The Race for Data: Utilizing Informative or Persuasive Cues to Gain Opt-In?

The European Union's General Data Protection Regulation (GDPR) mandates explicit user opt-in consent for data access. It recommends transparency in opt-in requests about data collection, storage, and use, without specifying the format of these requests. Consequently, the GDPR gives firms flexibility in designing opt-in messages. This research uses theory, multiple datasets, and methods to investigate firms’ communication formats for opt-in requests, addressing three questions: (1) How do firms design their opt-in requests? (2) Does the chosen format affect consumer response? (3) What drives firms’ choices of formats? The analysis of 1,506 repermission emails from 1,396 firms post-GDPR shows that 26% use only persuasive cues to request data, while 24% blend persuasive and informative cues. Notably, businesses with an offline presence use more persuasive cues compared with purely digital entities. A field experiment rationalizes this behavior showing that informative cues alone did not improve opt-in; a mix of persuasive and informative cues proved more successful. Additionally, firms dependent on personal data use persuasive cues more often than firms concerned with reputational risks of GDPR noncompliance. This study offers pivotal insights for regulators, firms, and consumers, revealing variations in how different firms acquire consent and the impact of their strategies on user behavior.