← Back to blog

Trust Tax: privacy sins in your forms that drive customers away

10 min
Thumbnail

Imagine you're returning a faulty product to a store. You're annoyed. You approach the service desk, and the employee, while accepting your complaint, asks, "Great, and while you're here, would you like to sign up for our newsletter to receive information about weekend promotions?". The question is out of place and shows that the company is thinking more about its mailing list than solving your problem.

And yet, this is exactly how companies behave in online forms, asking for data and consents that are inadequate for the purpose for which the customer is filling out the form.

FormDIG statistics show that forms containing clauses that violate a sense of privacy are abandoned 7% more often. In an era of growing data protection awareness (and GDPR), users are increasingly sensitive to why we ask for their information.

Here are the 5 most common examples of how companies misuse their customers' trust.

1. Marketing Consent in a Complaint Form, aka "Adding Fuel to the Fire"

  • Scenario: A customer is upset because a product isn't working. They fill out a complaint form, describing their problem. At the very end, just above the "Submit" button, they see a mandatory checkbox: "I agree to receive commercial information electronically."
  • Why it's a problem: The customer is in a negative emotional state; their trust in your brand has already been shaken. Asking for their marketing consent at this moment is not only tactless but downright insulting.

ProTIP: Separate the processes. A complaint form should serve the sole purpose of solving the customer's problem. If you want to obtain marketing consent, do it at a completely different time. For example, after the complaint has been successfully resolved.

2. Everything in One Bag, aka "Agree or Goodbye"

  • Scenario: To download an e-book, a user must check a single box with the text: "I accept the terms of service and agree to receive marketing information by email and phone." There is no other choice.
  • Why it's a problem: This is a form of coercion. The user is faced with an "all or nothing" choice. Such a practice is inconsistent with the principles of voluntary and granular consent under GDPR. Moreover, the quality of leads acquired this way is negligible. Most will unsubscribe at the first opportunity or mark the messages as spam, damaging your sender reputation.

ProTIP: Unbundle your consents. Create separate, optional checkboxes for each action: one for the terms of service (mandatory), a second for the newsletter, and a third for phone contact. Respect the customer's choice. This way, you'll build a database of people who are genuinely interested in your communication, not those who were forced into it.

3. No Link to the Privacy Policy, aka "Trust Us, Take Our Word for It"

  • Scenario: A user is filling out a contact form. They want to know how their data will be processed, but there is no link to the Privacy Policy next to the consent checkbox.
  • Why it's a problem: This is a red flag. For a conscious user, it's equivalent to saying, "we're either amateurs or we have something to hide."

ProTIP: The link to the privacy policy must always be easily accessible, especially where you collect data. Place it directly next to the consent clause.

ProTIP: Clearly state what you will use the data for, e.g., "I consent to be contacted by email for the purpose of receiving an offer." This is an understandable message that leaves no doubt about what the user can expect after submitting the form.

4. Consent Written in Gibberish, aka "Sign It, Don't Ask Questions"

  • Scenario: A user wants to sign up for a webinar. At the end of the form, there is a consent field with a wall of text next to it: "I hereby declare that I give my voluntary consent for the processing of my personal data by the Administrator for marketing purposes, including automated profiling to present a personalized commercial offer, in accordance with Art. 6 sec. 1 lit. a of the GDPR, and for the assignment of this data to third parties who are partners of the Administrator."
  • Why it's a problem: This is the antithesis of transparency. Using complicated, legalistic language has one goal: to discourage the user from reading it and make them check the box mechanically. Instead of building a relationship based on trust, you're building a wall of legal clauses.

ProTIP: Write like a human, for a human. Instead of legal jargon, use simple, unambiguous language like, "I want to receive emails with offers tailored to my interests." Want to be a pro? Include a link with information on "how we do it in practice."

5. Sharing Data with Partners

  • Scenario: A customer wants to download a free guide. The sign-up form includes a pre-checked box: "I agree to the sharing of my data with the company's trusted partners for marketing purposes."
  • Why it's a problem: This raises justified suspicions. Who are these partners? Will my inbox be flooded with spam? At this moment, your company looks like it's trading its customers' data.

ProTIP: Transparency and voluntary consent are fundamental. If the process requires sharing data with a partner (e.g., for a joint webinar or service), clearly indicate who the partner is and for what purpose they will receive the data. Write: "I agree to the transfer of my email address to the XYZ company, which is the co-organizer of this training, for the one-time purpose of sending additional materials."

ProTIP: Let's be blunt: for critical processes (contacting the company, sales, a request for an offer), do not make submitting the form conditional on consent to share data with third parties.

Treat the customer as a conscious partner, not a data source.

The days of thoughtlessly collecting data are gone for good. Growing awareness and GDPR regulations have made privacy a key element in building digital relationships. Customers today are more educated and sensitive to how their information is treated.

Every field and every clause in your form should be an invitation to transparent cooperation, not an attempt to outsmart the user. Write like a human, for a human!

Before you ask for any data, ask yourself: "Is this absolutely necessary to achieve the customer's goal, and am I asking for it in a way that I would accept myself?". If you have any doubts, it's a sign that your customers will definitely have them.

A company that respects privacy doesn't just avoid a 7% loss in conversions. That company invests in a loyal customer base that will stay with it for years because they know they are treated fairly and with respect.

Your forms and GDPR. Is everything in order? Let's check it together! I'm waiting for your message at contact@formdig.com

Have a great day,

Marcin Przybyla

Back to blog

Suggested articles

Check our latest articles to learn more about form monitoring and ways to improve their performance.