Iubenda logo
Start generating

Documentation

Table of Contents

How to collect opt-in consent on mobile under the GDPR

Is opt-in necessary under the GDPR? How do you go about setting up a GDPR opt-in for mobile? In this post we’ll show you step by step, the correct way to set up, and some tools that can help.

Is opt-in consent necessary under the GDPR?

Yes, opt-in consent is necessary for certain processing activities carried out by mobile apps. Generally, things like direct email advertising and cookies will require opt-in consent. These two scenarios will require different tools to help you comply.

We’ll start with email consent forms first, but you can click here to jump to the section on cookies.

Collecting opt-in consent to direct email marketing under the GDPR:

Under the GDPR, your users that you sign up to your mailing list should have the following:

  • The opportunity to give their informed consent. Users should be informed of the reasons you’d like their email address and the kind of emails they can expect to receive (e.g. third party advertisements).
  • The ability to opt in to the consent rather than opt-out. Pre-ticked checkboxes are forbidden.
  • The ability to give granular consent. Separate consent must be collected for separate purposes. example of correct gdpr email consent collection form vs incorrect
  • The ability to withdraw their consent after it’s been given. This option should be visible and easy to identify. A popular approach is to include an “unsubscribe” link in the footer of all your email communications.

Under the GDPR you should have the following:

You can read more about setting up email/ newsletter lists under laws like the GDPR and the US’ CAN-SPAM Act here.

Collecting opt-in consent for cookies

Here’s how to collect opt in consent for cookies on mobile apps:

Make sure that you have a banner visible on your app at the user’s first visit

The banner should:

  • inform users of any cookies that your app uses;
  • disclose the users’ rights in regards to the cookies (they have the right to refuse consent or withdraw it after it’s given);
  • link to a cookie policy that explains in detail the purpose of the various categories of cookies and the third-parties involved; and
  • to ask for the user’s consent before running those cookies in the first place.
🍪
More on cookie consent

To get a more detailed understanding of the law that governs cookie consent and read answers to frequent questions around this topic, check out this article:

👉 How Must I Manage Cookie Consent in Order to Be Compliant

Block any scripts that could run non-exempt cookies

Because informed opt-in or prior consent is required under the GDPR and ePrivacy (Cookie Law), you’ll need to make sure that you’ve set up a mechanism that block non-exempt cookies until the user has given consent via an affirmative action such as clicking and “Accept” button.

This is where our Cookie Solution comes in. With a few short clicks it lets you:

  • easily inform users via cookie banner and a dedicated cookie policy page (which is automatically linked to your privacy policy and integrates what’s necessary for cookie law compliance);
  • obtain and save cookie consent settings;
  • preventively block scripts prior to consent.
iubenda Cookie Solution configurator screen opt-in consent

It’s completely free for up to 25K page views per month (no payment info required for free accounts), with affordable plans available for sites that have more monthly traffic. You can start generating for your mobile site in minutes using the button below or email us at info@iubenda.com to access the Cookie Solution mobile SDK (available as a native component for iOS and Android).

Manage cookie consent with the Cookie Solution

Generate a cookie banner

About us

iubenda

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also