The regulation is quite clear that silence is not consent. What courts determine could very well be another matter, especially with tricky “soft consent” e-mails and international transactions. What complicates this is when a company sends around an e-mail and they already have obtained consent in the past. Or have they? 
One example being criticized is Tumblr’s GDPR messaging, with dozens of boxes that had to be clicked individually.
