The thing with the additional checkbox (“I accept the Privacy Policy”) seems to be a very common misunderstanding: Several lawyers have confirmed that such a checkbox is not compulsory. The GDPR does not contain a corresponding specification. The user only has to be clearly informed about the privacy policy and especially about his right to object – in detail:
– what kind of newsletter content the recipient has to expect,
– from whom the newsletters are sent,
– how the revocation can be made (for example by specifying a contact or email).
The approval then takes place by actively filling in the email and clicking the button, and confirm again in the Double Opt-In procedure. An additional checkbox to take note of the privacy policy is not necessary.
The sign off notice (link or contact) must also be included in the email if the subscriber gets a newsletter.
Source (in German): https://drschwenke.de/birgt-your-e-mail-newsletter-ein-abmahnrisiko-schlechte-beispiele-und-gute-beispiele/
