Why? Because according to today's laws, you can't consent to an agreement you don't see. And it's up to businesses to put their Privacy Policies in front of customers and ask for consent.
As regulators and consumers raise their expectations for privacy, they now ask for clearly defined consent.
- What they agree to (in plain terms)
- How to provide active consent
- How to withdraw their consent
Consent is key in today's privacy-conscious world, and if you want to process any user's data, they need to be in agreement. The agreement can't be general. It needs to be with the specific terms of your data processing practices.
If you fall under the jurisdiction of the General Data Protection Regulation (GDPR from the EU) or the California Consumer Privacy Act of 2018 (CCPA), then you are required by law to prove consent. These laws are only the beginning. Bills across the United States and the world are increasingly requiring sophisticated affirmative consent from all data processors.
The key to using the checkbox consent mechanism is to place it in spots where your site visitors will encounter it before you process their data. Remember that if you must comply with the GDPR or the CCPA, then you cannot process any data prior to obtaining consent from your users.
As a result, you want to collect consent in places where you might collect data. Some of these common locations include:
- Account registration forms
- Checkout pages
- Email/newsletter sign-ups
- Contact forms
- Spaces for posting user-generated content
Why provide a checkbox at all these places? It covers all your bases and allows you multiple opportunities to obtain consent.
By requiring consent in multiple places, you are less likely to process data without the user's consent. It's important because if that user is European, then processing that data is a violation of the GDPR.
Not all checkboxes look the same and many businesses choose to alter them to reflect their data practices as well as the text of their legal documents (including Privacy Policies, Terms and Conditions, and Terms of Sale).
Here's how some prominent international businesses use checkboxes across their websites.
When you sign up for the rewards club, you provide personal data like your name, country, email address, and street address, which IHG then uses for processing:
However, you don't need to be a member of the site to book a hotel room. So, IHG also adds a second checkbox at checkout that the user must check before they can book a reservation (and provide data for processing).
European Tour Operators Association
The European Tour Operators Association is based in London and targets European data subjects specifically, which means it needs to be particularly careful when collecting consent and processing data.
The ETOA added its checkbox to its contact form because it collects names, email addresses, and phone numbers:
This is particularly important because the ETOA uses the form to collect leads and contact them.
However, if a visitor by-passes the contact form and goes straight to sign-up for the ETOA tour guide card or service, they are covered there, too. There is another checkbox on that sign-up form before the ETOA processes a membership application:
Because the site also allows guest checkout, it must also re-affirm consent before allowing a sale. Processing a sale requires Lululemon to process significantly more personal data than the account sign up.
The text on the checkbox is strategic and adheres to the GDPR principles of transparency and upholding data subject rights. You don't need all of this on a checkbox mechanism to comply with the GDPR or CalOPPA, but it also doesn't hurt because it lets customers know exactly what you intend to do with their data before they share even their email address.
Checkboxes are the Way Forward
Each checkbox should reflect the way your site works and the text of your legal documents and they can be as detailed or minimal as you wish as long as they are transparent.
With privacy laws evolving all the time, you should always be prepared to prove that you have consent. Checkboxes are a simple, user-friendly way to get it done.