With the countless privacy and data protection terms now in circulation, it can be difficult to wrap your head around many of the concepts. One you may still be grappling with is the soft opt-in for marketing. It’s worth knowing because it’s a valuable tool that allows organisations to communicate with their customers without explicit marketing consent. This blog will demystify that concept for you and show how it can benefit your organisation.

Today, companies have the difficult balancing act of trying to engage customers while respecting their privacy rights. The ePrivacy Directive plays a crucial role here, and in this blog, we’ll discuss the ePrivacy Directive, before focusing on the concept of the soft opt-in.

What is the ePrivacy Directive?

The ePrivacy Directive, also known as the ‘cookie law’, is European Union (EU) legislation that protects personal data in electronic communications. It sets forth rules and guidelines for electronic marketing, cookies, and other tracking technologies. The directive complements the EU General Data Protection Regulation (GDPR) and aims to safeguard individuals’ privacy rights in the digital realm.

Under the ePrivacy Directive, businesses generally need to obtain a user’s explicit consent before sending them marketing communications. However, an exception known as the soft opt-in allows businesses to send electronic marketing messages without explicit consent – under certain circumstances.

Understanding the soft opt-in

The soft opt-in is where an organisation sends marketing emails or texts to a customer, using data it gathered when that customer bought or expressed interest in that organisation’s products or services. The term applies to marketing by electronic mail, which includes email, text, picture or video message, mobile internet message and voicemail.

The soft opt-in permits marketing messages related to similar products or services the business offers – provided it gives the customer a clear opportunity to opt out during or after the initial sale. It does not apply to prospective customers or new contacts, or to non-commercial promotions like charity fundraising.

Organisations must have obtained contact details directly from the person it wants to send the marketing to. In other words, soft opt-in is only available to the single organisation that originally collected the contact details – not to any third party.

Benefits of the soft opt-in

Maintaining customer relationships: The soft opt-in allows businesses to maintain contact with their existing customers, providing them with relevant and valuable marketing communications. This helps to promote ongoing relationships and can lead to repeat business.

Enhancing user experiences: By tailoring marketing messages based on a customer’s previous purchase or interaction, businesses can provide personalised content that aligns with their interests and preferences. This can deliver an improved user experience and increased customer satisfaction.

Streamlining consent management: The soft opt-in reduces the burden of obtaining explicit consent for every marketing communication. So it makes the process more efficient for both businesses and customers.

Best practices for implementing the soft opt-in

Communicate transparently: When collecting a customer’s contact details, clearly inform them about the possibility of receiving marketing communications related to similar products or services. At the time of collecting the personal details, give the customer a free opt-out option that’s readily accessible and easy to understand. The product or service you’re marketing should be similar to what you sold to the customer when you obtained their contact details. This excludes marketing third-party products. The direct marketing must happen within 12 months of the sale of the product or service.

Respect customer choices: Once a customer has opted out of receiving marketing messages, promptly honour their preference and stop any further communication. Make it easy for customers to manage their marketing preferences through user-friendly interfaces. Each time you send a marketing message, provide details of the opt-out option.

Secure the customer’s data: Safeguard customer data you obtained during the soft opt-in process. Implement robust security measures to protect personal information and adhere to applicable data protection laws and regulations.

Review and update your privacy practices regularly: Stay informed about changes to relevant legislation, such as the ePrivacy Directive and GDPR, and review your practices to ensure ongoing compliance. Keep track of evolving best practices and adapt your approach accordingly.

Where does GDPR come into play?

To adhere to the GDP, there must always be a legal basis when processing personal data; in other words, the controller of the data must have a legitimate reason for processing the data. If you’re using the soft opt-in, the legal basis under GDPR is legitimate interest. You’ll need to complete a Legitimate Interest Assessment to ensure compliance with the GDPR. You must give the data subject the right to ask the controller to stop the direct marketing.

The customer must knowingly give their consent by opting in. A pre-ticked box which asks the customer to untick is not valid consent. The data which collected must not be excessive.

What should I do if I use soft-opt in?

  • Ensure the contact details must have been obtained in the course of a sale or negotiation of a sale, examples of the latter being signing up for a free trial, and requesting a quote or more information on products/services, which should include a form of express communication by the person concerned;
  • Provide a simple opportunity for the person concerned to opt out at the time of collecting their details
  • Provide the person concerned with an easy opportunity to refuse or opt out in every subsequent communication
  • Do not use pre-ticked boxes
  • Perform a legitimate interest assessment
  • Have a regular review process in place to ensure compliance with GDPR and the soft opt-in option.


The ePrivacy Directive provides a framework for businesses to respect individuals’ privacy rights while engaging in digital marketing. The soft opt-in exemption offers a valuable opportunity for businesses to communicate with their customers without explicit consent, provided they meet certain conditions.

It is essential for businesses to stay up to date with relevant regulations – and seek legal advice when necessary – to ensure compliance and to protect their customers’ privacy. By striking the right balance between effective marketing and privacy protection, businesses can increase trust, loyalty, and successful customer relationships in the digital landscape.

Clíona Perrick is a Data Protection Consultant with BH Consulting.

About the Author: Clíona Perrick

Clíona Perrick is a Data Protection Consultant with BH Consulting.

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields