HomeInsightsDirect marketing tick-boxes: is your website compliant?


+44 (0)20 7612 9612

The retailer unsuccessfully argued that a pre-ticked box (or soft opt-in) amounted to consent to receive direct marketing

In a case that sees direct marketing being fully argued in the courts for the first time in the UK, the claimant, Mr Mansfield, had registered his details with John Lewis via the Waitrose website to have access to delivery information only accessible to registered users. He subsequently received direct marketing communications from John Lewis. In the County Court Mr Mansfield argued that he had not consented to receive direct marketing and therefore John Lewis was in breach of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulation 2003 (PECR). The County Court upheld Mr Mansfield’s claim and awarded him damages.

John Lewis unsuccessfully argued that Mr Mansfield was caught by the ‘soft opt-in’ exception set out in Regulation 22(3) of PECR; John Lewis essentially argued that a pre-ticked consent box amounted to Mr Mansfield having the opportunity to opt-out and therefore he was deemed to have consented.

The ‘soft opt-in’ exception makes it easier for organisations to obtain the consent to send direct marketing to existing customers

The Information Commissioner’s Office explains ‘soft opt-in’ by stating that organisations can send marketing texts and emails to an individual where: 

– they have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service to that person;
– they are only marketing their own similar products or services; and
– they gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.

This ‘soft opt-in’ rule is a limited exception to the rule that organisations must have obtained an individual’s specific consent before direct marketing to them.

Why wasn’t John Lewis protected by ‘soft opt-in’?

The court’s decision that John Lewis did not benefit from the ‘soft opt-in’ goes to the root of Mr Mansfield’s claim and the county court’s decision. The judgment in this case was based on whether or not registering with John Lewis’s site constituted a ‘negotiation for a sale of a product or service’. Significantly, the court did not deem that registering with a site can be considered to be negotiating for products and services. Effectively this meant that the tick-box relating to direct marketing could not be pre-ticked. Pre-ticking direct marketing tick-boxes is only available under the ‘soft opt-in’ exception where having the ‘opportunity to opt-out’ and not doing so is considered opting-in. In circumstances outside of the ‘soft opt-in’ limited exception retailers need express consent.

Pre-ticking tick-boxes will no longer be deemed as consent

The implications of this judgment are twofold:

(i) online retailers will not be allowed to include visitors who register, but do not purchase from their website, as ‘soft opt-in’; and
(ii) pre-ticking tick-boxes will not be seen as deemed consent except in limited circumstances.

These two implications could affect many online retailers, both in relation to direct marketing but also whenever tick-boxes are used. Another concern is that a successful claim against online retailers could lead to multiple users in the same situation bringing claims, amounting to potentially extremely high costs to them.

Cause for panic?

This case is perhaps not cause for panic, but it is certainly cause for alarm. County courts are not bound by their own decision and so this judgment will not force the hand of future county court hearings. However, this judgment is very much in line with the current judicial climate – where disputes in relation to privacy and data protection are resolved in favour of the individual – and it does not seem likely to change any time soon.

Retailers should bring their sites up to speed with data protection law 

Online retailers should take note of this case and use it as an opportunity to bring their own sites up to speed with data protection law and direct marketing. This will not simply involve un-ticking pre-ticked boxes as existing databases may need to be cleansed. ‘Soft opt-in’ was introduced over 10 years ago and is still a legitimate exception, but it is important to realise that it is a limited exception and may be applied narrowly.