I have used a checklist approach that might help grocers improve unsatisfactory email metrics, such as a) signup to unsubscribe ratio; b) signup to read ratio; c) signup to conversion ratio and d) spam reports.

With the lack of consistency seen between these 10 supermarkets, there should be little surprise that authorities around the world are concerned that customers may be unwittingly consenting to receive marketing communications.

Global clampdown requires global response from retailers

Authorities around the world have been gradually tightening guidelines for obtaining consent. Canada, for example, has some of the tightest rules, which helps to explain why Walmart Canada’s approach is (currently) very different to that of Walmart US.

The UK Information Commissioners Office (ICO) recently closed a consultation period on its draft email consent guidelines, arguably quite a strict interpretation of the General Data Protection Regulation (GDPR) – a Europe-wide data privacy regulation that come into force in May 2018.

As multinational retailers are bound by the rules in the country where their email subscriber resides, it may make sense to comply with some of these tighter regulations across the board.

Colby Cavanaugh, senior vice president of marketing at email marketing provider Emma.

“Each country has different regulations around email marketing, and it’s important to remember that you must abide by the laws of the countries you send to, not just the one you operate in. If any of your subscribers live in Canada, for instance, you must adhere to CASL, one of the strictest sets of laws around email permissions in the world.”

Common sense

But the question retailers should be asking is: do we need wait for regulation to put our house in order? Email consent isn’t just about business ethics, it’s also about what’s good for business.

Like all dealings between retailer and customer, signing up to emails should be a matter of customer choice. It is clear that the ICO and other authorities worldwide do not feel current practices follow this principle.

Padding your email subscription program with customers who do not want to be there is at best totally pointless, but is also likely harmful to customer relations, brand reputation, and the future viability of the email program itself if too many recipients mark the company as spam. A clean email list of quality subscribers who want to receive emails will deliver a higher conversion rate and sales.

If in doubt, ask your email provider for advice. You may be surprised how many recommend active opt-in for consent, regardless of local rules.

Colby Cavanaugh:

“Best practices state that email opt-ins during the checkout process require active, explicit opt-in. This means customers must check a box themselves to sign up for your list. Using this practice means that you’ll be in compliance with more parts of the world beyond the US, including Canada. It does weigh quality over quantity — your list will grow slower, but on the plus side, you’ll be more confident that your subscribers actually want email from you.”

However, “if someone has made a purchase from your organization recently, they can fall into a category known as ‘implied opt-in’,” says Becca Brennan, deliverability and compliance analyst at GoDaddy Email Marketing. “It should be fine to send them mail that’s directly related to the products they purchased. That being said, it’s still advisable to allow those customers to subscribe themselves,” she adds.

What are the new guidelines?

This study was loosely based on the recommendations of the draft guidance of the UK’s ICO, based on the upcoming GDPR regulation. Whether or not you send email to recipients in the UK or Europe, these guidelines are a good indication of opt-in best practice. Guy Hanson, Chair of DMA Email Council, sums up the proposed changes:

“In the draft guidance, the ICO lists the main changes that email marketers will need to consider:

(i) Active opt-in: the GDPR makes it clear in the recitals that pre-ticked boxes are not a valid form of consent. Clear opt-in boxes should be used.

(ii) Unbundled: asking for consent should be separate from other terms and conditions so individuals are clear what they consenting to. Consent should not be a pre-condition of signing up to a service unless it is necessary for that service.

(iii) Granular: where there are various different types of data processing that may occur, allow for separate consent as much as possible. The ICO want organisations to be as granular as possible which means giving consumers more control over what they’re consenting to.

(iv) Named: always tell individuals who your organisation is and name any third parties that the data will be shared with. The draft ICO guidance states that terms like ‘we will only share your data with other mens clothing retailers’ are not specific enough. The individual organisations the data will be shared with need to be named.

(iv) Easy to withdraw: individuals should be easily able to withdraw their consent. Organisations must put in place simple and fast methods for withdrawing consent. Tell individuals about their right to withdraw consent.

(v) Documented: maintain records of the consents you have. Record the following information: what the individual has consented to; what they were told at the time; and the method of consent.

“Note the section in the ICO guidelines that states “Do you always need consent? In short, no. Consent is one lawful basis for processing, but there are five others.” A lot of data owners are likely to seek to rely on the ‘legitimate interests’ alternative, and consultation is also underway to firm up what will/won’t meet the definition for this.

Summary of results

We took a peek at the opt-in/out of the following supermarkets: 

  • Aldi (UK)
  • Asda (UK)
  • Kroger (US)
  • Morrisons (UK)
  • Sainsbury’s (UK)
  • Tesco (UK)
  • Waitrose (UK)
  • Walmart Canada
  • Walmart US
  • Woolworths Australia 

If you can’t be bothered to read any further, here’s a summary of the results/conclusions. N.B. These are the observations and conclusions of the author, solely: 

  • Registration is compulsory to allow purchase (sometimes also browsing, add to basket and view basket), with the exception of Walmart Canada and Aldi.
  • Three supermarkets (Woolworths Australia, Sainsbury’s and Walmart Canada) require customers to actively tick a checkbox to opt-in to emails.
  • The other seven supermarkets have a passive opt-in (i.e. they require customers to actively opt-out of emails). Four do this by getting the user to tick a box (Tesco, Waitrose, Asda; Aldi), and the other three ask the user to untick a box (Kroger; Walmart US; Morrisons).
  • Six supermarkets do not make clear that users will receive emails unless they opt out (Walmart US, Morrisons, Aldi, Asda, Tesco, Kroger).
  • Two supermarkets do not make clear from which companies the user is consenting to receive emails (Kroger, Walmart US).
  • The opt-in/out button is in smaller, less defined text, or is ambiguous on the websites of five supermarkets (Walmart US, Sainsbury’s, Morrisons, Asda, Waitrose).
  • For two supermarkets, opt-in/out is combined with or easily confused with acceptance of terms and conditions and privacy statement (Morrisons, Asda).
  • For three supermarkets, opt-in/out does not clearly mention the word ’email’ or use the words ‘subscribe’, ‘sign-up’, ‘opt-in’ or ‘opt-out’ (Sainsbury’s, Tesco, Morrisons).
  • Opt-in/out does not make clear that the user can opt out any time in the case of Woolworths, Sainsbury’s, Morrisons, Tesco, Kroger, Aldi and Walmart US.

Image 2: Aldi (UK) – guest checkout page, with opt-out consent for email subscription.

1. Purchase as guest versus enforced registration

Eight out of the 10 supermarkets do not allow customers to checkout as a guest.

This forces customers to register before they can purchase. The registration drive feels particularly aggressive where retailers do not allow visitors to view products pages or add to basket without flashing up a compulsory sign in or sign up popup.

All supermarkets have an opt-in or opt-out email subscriber recruitment initiative at registration or during account registration. So compulsory registration means every shopper is forced to make an opt-in/out decision about subscribing to marketing emails, before they can purchase, sometimes before they can browse products. This is particularly of concern where retailers by default opt-in all registering customers unless they opt out.

Not keen on:

Retailers that aggressively push registration or sign in, long before checkout e.g. Asda (when first product is viewed or added to the basket, see image 7), Morrisons, Waitrose, and Tesco.

Image 3, below, demonstrates how Tesco requires shoppers to register before an item is placed in the basket. By default Tesco adds registrants to its email, SMS, direct mail and telephone database, unless they tick a box at checkout to opt out.

Tesco also makes enrolment in its Clubcard loyalty program obligatory. There is no opt out. If you select No [I do not have a Clubcard] Tesco will “add one to your account so you do not miss out on points”. This means you cannot shop at Tesco.com unless you join the loyalty program. No other supermarket imposed this condition.


Aldi UK (see image 2 above) – allows purchase as guest. Aldi by default adds customers to its email database, unless they tick a box at checkout to opt out.


Walmart Canada – allows guest check out; does not solicit email signups from its guests. Those that choose to register are greeted with a beautifully crafted registration form explaining benefits, with active opt-in to receive emails.

Image 3: Tesco (UK) – Sign in or register popup + registration page, with ‘not thanks’ opt-out consent for email subscription.

2. Active opt-in / passive opt-in / active opt-out

The 10 grocers examined illustrate the three common scenarios of opt in/out. There can be no doubt that the lack of standard approach adds to customer confusion and frustration.

Three types:

(i) Customer must actively tick checkbox to opt-in for emails. This is widely recommended as best practice by email practitioners / platforms / associations and is in-line with or exceeding global guidelines.

(ii) The opt-in to emails has been pre-ticked by the retailer. By default the customer is opted in unless they actively untick the checkbox. This can be confusing and frustrating for customers. Increasingly industry guidelines (e.g. ICO) do not favour this approach.

(iii) Customer must actively tick checkbox to opt-out. By default the customer is opted in. It is never clear if the customer has (in their mind)consented or not. This is not in-keeping with the active opt-in recommended by more stringent guidelines, including draft ICO.

Not keen on: 

  • Kroger, Walmart US (see image 5) and Morrisons – customer must un-tick opt-in.
  • Tesco (see image 3); Asda (see image 7); Aldi (see image 2) – customer must tick to opt-out.
  • Waitrose (see image 8) requires tick to opt out. Box contains shadow tick that could be confused for pre-tick. 


  • Woolworths Australia (see image 10), Walmart Canada (see image 6).
  • Sainsbury’s gives customers two compulsory choices opt in or opt out (see image 4).

The Sainsbury’s form is not perfect, but is one of the best. It is excellent and unique, among those I looked at, in the way it gives customers two clear choices (opt in or opt out). These are radio buttons, the customer must choose one or the other or they cannot register, either ’I do want to hear about offers and services’ or ‘I do not want to hear about offers and services’.

Image 4: Sainsbury’s (UK) registration page, with choice between opt-in or opt-out consent for email subscription.

3. Opt-in/out is not in line with form fields and subscribe or checkout button

When building registration forms it is important to give the user a sense of flow. If the customer is filling out fields and clicking a register confirmation button on one side of the page the opt-in/out checkbox should also be on the same side.

Not keen on:

Morrisons – the entire form is on the right of the page, but the pre-checked opt-in is on the far left bottom corner where it could easily be missed by the customer (see image below) (UPDATE July 2017: Morrisons seems now to have fixed this problem). 

Room for improvement:

Sites that put the opt-in/out checkbox on the left and the button on right e.g. Sainsbury’s (image 4) and Woolworths (image 10).


Registration pages that place opt-in/out checkbox on the left and the button inline on the left (or both on right), e.g. Walmart US (see image below).

Image 5: Morrisons registration form and Walmart (US) registration form. By default, customers are opted-in to email subscription.

4. Opt-in/out is below the subscribe or checkout button

The norm is for the opt-in/out to sit above the register/create account button. As customers read webpages vertically, often ignoring small print below the call to action, there is more chance that by placing the opt-in/out below the call to action it may not been seen, read or considered until after the button is already pressed.

If the default position is that the customer is added to the email database, unless they uncheck an opt-in box or tick an opt-out box, then there’s a big danger that subscription is without knowledge or consent.

Use A/B testing and user testing to test the placing (and wording of) opt-in/out. If placing the checkbox below the button impacts the opt-in/out rate, then fix it.

Not keen on:

  • Walmart US – places the terms of use and privacy consent above the ‘create account’ button, but the pre-ticked opt-in box below (image 5). Using a bright orange tick, in the same colour as the consent button, may mitigate the issue.
  • Morrisons – the situation is exacerbated by introducing considerable white space between the register button and pre-checked opt-in and placing one far left and the other far right (see image 5).


  • All retailers that place opt-in/out directly above the registration button, assuming the nature of consent is absolutely clear.


Walmart Canada – opt-in is directly above ‘create my account’, it’s bold, clear and blue (see image 6 below). If any retailer has a better form than Walmart Canada, let us know in the comments below. The checkbox details signup is optional and says “Get up-to-date information on weekly flyer features, Rollback & Clearance items, exclusive products, and Walmart offers. You can unsubscribe at any time.”

Image 6: Walmart (Canada) registration form; requires active opt-in to sign up to emails.

5. Opt-in/out is in smaller, less defined text, or is unclear or ambiguous

Not keen on:

Asda – too verbose and not sufficiently clear (see image 7). It needs to be immediately clear that this is an opt-in or opt out to receive email messages. Asda’s opt-out (see image 7 below) contains pertinent information, but it is too long and imprecise. The bolding of “don’t want” helps, but not a lot.

Room for improvement:

Morrisons (see image 5), Walmart US (image 5), Waitrose (image 8).


Sites with brief, straight-talking statements in large bold text e.g. Tesco (see image 3) where “No, thanks” is in bold. Or Waitrose – “I’d prefer not to receive”.


Sites that put the entire opt-out in bold clear text, e.g. Aldi (see image 2) or Walmart Canada (see image 7 above).

Image 7: Asda registration form; customers are opted-in to email subscription, unless they opt out.

6. Opt out does not specify that customers will receive emails unless they actively opt out

Not keen on:

Any ‘opt-out retailer’ who does not explicitly tell customers they will receive emails unless they opt-out – Walmart US, Morrisons (both image 5), Aldi (image 2), Asda (image 7), Tesco (image 3), Kroger.


Waitrose (see image below). Waitrose is the only one of the seven opt-out retailers who specifies: “By providing your details you agree to be contacted by us”. But it would be preferable if this was not buried in the middle of a paragraph.

Image 8: Waitrose (UK) registration form and default opt-in explanation.

7. Opt-in/out does not specify from which companies customers will receive emails

Not keen on:

Opt-in/outs that do not mention any company – Kroger, Walmart US (image 5)

Room for improvement:

Opt-in/outs that do not mention sending company, but do not specify if other companies – subsidiary or third party are excluded: Aldi (image 2), Woolworths (image 10), Asda (image 9), Morrisons (image 9).


Opt-in/outs that specifically include subsidiary companies in text – Sainsbury’s (image 9) – or asterisk and footnote, such as Tesco (image 3).


  • Waitrose (image 8) – enables customers to opt out individually from mailings from Waitrose, John Lewis and John Lewis Financial Services.
  • Walmart Canada – “don’t worry, we will never sell or rent your personal information. It’s part of our privacy policy” (image 6)

8. Opt-in/out is combined with or easily confused with acceptance of terms and conditions and privacy statement

None of the 10 retailers makes opt-in compulsory, or combines it with the terms and conditions or privacy statement (which must be accepted), but with two retailers it is possible for the customer to make the mistake that the check box is to accept of terms and conditions or privacy statement.

Not keen on:

Morrisons (image 9). – only with careful reading is it clear that terms and conditions are not bundled with opt-out.

Room for improvement:

Asda (image 9) – the stand out words in the opt-out are bright blue and link to Privacy Policy. 


Retailers that have separate tick boxes for accepting terms and conditions and opting in/out to emails.


Sainsbury (image 9) – terms and conditions and opting in/out to emails are in separate and boxed sections of form.

Image 9: Sainsbury’s, Morrisons, Asda. Drawing a line between terms and conditions and opt-in.

9. Opt-in/out does not mention the word “email”, bundles email with other forms of communication or does not use the words “subscribe”, “sign-up”, “opt-in” or “opt-out”.

Not keen on:

Catch all opt-out/opt-ins e.g. Tesco (image 3) or Sainsbury’s (image 9) – “We’d love to keep in touch with you by post, phone, SMS, email and other electronic means with money off vouchers, exclusive offers and the latest info, from Sainsbury’s and Sainsbury’s companies.”

Fluffy speak e.g. Asda (image 9) – “We’d love to keep in touch” 

Room for improvement:

Aldi (image 2) – “I’d prefer not to receive marketing information about Aldi’s products and offers.”


Walmart US (image 5) – “Email me about Rollbacks, special pricing, hot new items, gift ideas and more.” 


Walmart Canada (image 6) – “Sign up for Walmart.ca emails (optional).”

Woolworths Australia – (image 10 below): “Communication preferences. Yes! I would like to receive updates about products & services, promotions, special offers, news & events from Woolworths Online via [Checkbox] SMS [Checkbox] email.”

Image 10: Woolworths (Australia) registration page.

10. Opt-in/out does not make clear that can opt out any time

Whether customers are opted-in to email marketing by default or actively opt-in, it is important to inform them of their right to unsubscribe at any time, ideally explaining how.

Not keen on:

Retailers with no notice, including Woolworths (image 10) and Sainsbury’s (image 9).


Asda – “You can ask us to stop at any time” (image 9). Waitrose (image 11) – “You can stop receiving our updates at any time by getting in touch”.


Walmart Canada (image 6) – “You can unsubscribe at any time.”

11. Disadvantage customers who do not opt in

Opt-in/opt-out must be voluntary.

Not keen on: Waitrose (image 11).

Prefer: all others.

The only site that showed suggestion of a disadvantage for not signing up to emails is Waitrose, which states: “If you have a my John Lewis membership card, we’ll be unable to continue that membership if you opt out of receiving information from John Lewis.”

Image 11: Waitrose registration page, with condition.

N.B. These are the observations and conclusions of the author, solely. Feel free to agree/disagree and suggest other factors in check in/out success in the comments below.

Econsultancy subscribers can download the Fundamentals of Email Marketing, a best practice guide.