Email Marketing Consent Wording: Examples That Meet PECR Requirements

Your email signup form is a legal document. Most businesses do not treat it that way. The text next to that subscribe button — or checkbox, or toggle — is the consent wording that the ICO will examine if they investigate your email marketing.

Get the wording right and you have defensible consent evidence. Get it wrong and your entire subscriber list may lack valid consent under PECR, no matter how many people clicked "subscribe."

What PECR requires from consent wording

Regulation 22 of PECR requires that a person has "notified" the sender that they consent to receiving marketing communications. The ICO interprets this through the same standard as GDPR consent: it must be freely given, specific, informed, and unambiguous.

In practical terms, your consent wording must:

1. Identify your organisation by name. "We" is not sufficient. The subscriber must know who they are agreeing to hear from.
2. Describe the type of marketing. "Updates" is vague. Will they receive product offers? Educational content? Partner promotions? The wording should set expectations.
3. Specify the channel. Email? SMS? Both? Tell them.
4. Require an active opt-in. An unticked checkbox that the subscriber ticks, or a clear affirmative action. Pre-ticked boxes do not count.
5. Be separate from other consents. Marketing consent cannot be bundled with terms and conditions acceptance or other agreements.

Examples that meet the standard

These examples demonstrate wording that satisfies PECR requirements. Adapt them to your specific business — the key elements are identification, specificity, and active opt-in.

E-commerce checkout

☐ Yes, I'd like to receive emails from [Company Name] about new products, offers, and style guides related to [product category]. You can unsubscribe at any time.

Why this works: Names the company. Describes the content (products, offers, style guides). Specifies the channel (email). Scopes to a product category (relevant for soft opt-in "similar products" documentation). Unticked checkbox requires active opt-in.

B2B service enquiry form

☐ [Company Name] can send me occasional emails about [service type] insights, regulatory updates, and service information. I can opt out at any time.

Why this works: Names the company. Describes the content type. Specifies email. "Occasional" sets a frequency expectation. Clear opt-out mention.

Newsletter signup (standalone)

By subscribing, you agree to receive the [Newsletter Name] email from [Company Name], sent [frequency — e.g., weekly/fortnightly]. Each issue covers [topic area]. You can unsubscribe via the link in any email.

Why this works: Specific about what, who, and how often. The subscriber makes an active choice (clicking subscribe). Clear unsubscribe mechanism described.

Event registration

☐ I'd like to receive follow-up emails from [Company Name] about [event topic] and related [services/products]. [Company Name] will not share my details with other organisations.

Why this works: Separates marketing consent from event registration. Names the company. Scopes the content. Addresses the common concern about data sharing (relevant when multiple organisations are involved in an event).

Examples that fail

These are real patterns found on UK business websites. Each has a specific PECR problem.

"Subscribe to our newsletter" (no description)

☐ Subscribe to our newsletter

Problem: Does not name the company. Does not describe what the newsletter contains. Does not specify the channel. "Newsletter" is so vague it could mean anything. If the ICO asks what the subscriber consented to, the answer is effectively "something."

Pre-ticked checkbox

☑ Send me marketing emails from [Company]

Problem: The checkbox is ticked by default. Under PECR, consent must be an active, affirmative choice. A pre-ticked box means the subscriber has to take action to refuse marketing, which is not consent. The ICO has consistently found pre-ticked boxes invalid. This applies even if the subscriber could have unticked it — the default matters.

Bundled consent

☐ I agree to the Terms of Service and to receive marketing communications

Problem: Consent for marketing is bundled with acceptance of terms. Under PECR (and GDPR), these must be separate actions. A subscriber who wants to use the service must accept terms — tying marketing consent to that action means it is not freely given.

Vague third-party sharing

☐ I agree to receive communications from our carefully selected partners

Problem: Does not name the partners. PECR requires that consent identifies the sender — "selected partners" does not tell the subscriber who will contact them or what about. See third-party data and PECR consent for the full requirements.

Consent buried in privacy policy

By using this website, you agree to our Privacy Policy, which includes consent to receive marketing communications.

Problem: No active opt-in. Consent is buried in a document the subscriber is unlikely to read. "By using this website" is passive — there is no affirmative action specifically for marketing consent. The ICO does not accept implied consent through website use.

Consent wording for soft opt-in scenarios

If you are relying on the PECR soft opt-in to email existing customers, you still need opt-out wording at the point of collection. This is condition 3 of the four requirements.

Checkout opt-out (soft opt-in)

We'd like to email you about similar products from [Company Name]. If you'd rather not receive these emails, tick this box: ☐

Why this works for soft opt-in: The box is unticked — the customer does nothing and will receive marketing (the soft opt-in default). But they have a clear, simple way to refuse. This satisfies condition 3. Note: this only works within a sale or negotiation context (condition 1), for similar products (condition 2), and you must include an unsubscribe in every email (condition 4).

Enquiry form opt-out (soft opt-in)

[Company Name] may send you emails about [service category] based on your enquiry. To opt out of marketing emails, tick here: ☐

Why this works: Clear identification, scoped to similar services, and a simple opt-out mechanism. Document the enquiry as "negotiations for a sale" to satisfy condition 1.

How to check your existing wording

Step 1: Screenshot every form on your site where you collect email addresses. Include the full page context — not just the form, but the surrounding text.

Step 2: Check each form against the five requirements above (identifies company, describes marketing, specifies channel, requires active opt-in, is separate from other consents).

Step 3: Use the Consent Wording Checker to evaluate whether your text meets PECR requirements.

Step 4: Archive every version of your consent wording with the dates it was live. When you update the text, save the old version. The ICO will ask what wording a subscriber saw at the time they signed up, not what it says today. The consent records retention guide covers what to archive and for how long.

Your consent wording is the foundation of your PECR compliance. Every other record — timestamps, sources, opt-in mechanisms — depends on the subscriber having been shown adequate wording in the first place. If the wording fails, the consent fails, regardless of how meticulously you recorded everything else.