Is your company collecting “freely given, specific, informed, and unambiguous.” data (such as email addresses, cookies, etc) on citizens. Do you have a checkbox -- without a default “x” in it -- accompanied by clear language about what it will be doing with these email addresses?