EXPRESS: The Race for Data: Utilizing Informative or Persuasive Cues to Gain Opt-in?

The EU's General Data Protection Regulation (GDPR) mandates explicit user opt-in consent for data access. It recommends transparency in opt-in requests about data collection, storage, and use, without specifying the format of these requests. Consequently, the GDPR gives firms flexibility in designing opt-in messages. This research uses theory, multiple datasets, and methods to investigate firms’ communication formats for opt-in requests, addressing three questions: 1) how do firms design their opt-in requests? 2) does the chosen format affect consumer response? 3) what drives firms' choices of formats? The analysis of 1,506 re-permission emails from 1,396 firms post-GDPR shows that 26% use only persuasive cues to request data, while 24% blend persuasive and informative cues. Notably, businesses with an offline presence use more persuasive cues compared to purely digital entities. A field experiment rationalizes this behavior showing that informative cues alone did not improve opt-in; a mix of persuasive and informative cues proved more successful. Additionally, firms dependent on personal data utilize persuasive cues more often than firms concerned with reputational risks of GDPR non-compliance. This study offers pivotal insights for regulators, firms, and consumers, revealing variations in how different firms acquire consent and the impact of their strategies on user behavior.