AI Summarize

Share

If your business connects with users via email, SMS, websites, and apps, you may be collecting personal data across multiple legal risk zones.

Here's how to manage consent across all touchpoints and stay compliant with privacy laws like GDPR, CCPA, and more. This article explains what multichannel marketing is, why you need to get user consent, and how to manage consent across multiple channels.



What Is Multichannel Marketing?

Multichannel marketing uses multiple platforms-such as email, Short Message Service (SMS), websites, and social platforms-to communicate with customers. The main goal of multichannel marketing is to reach as many customers as possible through channels that operate independently of one another.

For example, you might run separate ad campaigns via Facebook, your website, your app, and in-store with no or limited connection between the channels.

Multichannel marketing is less integrated than other forms of marketing such as omnichannel marketing and cross-channel marketing.

Omnichannel marketing focuses on unifying all of a brand's channels to create an integrated customer experience. Channels are coordinated with cross-channel marketing, but aren't as fully integrated as with omnichannel marketing.

For instance, a business that uses cross-channel marketing might send an email to a customer, who then clicks on a link that takes them to a sales page. If the customer puts an item in the cart but doesn't complete the purchase, they may later get a generic SMS cart reminder.

With omnichannel marketing, a customer might make a purchase via an Instagram ad and later receive a customized email promoting the business's other products. If the customer adds one of the products to their cart but doesn't complete the purchase, they may later receive a personalized SMS cart reminder with a discount offer for the cart item.

When you use a less integrated approach to marketing like multichannel marketing, it's important to get consent for each independent channel.

Let's take a look at why you need to get consent for multichannel marketing.

Several state and global privacy and data protection laws require businesses to get user consent before collecting and processing (using) their personal information.

Personal information is data that can be used to identify an individual, including names, email addresses, phone numbers, and financial and health information.

Multichannel marketing often relies on personal information to communicate with users and send them marketing materials.

For example, email and SMS marketing requires users' names, email addresses, and phone numbers, while ad campaigns based on users' preferences or purchase history can depend on cookies, IP addresses, and browsing behavior.

Target requires users' names and email addresses to send personalized emails to its Target Circle members.

Screenshot of Target Circle signup form, highlighting the requirement for name and email for marketing purposes

Let's take a look at a few of the privacy laws that require certain businesses to get consent before processing users' personal information.

General Data Protection Regulation GDPR

The European Union's (EU) General Data Protection Regulation (GDPR) applies to businesses based in the EU or those located outside of the EU that offer goods or services to or monitor the behavior of EU residents. Applicable businesses must have a legal basis for processing EU data subjects' (those to whom personal information belongs) personal data, one of which is user consent.

Article 6 of the GDPR describes the lawful bases for processing personal data, including user consent.

Extract from GDPR Article 6 about obtaining lawful consent for data processing

ePrivacy Directive

The ePrivacy Directive (also known as the "Cookie Law") is an EU directive that requires website and app operators to get consent before storing or accessing personal information (other than that necessary to enable communication over a network or to provide a user-requested online service) from users' devices.

Article 5(3) of the ePrivacy Directive explains that users must be informed about the storage or access of information on their devices and be given the option to refuse the data processing.

Extract from ePrivacy Directive's Article 5(3), discussing the need for user consent and information access

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) requires certain businesses that meet its criteria and process California residents' personal information to get consent before selling or sharing a minor's data.

Furthermore, applicable businesses must give California consumers the ability to limit how their sensitive personal information - data such as geolocation, race and ethnicity, and health and financial information-is used and give consumers a way to opt out of the sale or sharing of their personal data. That means that businesses that sell or share California users' personal data for advertising purposes need to provide a way for them to opt-out of those data processing activities.

Section 1798.135 of the CCPA explains that businesses that sell or share California consumers' personal information or share their sensitive personal information for certain purposes must maintain links that enable consumers to opt-out of the sale or sharing of their info and limit the use of their sensitive personal information.

Excerpt from section 1798.135 of the CCPA about obtaining consent before sharing personal data

In addition to helping you comply with privacy laws, obtaining user consent-and giving users a way to withdraw their consent-can help promote transparency and build consumer trust.

Complying with data protection laws comes down to understanding the laws that apply to you and protect your users and implementing the right consent management strategies for each channel.

Consent strategies such as maintaining a Privacy Policy, getting separate consent for each channel, and giving users a way to withdraw their consent can help you manage consent across multiple channels.

Maintain an Updated Privacy Policy

A Privacy Policy describes how you treat personal information and how users can exercise their privacy rights.

Many laws require businesses to maintain a clearly written, easily accessible, and regularly updated Privacy Policy. A Privacy Policy plays an important role in ensuring users can give informed consent.

Privacy Policies typically include the following clauses:

  • The types of information the business collects
  • What the business does with personal information
  • The categories of third parties the business shares personal information with 
  • How long the business keeps personal information
  • How the business keeps personal information safe
  • How users can exercise their privacy rights, including withdrawing consent
  • The business's contact information

Indiana University Health's Digital Privacy and Tracking Notice explains that it uses the information it collects for several reasons, including for communication, customer experience optimization, and advertising purposes.

Extract from Indiana University Health's digital privacy notice highlighting how collected data is used

The Digital Privacy and Tracking Notice goes on to let users know that by giving Indiana University Health their email address, phone number, or fax number, they are consenting to receive communications-including marketing communications-from the organization.

Additional content from Indiana University Health highlighting consent for communication via submitted contact details

You should put a link to your Privacy Policy anywhere you need to get user consent-including wherever you collect names, email addresses, and phone numbers.

Providing access to your Privacy Policy in places such as consent banners that pop up when users first visit your website, newsletter sign up pages, and in-app menus can help ensure that users have the information they need in order to give informed consent.

Indiana University Health includes a link to its Privacy Policy on its account sign in page.

Indiana University Health's account sign-in page featuring a link to the Privacy Policy

When users sign up for a Guardian newsletter they are presented with a Privacy Notice that explains that the company's newsletters may contain information about charities, online advertisements, and third party-funded content. It includes links to its Privacy Policy and Terms of Service agreement.

Guardian newsletter signup form highlighting a linked Privacy Notice detailing possible newsletter content

With multichannel marketing it's important to get separate consent for each channel. One way to do this is through the use of a checkbox next to a statement describing what you want the user to agree to. Many companies get user consent through a statement that says that by checking a box users are agreeing to their linked Privacy Policy.

For instance, AP News' newsletter sign-up form includes a checkbox next to a statement that the user agrees that it can use their data as described in its Privacy Policy. Users must tick the checkbox before signing up.

AP News' newsletter signup form featuring a consent checkbox associated with Privacy Policy agreement

AP News' Privacy Policy lists its reasons for processing users' data, including advertising and marketing purposes.

Extract from AP News' Privacy Policy revealing reasons for processing user data

You can also use the checkbox method for getting user consent to send promotions and updates via SMS.

When users sign up for C2E2's newsletter, they have the option of providing their phone number to receive text messages from the company. They must tick a checkbox indicating that they consent to receive texts and that they understand that they can opt out of receiving SMS messages by replying "STOP".

C2E2's newsletter signup form with an option for users to consent to receive text messages

Another way to get consent is through a consent banner. A consent banner is a notification that pops up on a website or app and asks users' permission to process their personal data.

CNN's consent banner lets users know that by submitting their email address, users are agreeing to its legal documents, including its Privacy Policy.

CNN's consent banner notifying users that submitting their email address equals agreement to legal documents

Many companies use a cookie banner to ask users to agree to their use of cookies for advertising purposes.

Visitlondon.com's cookie banner pops up as soon as visitors open its site and explains that it uses cookies for targeted advertising, social media, and analysis purposes. It includes Preferences, Statistics, and Marketing toggles that users can switch on or off to adjust their preferences. Users must click OK before navigating to the site.

Visitlondon.com's consent banner explaining cookie use and allowing users to adjust preferences

Similarly, visitors to the Royal Albert Hall website are presented with a pop-up box that explains why it uses cookies. It includes a Customize button for users who want to adjust their preferences as well as an Allow all button for those who are ok with the company's use of non-essential cookies.

Pop-up on Royal Albert Hall's website explaining reasons for cookie use

Users who click on the Customize button can turn cookies-such as those used for statistics and marketing-on or off.

Retrieved from Royal Albert Hall's website's customize cookies button, showing choices of cookies to enable or disable

You should give users a way to easily withdraw their consent. The method you provide for users to control their preferences depends on the channel.

For instance, if you send promotional materials via email, it's a good idea to include an "Unsubscribe" link or a link to a page where users can manage their preferences within your emails. If you engage in SMS marketing, you'll want to include information about how users can stop receiving messages from you within the text.

Citi enables users to withdraw consent by clicking a link within a marketing email.

Preview of Citi's marketing email highlighting an opt-out link to withdraw consent

When users click on the opt-out link, they are taken to a page where they can submit their preferences.

Screenshot of the page where users can submit their preferences after clicking on Citi's opt-out link

MyEyeDr. explains that users can reply "STOP" to an SMS message to stop receiving texts from the company.

MyEyeDr.'s text message illustrating how to reply

Give Users a Way to Opt Out

Providing a way for users to opt out of certain data processing activities can help you comply with laws such as the CCPA.

Dropbox's cookie banner lets users know that they can opt out of having their personal data sold to or shared with third parties via its Customize cookies button.

Dropbox's cookie banner providing a customize cookies button to opt out of data sharing

Clicking on the Customize cookies button takes users to another pop-up box where they can opt out of the sale or sharing of their personal information as well as set their cookie preferences.

Dropbox's secondary pop-up box, accessible via customize cookies button for users to manage cookie preferences

The method you use to obtain user consent should also store their consent. Many businesses use a Consent Management Platform (CMP) to obtain and record user consent (such as TermsFeed Privacy Consent CMP). A CMP can help businesses collect and record user consent, typically through a consent banner.

Set Up a Preference Center

A tricky situation that can arise in multichannel marketing is when a user provides or withdraws consent for only one channel.

For instance, they may have consented to receive both email marketing and SMS messages from your company, but then decide to withdraw their consent to receive emails.

While in this situation you can technically still send SMS messages until they withdraw their consent, providing a centralized place where users can manage their consent choices for all of your business's channels can make the process more user-friendly.

Setting up a preference center makes it easy for users to make consent decisions for multiple channels in one place.

Spotify enables users to adjust how it processes their personal data-including for personalized advertising purposes-via its Safety and Privacy Center.

Spotify's Safety and Privacy Centre provides options to users for adjusting personal data processing

Users can easily change their tailored advertisement preferences by clicking on the Privacy Settings page link and switching the "Process my personal data for tailored ads" toggle off.

Spotify's settings page giving users an option to turn off personal data processing for tailored ads

P&G's preference center provides a way for users to make requests concerning their data, including limiting the use of their sensitive personal information and unsubscribing from marketing emails, SMS, and postal mail.

P and G's preference center page enabling users to request limitations on sensitive personal information use

Stay Informed About Privacy Legislation

Privacy laws are nuanced and ever-evolving. Keeping abreast of legislation changes that affect your business and consumers is an important step in ensuring compliance.

For example, states including New Jersey, New Hampshire, Minnesota, and Maryland all have privacy laws that take effect in 2025.

Summary

Multichannel marketing focuses on reaching as many users as possible by engaging with consumers through multiple, independently operated channels. Multichannel marketing is a less integrated approach than omnichannel or cross-channel marketing and requires user consent for each channel.

Maintaining consent management strategies for multichannel marketing can help you comply with privacy laws such as the GDPR, ePrivacy Directive, and the CCPA, and help build trust with your audience.

Strategies for managing consent for multichannel marketing include:

  • Maintaining a Privacy Policy
  • Getting separate consent for each channel
  • Giving users an easy way to withdraw their consent
  • Providing a way for users to opt out of certain data processing activities
  • Keeping consent records
  • Setting up a preference center
  • Staying up to date with privacy laws

Privacy Policy Generator
The first step to compliance: A Privacy Policy.

Stay compliant with our agreements, policies, and consent banners — everything you need, all in one place.

Generate Privacy Policy