What's an Opt-out Policy

What's an Opt-out Policy

"Opting out" in a legal sense means the same as it does in an everyday sense. To "opt-out" means you are choosing to no longer participate in something.

Opting out becomes significant in a legal sense when you develop a website or app that's legally required to provide a method of opting out to those who use your website or app.

Not all business models are required by law to provide an opt-out method for customers.

An opt-out policy that lets customers know that they have the ability and right to opt out of aspects of your website or app, as well as a clear and easy-to-follow method for actually opting out, are required by law in certain circumstances, discussed below.

Most businesses choose to include the Opt-out Policy required in their Privacy Policy agreements.


Platforms where opt-out is required

Email marketing

Commercial email marketing platforms are required by law to include opt-out or unsubscribe methods.

FTC Logo

This law is known as CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) and is enforced by the FTC (Federal Trade Commission) in the United States.

Email is considered to be "commercial" for purposes of CAN-SPAM if the email messages are sent out with the main purpose of advertising or promoting a commercial product or service.

To be compliant with CAN-SPAM, each commercial email must have the following aspects:

  1. A working unsubscribe mechanism that's easily visible and noticeable by customers,
  2. Accurate and relevant "From" lines and subject lines, and
  3. A physical address present.

Unsubscribe requests by customers must be honored within 10 days.

Remarketing

Remarketing platforms like Google AdWords, AdRoll, and Perfect Audience all provide Privacy Policies where they require users of their services to update their own Privacy Policies to inform their customers that remarketing is taking place, as well as provide a method for customers to opt-out of remarketing if they desire.

This opting out can either take place through the third party that's using the remarketing platform, or the third party can link back to the main remarketing platform's method for opting out.

Logo of Google AdWords

For example, Google spells out what must be included in your Privacy Policy if you sign up to use AdWords for your business.

The last requirement is that the Privacy Policy includes "information about how your visitors can opt-out of Google's use of cookies by visiting Google's Ads Settings."

The requirements on Opt-out Policy from Google AdWords.

If you're developing a remarketing platform, you must create an opt-out method for users. You also need to require third parties that may use your service for remarketing their businesses to update their Privacy Policies to inform customers that remarketing is taking place, and that there is a method to opt out and provide that method.

Analytics

Analytics tracking platforms collect personally identifiable information and are thus required to have a Privacy Policy and an opt-out method.

United States Flag

In the United States, CalOPPA (The California Online Privacy Protection Act) requires this, and in Europe, the Data Protection Directive regulates this. Other countries also have similar laws with similar requirements.

Analytics tracking platforms themselves have requirements for websites who use their platforms.

Google Analytics Logo

For example, Google states in its Terms of Service for Google Analytics that:

You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. This can be done by displaying a prominent link to the site "How Google uses data when you use our partners' sites or apps", (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time).

Requirements of Opt-out Policy from Google Analytics

Other platforms

Any other sort of business model that provides a platform where other businesses can collect and use personal information should have Terms and Conditions in place that require these their customers to include an opt-out method and/or policy in their own Privacy Policies.

Outbrain includes their opt-out link right in their Privacy Policy so that it's easily findable by users. This is common practice, and opt-out information should be placed in the Privacy Policy.

Outbrain: Opt-out method in Privacy Policy

Remember that it's important to actually adhere to what you include in your Privacy Policy.

Nomi Logo

Consider the case against Nomi Technologies where Nomi had an app that tracked shoppers around their stores so as to better understand consumer behaviors.

Nomi had stated in its Privacy Policy that its customers would be given notification when they were being tracked and would also be given the option to opt-out of the tracking, neither of which they did. The court decided against Nomi and found that if you claim to give consumers choices about their privacy, you should make sure those choices are actually available.

Examples of opt-out policies

It's very important, and very easy, to include opt-out policy information and functions in your website or app.

Here are some examples of how other platforms have executed this requirement to inform users about an opt-out method

Examples from email marketing

Remember, an opt-out method for emails is required for all commercial email messages under the federal CAN-SPAM law, as well as by individual email platforms, such as MailChimp.

UpWork's emails all have an Unsubscribe link at the very bottom.

UpWork: Unsubscribe link in email newsletters

Emails from eBay ask recipients if they don't want to receive emails from eBay and provide a link to click if the recipient wishes to be removed from the mailing list.

eBay: Do not want to receive emails

Examples from analytics platforms

Remember, since Analytics platforms track users and collect and use personal information and data from these users, a Privacy Policy and method for opting out of this data collection and use must be made available to users under CalOPPA and the EU Data Protection Directive.

Logo of Kissmetrics

Kissmetrics includes information in its Privacy Policy that tells users what information is collected, how that information is used, and then provides a link for "User Privacy Controls" where users can find "information for opting out of these communications."

Kissmetrics: User Privacy Controls as Opt-out Policy

Logo of Mixpanel
Mixpanel includes two sections of opt-out information in its Privacy Policy.

First, in the "Information Collected Via Technology" section, in the "Cookies" paragraph, a link is included to where users can go if they "would like to opt-out of" the Mixpanel tracking cookie.

Mixpanel: Opt-out link in Privacy Policy

There's also a section titled "Your Information Choices and Changes" that includes information on opting out of email communications, a collection of information by the app, and how "do not track" signals affect a user.

Google Analytics Logo

For Google Analytics, the Privacy Policy of Google includes a separate section titled "Transparency and choice" that lists links to a number of different controls that users can adjust, such as opting out of some data collection and how collected information is used, if allowed.

Opt-out method in Google Transparency and Choice section

Examples from remarketing platforms

Remarketing platforms are similar to analytics platforms in that they both collect and use personal information from users, thus must both include a Privacy Policy and opt-out method.

Logo of AdRoll

AdRoll places a link in the footer of its website that lets a user adjust ad preferences. This makes it very convenient and noticeable for users who wish to opt out either fully or partially from the AdRoll services.

AdRoll: Adjust ad preferences as Opt-out

The "Privacy Notice" of AdRoll also includes a section for "Your choices and opting-out." This section lets users know how they can opt out of targeted ads from both AdRoll and other advertising companies.

A specific AdRoll opt-out link is provided, as well as a link to the Network Advertising Initiative opt-out tool.

Canadian options, as well as European opt-out options, are included for further clarification and international compliance. This is a very thorough Privacy Policy and opt-out format.

AdRoll: Privacy Policy Choices and Opt-out Method

Logo of Perfect Audience

Perfect Audience includes a "Platform Opt-out" as well as a "Partner Opt-out" at the very top of its Privacy Policy.

These opt-out options are easy to spot, and their placement shows how important they are. The breakdown of platform versus partner is also useful so that people are aware that there may be a number of different opt-out actions to take before a user is fully opted out.

Perfect Audience: Platform vs. Partner opt-out

Sara P.

Sara P.

Law school graduate, B.A. in English/Writing. In-house writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.