On my weekly unsubscribe binge I recently tried to opt out of General Motors marketing communications.
They have a form that requires you enter your full name, address, phone number, and email just to process an unsubscribe.
In addition, they indicate that you may need to enter the form multiple times with different variations of your name in order to be successful.
If by some miracle you succeed at opting out of marketing communications, your opt out is only honored for 10 years and does not include OnStar or GM Financial.
I have seen terrible opt-out practices before but this is probably one of the more egregious ones I’ve encountered.
I’d also be curious to hear if people think the patchwork of data privacy laws that have been going into effect across the U.S. might affect processes like this or if just having the process is enough. I know it is probably somewhat subjective.
This is them performing a deep scouring across all of their marketing databases for your information. Junk mail, phone, etc. (Letting you include multiple phone numbers is a nice touch). This is actually a pretty big deal since these systems probably don't even talk to each other.
You even have the option to "retrieve" the data on your email address.
Never in a million years would our org let us put this much effort into this without the threat of lawsuits.
An interesting hearing it from that perspective. I had not considered that this could be used across all of the systems they have in place.
To add to this, I did a quick search on archive.org and it seems like they’ve had this site in place since 2006, albeit in different variations. Perhaps that is why they have a “global” opt-out across all of their marketing databases? Something that has just always been in place.
I mean, how many companies offer to look up your mailing address and remove you from their junk mail?
I suspect in practice this search is not going to be perfect. There are so many variations that could exist on an address.
That doesn't even begin to deal with potential "ghost" sources. A database backup. An integration with a product database, etc.
I would honestly not be surprised if there wasn't a human reviewer somewhere over these requests. (At our company, all GDPR requests are STILL manually handled).
They have a form that requires you enter your full name, address, phone number, and email just to process an unsubscribe.
In addition, they indicate that you may need to enter the form multiple times with different variations of your name in order to be successful.
If by some miracle you succeed at opting out of marketing communications, your opt out is only honored for 10 years and does not include OnStar or GM Financial.
I have seen terrible opt-out practices before but this is probably one of the more egregious ones I’ve encountered.
I’d also be curious to hear if people think the patchwork of data privacy laws that have been going into effect across the U.S. might affect processes like this or if just having the process is enough. I know it is probably somewhat subjective.
This is NOT their opt out form, which is located here (a tab over): https://gmcontactpreferences.com/email-preferences.jsp
This is them performing a deep scouring across all of their marketing databases for your information. Junk mail, phone, etc. (Letting you include multiple phone numbers is a nice touch). This is actually a pretty big deal since these systems probably don't even talk to each other.
You even have the option to "retrieve" the data on your email address.
Never in a million years would our org let us put this much effort into this without the threat of lawsuits.
To add to this, I did a quick search on archive.org and it seems like they’ve had this site in place since 2006, albeit in different variations. Perhaps that is why they have a “global” opt-out across all of their marketing databases? Something that has just always been in place.
https://web.archive.org/web/20061103202329/https://gmcontact...
I suspect in practice this search is not going to be perfect. There are so many variations that could exist on an address.
That doesn't even begin to deal with potential "ghost" sources. A database backup. An integration with a product database, etc.
I would honestly not be surprised if there wasn't a human reviewer somewhere over these requests. (At our company, all GDPR requests are STILL manually handled).