Module 8 · Direct marketing channel rules & the soft opt-in
Channel rules differ sharply. Postal marketing is outside ePrivacy and can often rely on legitimate interests. Person-to-person phone calls need no consent (but automated calling systems require consent). Email and SMS generally need prior consent, unless the soft opt-in applies. Fax requires consent. The soft opt-in lets a controller market its own similar products to a person whose details it got in the context of a sale, if they could opt out at collection and in every message.
| Channel | Consent basis | Key conditions |
|---|---|---|
| Post | Outside ePrivacy - GDPR + national law; often legitimate interests | Balance: existing customer? nature of products? prior opt-out? |
| Live (person-to-person) phone | No consent required for live calls | Article 13(3): Member State picks opt-in or opt-out; free opt-out minimum; screen opt-out registers |
| Automated phone (calling systems) | Consent required | Applies to automated/recorded calling systems |
| Email & SMS/MMS | Generally prior consent | Or the soft opt-in; give valid opt-out, clear sender identity, clear commercial indication |
| Fax | Consent required | Under ePrivacy |
The soft opt-in needs ALL of: the controller's own similar products/services; details obtained in the context of a sale; the chance to opt out at collection; and an opt-out in every subsequent message.
Since 2009, ePrivacy telephone rules cover both B2C and B2B. Most digital marketing other than person-to-person telephone requires prior opt-in consent.