What makes consent valid (specific, informed, freely given)?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Picture someone signing up for your newsletter. They see your form, check the box, and hit subscribe. But is that consent actually valid? Under GDPR and similar frameworks, valid consent means three specific things. Your subscriber needs to know exactly what they're signing up for. "Subscribe to our newsletter" is specific. "Agree to our terms" (which mentions email marketing buried in section C) is not. One purpose doesn't carry over to another either. Shipping notifications don't equal promotional emails.
Second, it's informed. Your subscriber knows who's sending the emails and what kind of content they'll get. Hidden senders, surprise data sharing with partners, or vague promises fail this test. Be clear at signup about who you are and what they'll receive. Third, it's freely given. That means a genuine choice without tricks or pressure. Pre-checked boxes don't count (unchecking "no" isn't the same as actively choosing "yes"). Bundled consent fails too. "Accept all to continue" where email gets packaged with unrelated services strips away the choice.
Valid consent is someone actively saying "yes, I want that specific content." Not defaulted into it. Not coerced. Not confused about what they're getting. Start by auditing your signup experience. Does your form clearly say what subscribers will get? Is the opt-in a separate checkbox or bundled with other requests? Check your preference center and privacy policy to ensure they're transparent too.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.