Requests for consent must be freely given, specific, informed and unambiguous by a statement or by a clear affirmative action

First, I'm not a lawyer. Best to discuss with legal counsel.

That being said, I would agree with them - if you want to get the content, you must check the box.

For a Contact Us form, or a free trial, perhaps that is less certain - Yes, I want the free trial but no, I don't want extra marketing. Requiring opt in there would likely lead to lower conversion rate.

What CASL and GDPR say is that you cannot "pre-check" the box for them, that is to assume the opt in for the person. You must take a free action that is explicit and deliberate to opt in. Even for events, we were asked that the scanner or tablet be presented to the Lead for opt in checkbox.

I can see more companies following this model. I mean there really shouldn't be a reason why we aren't allowed to do this... The person is submitting their information on their own and checking the box on their own. Kinda like a restaurants "right to refuse service to anyone". No info, no free whitepaper. I think it's pretty sweet!

I guess the question is "can we refuse service to someone who hasn't consented"?

In my opinion, refusing service is the only thing we can do unless someone completely and totally opts-in.

People need to know what they're signing up for - tracked Munchkin, tracked emails, stored data, etc.

If we can't refuse service to people who don't agree to tracked emails and stored data, then we are in a pickle. We can't send one person an email that isn't tracked, and another person an email that is. You're either in or you're not with the Marketo tool the way it is currently built and designed.

Hi Dan,

I think that the approach from Clevertouch is ot GDPR compliant. The article 7.4 of the GDPR writes:

When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

I do not see why a consent is required for the execution of the delivery of the e-book in the Clevertouch case. This is very similar to the discussion on how to interpret the fact that you can send emails to people who are your customers. You can send them emails, but not any email.

Whether or not Clevertouch's approach is really risky ultimately depends on the country your visitors are from and in which EU countries you operate. In Germany I feel the Clevertouch approach is very risky. In France, it's not. To give readers a hint on how strict things can be, a german company was sued (on the previous regulation, not even the GDPR) and fined because the sales people were adding CTAs below their signature in their emails send from their personal mailboxes...

-Greg

For GDPR we are doing two separate checkboxes (neither is pre-checked). One is for content to processing, and that is required. The other is consent to direct marketing, and that is optional.

It sounds to me more like merging of the interpretation of Legitimate interest and consent.  This damn regulation has so much gray.  I do not think you can force someone to be required check a box, to get the content.

Not to add fuel to the fire, but a person is still being tracked in Marketo even if you don't include a token on a link and therefore that would violate GDPR unless I'm misunderstanding what people are talking about here. While I personally agree that we shouldn't have to provide free content without receiving the data it does seem that GDPR requires this. I'd say they may be crossing other legal lines there though and they may have to amend that (maybe what that company is banking on). The whole way a free market functions is you get something for your work, requiring it be given away freely breaks that so I can see some lawyer finding a leg to stand on. We're about 99.9% US so for me receiving our emails and being tracked go hand in hand, I can't give one option without the other. They can choose to subscribe all they want, but if they don't also consent to tracking they won't get emails. They simply cannot be a subscriber and not be tracked. We're making that clear for EU residents...

@Dan Stevens​ Our counsel has said that you can't bundle or "buy" consent with content. I would not recommend an approach like the one described above.