News Release

Navigating the opt-in maze: Balancing transparency and persuasion in data consent

Companies exploit GDPR flexibility to influence consumer choices

Peer-Reviewed Publication

Bocconi University

In the digital age, personal data is hugely valuable. Companies are eager to access this data, but regulations like the EU’s General Data Protection Regulation (GDPR) require users’ explicit consent. What GDPR doesn’t specify, however, is how firms should ask for that consent. Some lean on transparency, while others sweeten the deal with persuasive tactics, like offering discounts in exchange for personal information.

According to a recent study, "The Race for Data: Utilizing Informative or Persuasive Cues to Gain Opt-in?" by Sara Valentini of Bocconi’s Department of Marketing, Caterina D’Assergio of Marazzi Group, Puneet Manchanda of the University of Michigan, Elisa Montaguti of the University of Bologna, purely informative messages, while compliant with GDPR, don’t necessarily increase opt-ins. However, combining informative and persuasive cues—especially monetary incentives—may consistently boost opt-ins.

The data race: informative vs. persuasive approaches

The study, published in the Journal of Marketing, examines 1,506 re-permission emails from 1,396 firms sent after GDPR took effect. The analysis reveals that while GDPR emphasizes transparency, many companies use persuasive cues, such as discounts or rewards, to encourage opt-ins. The results show that 26% of firms exclusively use persuasive cues, 24% employ a mix of persuasive and informative content, and the remainder rely solely on information.

To understand the effectiveness of these strategies, the researchers conducted a field experiment. They found that purely informative messages, despite adhering to GDPR’s transparency mandate, did not significantly boost opt-in rates. On the other hand, a combination of informative and persuasive cues led to higher opt-ins across various settings. Notably, offering monetary incentives, such as discounts, proved to be particularly effective.

Does persuasion work?

This behavior highlights an interesting insight: while transparency is essential for compliance, users are more responsive when companies appeal to their desires or offer rewards. It suggests that consumers are often willing to exchange their data for tangible benefits, despite growing privacy concerns.

Interestingly, the choice of tactics is influenced by the nature of the company. Firms with a significant offline presence, like retailers or those selling physical products, tend to use more persuasive strategies compared to digital-only firms. Moreover, companies that heavily depend on personal data, such as those in advertising, are more likely to incorporate persuasive elements to increase opt-ins.

Implications for firms, consumers, and regulators

For businesses, the study suggests a balanced approach: combining transparency with persuasive incentives can be a highly effective strategy. However, firms must consider potential reputational risks, as pushing persuasion too far could erode trust or attract scrutiny by regulators.

For consumers, the takeaway is simple: stay informed and be cautious when sharing personal data. The lure of incentives can make people overlook the long-term risks.

Finally, regulators might want to adopt a more nuanced approach to monitoring GDPR compliance. While the regulation promotes transparency, the widespread use of persuasive strategies suggests that firms can still operate in a gray area, complying with the letter of the law while exploiting its flexibility.


Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.