Double opt-in in Germany – is it legally mandated?

I noticed some buzz around the German opt-in legislation lately, or more precisely: concerning the use of double opt-in. (See for example the “Drowning in data” panel recording from the last Email Insider Summit at 38:11, or this tweet.) So… is double opt-in, where subscribers have to activate their subscription by clicking a confirmation link, required in Germany? Here are the most important things for you to know:

  • Opt-in requirement for advertisements.
    Generally speaking, 99.9% of commercial email communication needs an opt-in. Unlike in telemarketing, it doesn’t matter if it’s B2C or B2B. An opt-in

    “may be given by any appropriate method enabling a (1) freely given (2) specific and (3) informed indication of the user’s wishes, including by ticking a box when visiting an Internet website”

    (EU-Directive 2002/58/EC, numbering & emphasis by me). The only exemption, sending advertisements to established customers that contain only proprietary offers for similar products or services to the ones bought, has a practical relevance of close to zero due to several reasons.

  • What’s an ad?
    “Advertising” is defined very broadly as

    “the making of a representation in any form … in order to promote the supply of goods or services”

    (EU-Directive 2006/114/EC). If your email contains (or even focuses around) such representations, it’s likely to be classified as a commercial email at a whole. So… a neutral shipping confirmation is no ad. What about a simple newsletter? Surely an ad, as stated by the Federal Supreme Court in 2004. Alone asking, if someone wants to subscribe to your newsletter, is considered as advertising. But that’s not all: asking someone to sell (not buy!) you banner spaces can also be advertising. It’s weird, I know.

  • Strict email regulations.
    Sending unsolicited commercial emails is strictly forbidden. “Just the once will not hurt” is not applicable, a prior consent is needed for every commercial email, including the first one. Not because it’s costly to download and sight the single unsolicited email and mark it as spam. The danger comes from the excessive use of more and more market players; sending masses of unsolicited emails is practically possible at no cost for everyone. In Germany, the email inbox belongs to the individual’s private sphere. So spam is – amongst other things – considered as an invasion of privacy. Case law is generally very consumer-friendly. In a dispute, the advertiser always bears the burden of proving that any recipient opted in to receive his emails. If he fails, he loses.
  • No law states a double opt-in requirement, but …
    We got no explicit law saying “any consent has to be verified by clicking a link in a checkmail” or something like that. Your subscribers can opt-in via single opt-in or confirmed opt-in, too. Both work perfectly well. But only as long as you don’t have to prove the usual eletronic opt-in before a court. That’s the crux with single opt-in: it’s impossible to prove an opt-in for, if someone else entered his email address in the subscription form. So Max Mueller will inevitably be sent an unsolicited email ad, e.g. in form of a newsletter. Consequently, several courts stated that single and confirmed opt-in are both no appropriate means to prove a consent.
  • Double opt-in is appropriate to prove an opt-in.
    However, double opt-can can resolve these shortcomings. The Federal Supreme Court stated that double opt-in is an appropriate means to prove consent. Therefore, the 2nd opt-in has of course to be logged in a database. Furthermore, the checkmail must be neutral. This is not the place for offering special discounts or similar stuff. It’s just meant to get the confirmation to “yes, I want the weekly newsletter with cooking recipes” by clicking on the activation link. And all requirements of the first opt-in, e.g. concerning information obligations, do also apply on the second one.

To sum it up

Double opt-in is not legally mandated in Germany. But it is recommended in many scenarios. Without a well-documented DOI you may not be able to prove permission, depending on the judge. Moreover, DOI doesn’t hurt, I use it, too. 😉 (Not for legal reasons, but mainly for list hygiene.) Because DOI is recommended, it’s particularly widespread in Germany when compared to other European countries: 45% use double opt-in here, the rest relies on confirmed opt-in; in U.K., just 5% use DOI, in Italy and France it’s 15% (source). People are used to it and learned the process. However, in the end, even DOI can’t provide you with 100% legal certainty. As you see, direct marketing legislation is a rather complex topic…

You’ll find more info under the tag “double opt-in” and in my weekly newsletter.

German and European email legislation is very strict. Interested in following recent news and developments? Get the Friday-roundup. I'll keep you posted: (archive♞)
Yes, I accept the Privacy Policy
Delivery on Fridays, 5 pm CET. You can always unsubscribe.
It's valuable, I promise. Subscribers rate it >8 out of 10 (!) on average.

14 Responses to Double opt-in in Germany – is it legally mandated?

  1. Double opt-in in Germany – is it legally mandated?

  2. Double opt-in in Germany – is it legally mandated?

  3. RT @LukeAnker: Double opt-in in Germany – is it legally mandated?

  4. Pingback: Thunderbird wants email advertisers to honor ‘Do Not Track’ | E-Mail Marketing Tipps

  5. Pingback: Welcome to Absurdistan: Did a higher Regional Court just kill double opt-in in Germany? | E-Mail Marketing Tipps

  6. Lisa Schmalensee

    Does this also apply when, for example, sending newsletters to your existing customers (B2B)?

  7. There’s no difference between B2B and B2C. Practically all scenarios require an opt-in. The only exception is within the context of an existing customer relationship (i.e. someone has bought something), where you might offer similar products & services to the ones, which were bought. This only works under narrow restrictions, so that this exception is more or less worthless – at least here in Germany…

  8. Hello there,
    Is opt-out authorized in Germany? I mean, I can see that some website automatically “opt-in” the users. He has to opt-out if he doesn’t want to receive newsletter and other ads from partners

    • Hi Laura. The link, which you provided, leads to a dedicated newsletter sign-up page, doesn’t it? Entering your data under the headline ‘get our newsletter’, ticking the privacy checkbox and clicking the send button is an explicit consent to receive commercial emails. The consent also sufficiently precisely defined by the three preference checks above. All in all, this seems like an example of a flawless opt-in mechanism. In fact, is also double opt-in, because you have to confirm the sign-up in a checkmail. Opt-out is a no-go in Germany (and the European Union). Even double-opt-in may not be safe according to a ruling two years ago, to which people still shake their heads…

  9. Pingback: Subscriber Feedback: Learnings from Unsubscribe Reasons

  10. Hi there! Nice post!
    What information do you have to store to prove the double opt-in fact? IP address? Timestamp?

    • Thank you, Nick. In Germany, marketers store the URL/source, the timestamp and the IP of the confirmation (that’s the important one) and of the first optin (less important). They must also be able to restore the complete signup process at the given time – including e.g. screenshots of the opt-in page, the confirmation email that has been clicked, the data privacy rules that have been accepted etc. In case you speak German, you’ll find more information in my book (Google Books, Amazon).

  11. hi,
    firtst of all thanks for your blog and the rich information it provides. Can you shine a light about abandonned cart email: can we send these kind of campaigns without optin considering that they are “services” email rather than commercial email?


    • Hi Guillaume, I’m glad you like the blog. The case of abandoned cart emails is quite difficult here in Germany. The Centre for Protection against Unfair Competition (so called “Wettbewerbszentrale”) recently issued a warning. Those emails would – without any doubt – be commercial communication. So you’d need consent in receiving commercial emails beforehand (opt-in). However, that’s not enough. You also need another consent that allows you to build personal user profiles. Those profiles may include information such as “user x@y.z clicked link 123” or “user x@y.z put product 4 into his basket but she did not check out”. As I said: it’s complicated from a legal point of view. I’ve written a lot about it on Like in the previous comment, my book contains a chapter, which sheds some light on the topic. It’s in German though…

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.