From the practice of the Complaints Office (2): Are senders allowed to send DOI reminders?
What is the DOI procedure anyway?
As a matter of principle, the sender must obtain consent before sending advertising mailings. This follows from Article 6 of the GDPR and Article 13 of the ePrivacy Directive.
The DOI or double opt-in procedure is a procedure that makes obtaining this consent legally secure. Here, the email address holder must confirm their consent once before the consent process is completed. This ensures that a registration or consent actually comes from the owner of the email address. This is usually done by activating a confirmation link that is sent to the said email address.
The purpose of this procedure is, on the one hand, to ensure that arbitrary or third-party contact data cannot be misused for newsletter registrations or other advertising consents. On the other hand, the DOI procedure is also a documentation of the consent given and serves to be able to prove consent given in the event of a dispute, Article 7(1) GDPR.
If a third-party email address was misused in the context of a newsletter registration or advertising consent, the sending of the confirmation DOI email is only a tolerated exception from a legal perspective. Strictly speaking, it itself already constitutes unwanted harassment. However, for lack of a better procedure, legal scholars, and above all the courts, consider this email to be permissible, see rulings by German courts, e.g., the Berlin Regional Court (LG), the Frankfurt Higher Regional Court (OLG) and the Celle Higher Regional Court (OLG).
In this respect, the CSA also strongly recommends using the DOI procedure in order to meet the strict requirements of the GDPR regarding the obligation to provide proof and to prevent abuse, see Section 3.1 of the admission criteria.
The details of the perfect DOI mail are explained again in detail here.
What is a DOI reminder?
If the user does not confirm the link in the DOI procedure, this can have various reasons, e.g., DOI mails end up in the spam filter, the recipient is absent for a longer period of time and overlooks the DOI mail, or they do not want to receive advertising. Or the registration or consent does not come from the recipient at all, which is why they ignore the DOI email.
The sender therefore does not know why this did not happen and – understandably – wants to ensure that those who are interested in the advertising mailings receive them in the future.
Is the sender allowed to send reminders?
As already explained above, the confirmation email is an absolute exception in order to enable a clean and verifiable consent procedure.
A further intervention in the form of a reminder sent to the user therefore crosses the line into harassment and is already illegal. This becomes particularly clear in the case where the address written to was provided by a third party. Here, the recipient of the DOI mail did not react because, after all, they did not trigger it themselves.
The sender should therefore always interpret a non-confirmation as a rejection. Especially because the recipient could simply have changed their mind and then harassment or even pressure could be exerted through reminders.
If a sender is frequently confronted with the problem of unconfirmed DOI mails, they should focus on improving the reputation and deliverability of their mails. Certification through the CSA can make a significant contribution to this. You can read more about the benefits of certification here.