Research shows that most consumers want to receive text messages from brands they know and love. In fact, according to Yotpo, more than 80% of shoppers are already signed up to receive text messages from at least one brand.
Despite the data clearly indicating that your brand can and should take advantage of SMS marketing, you still explicitly need your customers' permission to text them. Opt-in and opt-out regulations dictate how individuals give or withhold consent for their personal information to be collected, used, or shared.
Opt-in and opt-out regulations differ from region to region. Some may mandate opt-in for certain data types, while others may allow opt-out. In this guide, we’ll outline the key tenets of opt-in rules, share the most widely applicable best practices, and suggest the best way to manage these permissions so your company remains compliant.
Why businesses must ask for opt-in permission
There are several reasons why businesses must ask their customers for opt-in permission. First and foremost, it’s a legal requirement in many places. For instance, the General Data Protection Regulation (GDPR) in the European Union mandates opt-in consent for certain types of data processing. Under GDPR, consent must be freely given, specific, informed, and unambiguous. Failing to obtain proper opt-in consent can lead to significant fines and legal issues for businesses.
Opt-in and opt-out options also help businesses demonstrate respect for user privacy and build customer trust. These permissions give users control over their personal information, which can strengthen a company’s reputation. Opt-in models require businesses to clearly explain:
- What data is being collected
- How it will be used
- Who it may be shared with
- The user's rights regarding their data
This ensures users make informed decisions about sharing their information.
Finally, and perhaps most importantly, opt-in/opt-out permissions minimize the risk of a privacy breach. By only processing data from customers who have explicitly granted permission to do so, companies can reduce their exposure to possible privacy violations.
What are the opt-in and opt-out requirements?
Opt-in and opt-out requirements describe someone’s actions concerning their personal data when accessing an app, website, or marketing campaign. For example, someone could choose to accept cookies, stop receiving text messages, or share their personal information to receive a newsletter.
Opt-in and opt-out requirements differ in their approach to obtaining consent from individuals regarding the collection and use of their personal data. Opt-in consent requires individuals to actively and explicitly agree before any processing occurs.
Opt-out requirements assume consent by default, meaning the user has to take action if they do not want their data collected or used. The table below shows a high-level comparison between opt-in/opt-out approaches.
There are certain legal requirements to be aware of as you set up your opt-in/opt-out collections process. GDPR isn’t the only regulation governing consumer privacy with data processing consent requirements. Many countries, including EU member states, Canada, and Australia, require opt-in consent for email marketing. The United States, under the CAN-SPAM Act, allows opt-out approaches for commercial emails.
Rules aren’t limited to governmental bodies, either. Gmail and Yahoo have also issued new email sender guidelines which require every email to have visible and accessible unsubscribe options.
Opt-in: a deeper dive
For businesses, the level of opt-in required varies based on the type of message being sent. The CTIA, a trade association for the U.S. wireless communications industry, outlines three main categories:
Promotional messages
Promotional messages require explicit written consent from customers before you can send them.
A promotional SMS marketing message encourages customers to take action, such as purchasing, attending an event, or engaging with a product. Examples include:
- Product recommendations
- Event announcements
- Seasonal offers
Informational messages
Informational messages require written or verbal permission from customers prior to sending.
An informational message is an update related to a customer's account or their relationship with the business. These messages include:
- Account notifications
- Loyalty program reminders
- Appointment confirmations
- Welcome messages
Conversational Messages
Conversational messages do not require explicit opt-in consent. These types of messages are one-on-one exchanges between a business and a customer, initiated by the customer. As such, the customer's initial outreach implies consent for that specific conversation. However, this doesn't grant permission for marketing messages or discussions on unrelated topics.
Here are some more specific opt-in and opt-out scenarios to consider.
Double opt-ins
A double opt-in is one in which a user signs up for an email marketing list or to receive SMS, and then a message (email or text) is sent to the user to click and confirm the subscription. The confirmation click is required for the user to receive future communications.
The double opt-in confirmation method not only helps reduce the risk of spam emails or fake numbers but it also reduces instances of bots signing up for your communications. This added step ensures that all your recipients are real people who genuinely want to hear from your company. This translates to higher engagement rates and lower costs.
Opt-in for websites, social media, and email
Opt-in approaches for websites, social media, and email share some common principles, but also have platform-specific requirements.
Websites must get explicit opt-in consent before using non-essential cookies. The easiest way to get this consent is to show a banner or pop-up when a user first enters the site. You may also want to include opt-in consent to use analytics tools, depending on your location.
Social media platforms also generally rely on opt-in consent for data collection and storage, but the platform itself will handle that for you. For example, a Facebook user agrees to Meta’s terms of service and privacy policies when creating an account. You don’t have to ask a second time when you view your business profile’s analytics.
However, some platforms may require additional opt-in consent for certain ad targeting or data-sharing scenarios. Facebook requires explicit opt-in for some sensitive ad categories.
Opt-in for email marketing and SMS
Email and SMS campaigns have their own set of rules that your business needs to know. You must get explicit consent before sending any marketing messages via email or SMS. For email, consent is required but can be implied in some cases (such as if the user has an existing business relationship).
SMS has one additional requirement. Your SMS messages must include clear disclosure of message frequency, potential carrier charges, and how to opt out if the user no longer wishes to receive messages from your business. Follow these best practices when designing your SMS opt-in approach:
- Keep initial messages short (under 160 characters)
- Clearly state your company name and purpose of messages
- Provide immediate value to the recipient (e.g. welcome offer)
- Make opting out easy with clear instructions
Your email campaigns must include your company’s physical address, as well as an unsubscribe mechanism. Like SMS, try to make the sign-up process simple and user-friendly.
Offer a preference center to manage subscriptions and set clear expectations about email content and frequency.
How to incentivize opt-ins
Now that you know the guardrails governing opt-ins, how can you encourage your audience to sign up for and continue receiving your SMS marketing?
First and foremost, as the saying goes, you have to give something to get something. Give your audience a clear reason for subscribing to your SMS messaging list, such as a discount, early access to sales, or personalized shopping recommendations. In the process, set clear expectations: let the customer know how often they can expect to hear from you, as well as what kind of texts they will be receiving (for instance, order updates, appointment reminders, or something else).
Next, make it easy to say yes. Use keywords for easy text-to-join options; for example, a pet supplies subscription box could ask customers to text “WOOF123” to a short code used by the brand. Any forms that need to be filled out should be optimized for mobile. Think about your sign-up process, too.
Finally, to retain customers, make sure you stick to your cadence and continue offering value in your SMS marketing outreach. If you start to see opt-out rates creep up, check on your analytics to make sure there are no issues with your delivery. Then, consider whether your SMS messaging delivers your audience something unique and consistent with the rest of your marketing efforts.
Opt-in and opt-out best practices
Crafting effective opt-in prompts is more than just a formality. It's a strategic decision that can foster a loyal, engaged audience. By adhering to best practices, you'll enhance your customer experience, ensure compliance with data privacy laws, and build trust. Follow these best practices to make it easy for your audience to control how much they share with your business.
- Don’t pre-check the opt-in box. Some forms are set up so that the user has to opt out and uncheck a box to avoid receiving emails. It’s a sneaky way for a brand to collect user information since most people don’t realize they must uncheck the box. Clearly, this does not foster trust with your audience.
- Use a CAPTCHA or OTP to secure your sign-up form. A CAPTCHA can help prevent bots from signing up for your SMS list. Screen out bad actors to prevent cost overruns and protect your subscriber list.
- Maintain your list regularly. Update your contact lists regularly to remove unresponsive subscribers and invalid numbers. Cleaning up your list ensures you are only messaging with engaged users and not spending your budget sending SMS to those who won’t respond.
- Use double opt-in. Employing a double opt-in approach can significantly improve your campaign results. When users opt-in twice, you can be assured that they definitely want to hear from and engage with your brand. This leads to better quality and higher performance.
- Make your opt-in message crystal clear. Your SMS opt-in form must specifically mention SMS as the communication channel. In the US, 10DLC compliance mandates that you mention SMS in your opt-in form. For example, your opt-in form could read, “Check this box to opt-in to receive SMS text messages from (Your Company Name). Standard rates and data may apply. Reply STOP to opt out."
Ultimately, the goal is clear, simple communication with your SMS subscriber list. These tools can help you manage opt-in to achieve that outcome.
How to manage opt-in and opt-out requests
Tools like Plivo make it easy to manage opt-in and opt-out requests. Plivo’s SMS platform automatically handles SMS opt-out if your contact replies with an opt-out keyword. We support these opt-out keywords:
- Stop
- Cancel
- End
- Quit
- Unsubscribe
Plivo also supports 10DLC opt-in consent through voice, web form, keyword, and even paper form. We provide extensive guidance on how to collect opt-in consent in our developer documentation. We strongly recommend consulting our A2P opt-in best practices before launching your campaign.
Conclusion
Plivo’s SMS API is one of the most effective ways to engage with customers worldwide. With SMS coverage in over 220 countries across North America, Europe, Asia, Oceania, South America, and Africa, Plivo customers use opt-in daily to maintain and grow their contact lists. Powerful, out-of-the-box features beyond opt-out automation help your business gain a competitive advantage in SMS communications.
Learn more about Plivo’s platform and how our API could work for your business. Get in touch to request a trial.
