What is the charity soft opt-in?
Under the UK’s Privacy and Electronic Communications RegulationsPECR is the UK implementation of the ePrivacy Directive (Directive 2002/58/EC) providing certain rules on marketing, cookies, communication services security and customer privacy (in relation to traffic/location data, billing, line identification and caller directories). (PECR), organisations require an individual’s consentAn unambiguous, informed and freely given indication by an individual agreeing to their personal data being processed. before sending electronic marketing communications, unless a specific exemption applies.
Section 114 of the Data Use and Access Act (DUAA) introduced a new exemption for charities, known as the ‘charity soft opt-in’. It allows charities to send certain electronic marketing communications, such as fundraising emails and text messages, without obtaining explicit consent.
To rely on the exemption, charities must meet the following conditions:
- Only organisations that meet the legal definition of ‘charity’ under the Charities Act can rely on the exemption (or Scottish/Northan Irish equivalent)
- Contact details must have been collected on or after 5 February 2026
- The individual must have expressed an interest in, or offered support to, the charity’s charitable purposes
- The contact details must have been collected directly by the charity (third-party marketing lists do not qualify)
- A simple notice and opt-out must be provided when the contact details are collected, with an unsubscribe option in every subsequent communication
- The sole purpose of each communication must be to further the charity’s charitable purposes
The exemption came into force on 5 February 2026 but cannot be applied retrospectively. This means charities cannot rely on the soft opt-in for contact details collected before that date.
Whilst the charity soft opt-in creates a new way for charities to communicate with supporters, it is not a blanket permission to send marketing communications. Charities must ensure all conditions are met and continue to comply with their wider data protection obligations.