Newsletter Nightmares: I was subscribed, but I never consented

A tale of knowing your digital rights & GDPR protection

Published in
4 min readNov 3, 2022


Working in the data privacy field has made me look more closely at the different terms and conditions. But sometimes, I can’t wrap my head around them.

Here’s the story of a time I took my data rights and online privacy into my own hands…or tried!

The other day I ordered a pair of jeans. In the check-out flow, I was invited to sign up for their newsletter (hey, we’ve got your email anyway). With an inbox already filling up each day, I decided to opt out. Here’s a screenshot of me opting out while making the purchase:

After completing the order, I received my order confirmation, as expected. What I wasn’t expecting arrived in my inbox five minutes later:

Apparently, I was ‘accidentally’ subscribed to their newsletter. What’s a bit odd is that they claimed to have sent this email by mistake, but somehow knew they were making the mistake.

So I emailed them back, asking what happened:

Maybe I was a bit direct, but I felt I was being fooled. Luckily customer support was kind enough to reply the same day:

Needless to say, I wasn’t satisfied with the answer. The newsletter they sent me didn’t look like a mistake. It looked more like a double fraud: First, they signed me up for a newsletter I explicitly opted out of. Secondly, they tried to make me think my email address landed on their mailing list by accident.

If you start your subscription confirmation with an ‘Oops’ then you might as well not send it, right? That’s when I started to scan the newsletter in more detail, and then I found it in the fine print!

You don’t need to subscribe to get the newsletter! Just making a purchase is enough. I understand shops want to reduce friction and make my life easier, but this is a bit too much. I wrote to Karen once more:

It was already past 6 pm, so I didn’t get a response immediately. But alas, I didn’t hear back the next day or the day after, or after that…

So what can we learn from being subscribed when you never consented?

First of all, it’s understandable for brands to come up with clever tricks to engage with their customers. Competing online is hard enough as it is, so coming up with unexpected, surprising interactions can be a good way to get attention. But keep it fair, and don’t engage in misleading practices. People don’t like to be fooled.

Aside from moral reasons, there’s also the law we all must adhere to. And negative consent (i.e. opt-out) is against GDPR regulations. In addition, information shared for a purpose, such as providing my email to complete a purchase, can only be used for that purpose unless explicit consent is given (opt-in). This means ‘made a purchase’ is not a valid reason to be subscribed to a newsletter.

Secondly, trying to force a customer into receiving your newsletter will most certainly not convince them to buy more, let alone create a trustworthy relationship.

People do like to be treated as humans, as business partners: Give them trust, and they will reward trust in return.

Last year, shoppers had nowhere to go because of the pandemic, as Daniel Nill from Tudock explained. So you might get away with a lesser experience. But in the end, customers want a nice experience, online or offline and trying to fool them is not a solid long-term strategy.

Quick tip for subscribing to newsletters

There are two easy ways to tag your email so you can always trace the newsletter back, even when your data was shared or leaked with another company.

  • Instead of:
    Use “+” in your email: myname+[newsletter]
  • Some email providers also support sub-domains:

Enjoy subscribing (or not)!




Privacy Advocate at