This article will explain why and how you should implement an "I Agree" checkbox and what this looks like in action.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
- 2.1. Statement of Agreement
- 2.2. An Unticked Checkbox
- 4.1. Contact Forms
- 4.2. Marketing Sign-up Forms
- 4.3. Account Registration Forms
- 4.4. Checkout Pages
- 5.1. IHG Hotels
- 5.2. Yelp
- 5.3. Lufthansa
- 6. Checkboxes are the Way Forward
As regulators and consumers raise their expectations for privacy, they now demand clearly defined consent.
This is no longer the case.
If you fall under the jurisdiction of the EU's General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), then you are required in certain circumstances to obtain consent.
The GDPR specifically states that valid consent must be:
- Freely given
- Verified using a clear, affirmative action
These laws are only the beginning. Bills across the United States and the world are increasingly requiring sophisticated affirmative consent from data processors.
While the GDPR applies to processing the data of consumers that live in the EU, following its regulations can help to ensure sufficient privacy practices for customer relationships in any part of the world.
- To overturn claims from users they did not understand how your company was using their personal information
It is important to note that there are right and wrong ways to request consent. There are three main components that need to go into how you request consent:
- An unticked checkbox next to the above statement
Here's all three of these in action in this example from Little Caesars:
Let's look at each of these aspects further.
Statement of Agreement
An Unticked Checkbox
Make sure the consent checkbox is unticked when the user accesses the page, so that they must make a clear, affirmative action to agree to the policy.
Here's an example from Hyopthesis of a consent checkbox that is unticked when the webform loads:
Note that Hypothesis also incorporates the first component by having the checkmark next to a statement that starts off with "I have read and agree to."
If you're wondering about combining many things under one checkbox versus splitting it up into two or more as Hypothesis has done, here's something you need to know.
You can see this in the examples above from Walmart Canada and Hypothesis.
There are also some common methods that may not be as effective, however. Let's look at those now.
These are a few consent practices to avoid:
1. Do not pre-tick a consent checkbox. If the user does not actually click to accept the policy, consent will not be considered freely-given or unambiguous. Apple keeps checkboxes pre-ticked for marketing communications in this form, which would not be considered valid consent under the GDPR:
As noted above in the chapter on what to do, always leave your checkboxes unchecked so the user can check them to show consent. And don't forget to use granulated checkboxes if you're requesting consent for many different things.
Although this is still a common practice, it may not be considered valid consent under some privacy laws, and it does not provide the business with proof of a user's explicit, unambiguous acceptance of the policy.
Here is an example of this type of consent form from Mailchimp:
To recap: You should use checkboxes to get consent, and use separate boxes for each thing you wish to get consent for. Make sure the boxes are clearly labeled, with links to any agreements included, and are left unchecked so your users can check them themselves.
The key to using the checkbox consent mechanism is to place it in spots where your site visitors will encounter it before you process their data.
Some common locations include:
- Account registration forms
- Checkout pages
- Email newsletter sign-up forms
- Contact forms
- Spaces for posting user-generated content
By requiring consent in multiple places, you are less likely to process data without the user's consent.
Let's look at some of these in further detail.
Here's how the European Tour Operators Association has done here:
Marketing Sign-up Forms
Here's an example from We Are Kitters:
While there isn't a checkbox here, it would be a great idea to implement one in this form.
Account Registration Forms
Registration forms are universal. They are used across all platforms and mobile devices and remain an integral component of doing business online.
Even mobile apps should incorporate this feature into registration forms, as shown in the PayPal app's registration screen below:
Even on mobile apps you can have your users tap a checkbox to provide consent. Note that PayPal takes things a step deeper by having a user check a box that they "read, consent and agree to" instead of just agreeing to. By using the actual word "consent" it makes it even more clear that consent is obtained here.
If you run an ecommerce site or app, the checkout page/right before a shopper finalizes an order and transmits their information to you is a perfect place to include an "I Agree" checkbox.
You can see a great example of this type of form here, from Bloomer Armada. Note the use of double checkboxes directly above the final button. This helps ensure a user cannot miss these boxes as they'd be the final step in the process before formalizing the order:
While a little box may always look the same, not all presentations of "I Agree" checkboxes will be done in the same way.
Here's how some prominent international businesses use checkboxes across their websites, for some inspiration and ideas for your own site.
When you sign up for the rewards club, you provide personal data like your name, country, email address, and street address, which IHG then uses for processing:
However, you don't need to be a member of the site to book a hotel room. So, IHG also adds a second checkbox at checkout that the user must check before they can book a reservation (and provide data for processing):
Checkboxes are the Way Forward
With privacy laws evolving all the time, you should always be prepared to prove that you have consent. Checkboxes are a simple, user-friendly way to get this done.