email address is reachable because while they have not opted in, they have not explicitly opted out of receiving marketing communications.
  • Default Consent = Opted Out (explicit consent) – This customer's registered email address is not reachable because they have not explicitly opted in to receiving marketing communications.

Example 2: A customer with an email address that is opted in unsubscribes

The user receives an email campaign from you and unsubscribes.

  • Default Consent = Opted In (implicit consent) – This sets the consent value for their messaging identifier (the unsubscribed email) to Marketing Opted Out. This customer's unsubscribed email address is not reachable.
  • Default Consent = Opted Out (explicit consent) – This sets the consent value for their messaging identifier (the unsubscribed email) to Marketing Opted Out. This customer's unsubscribed email address is not reachable.

Example 3: Three email addresses with different consent values are stitched to a single customer profile

The customer has three different profiles, each with a different email address. One email address with an Unknown Consent consent value, a second email address with a Marketing Opted In consent value, and a third email address with a Marketing Opted Out consent value.

ODP stitches those three profiles together so that there is now one customer profile with three different email addresses, each with a different consent value.

ODP only uses the Last Seen Email on a customer's profile to determine marketing reachability. All other email addresses that are not Last Seen Email are not reachable, regardless of the consent value.

Scenario 1 – The Last Seen Email on the stitched profile has a consent value of Unknown Consent.

  • Default Consent = Opted In (implicit consent) – This customer's Last Seen Email is reachable. The other two email addresses are not reachable, regardless of their consent values.
  • Default Consent = Opted Out (explicit consent) – This customer's Last Seen Email is not reachable. The other two email addresses are also not reachable, regardless of their consent values.

Scenario 2 – The Last Seen Email on the stitched profile has a consent value of Marketing Opted In.

  • Default Consent = Opted In (implicit consent) – This customer's Last Seen Email is reachable. The other two email addresses are not reachable, regardless of their consent values.
  • Default Consent = Opted Out (explicit consent) – This customer's Last Seen Email is reachable. The other two email addresses are not reachable, regardless of their consent values.

Scenario 3 – The Last Seen Email on the stitched profile has a consent value of Marketing Opted Out.

  • Default Consent = Opted In (implicit consent) – This customer's Last Seen Email is not reachable. The other two email addresses are also not reachable, regardless of their consent values.
  • Default Consent = Opted Out (explicit consent) – This customer's Last Seen Email is not reachable. The other two email addresses are also not reachable, regardless of their consent values.

Import consent for messaging identifiers

You can import a consent event from another system into ODP using a CSV file, API, or the ODP Web SDK. The event is specific to an identifier (such as an email address), not to the entire customer profile.

The following example shows a correctly formatted consent event file, where the action is opt-in (to include the identifier in marketing communications) or opt-out (to exclude the identifier from marketing communications). If a customer has multiple identifiers on which they could receive messages, you must follow this process for each. File names for these imports begin with zaius_events.

Understand marketing consent.png

Effect on ODP content

When you create web modals and web embeds, you validate the email or phone number and opt in fields to ensure that the form is submitted with identifiable information and proper consent. Learn more about each field validation below:

  • Email or Phone – Ensures that the submission is properly attributed to a customer profile.
  • Opted In – Ensures that the submission provides explicit consent for future marketing communications. By default, this field also includes a general disclaimer about the purpose of the approval that you can customize.
In addition to these fields, customers must click Submit to provide consent and submit their identifiers manually.

ODP favors explicit consent in these situations as it provides you (the sender) more protection concerning email privacy and compliance regulations. Additionally, it provides transparency for your customers (the recipient) concerning their future relationship with your brand's marketing communications.