Opt In vs Opt Out: What Does it Mean for the GDPR?