Email Rules

Existing customers may be targeted, provided certain conditions are met.

The directive represents a change of emphasis rather than a change in the substance of data protection obligations, but has serious consequences for any business not adhering to the new email rules. The email privacy laws and regulations mean businesses need to address their responsibilities, both to ensure that their channels to market are compliant and to ensure that previously valuable customer databases are still useable for future marketing campaigns.

As well as new email marketing rules affecting all who send emails for marketing purposes, website operators also need to tighten up on how they collect and use customer data. Web operators must provide users with “clear and comprehensive information” about devices such as cookies used to collect their data, including the purpose of any processing.

Email Rules : Email Opt-in Rules:

Email opt-in rules have been slightly softened by a provision that allows companies to target customers who have bought products or services from them in the past, subject to the following provisos:

The customer’s details must have been collected in the context of a ‘sale’. On a strict interpretation, this could rule out the use of contact details or potential customers who have merely registered an interest in a service or product.
The customer must have been told about the possible use of his or her data for future marketing at the time it was collected.  This refers to the time of the initial purchase, and they must have been given the chance to object.

Email compliance regulations state that you must give the recipient an opportunity to opt-out must it must be given with each subsequent marketing message.
The customer’s details may only be used by the same entity to whom they were originally given. This has implications for transfers of customer lists between group companies and trading partners (although these restrictions already apply under the UK’s existing data protection laws).
The marketing must be for a ‘similar product’ in relation to that which the customer’s details were originally gathered.

Email Rules: Emails to businesses

Email marketing rules provide that you can email a business in the UK provided they have not opted out of receiving messages previously. You must not email sole traders or partnerships unless they have opted in to receive messages. When sending a message to a business it is a good idea to run any lists against do not email lists, and also you must comply with GDPR in terms of your processing or personal data.

Email Rules in Europe

Strong interest and the exponential growth of inboxes in Europe support the potential of email marketing. However, the market is split on how to shield users from a potentially invasive marketing mechanism. National legislators in Europe are doing their best to confuse marketers and users. Several EU countries approved specific email privacy laws and regulations to protect their citizens’ privacy online. Meanwhile the European Parliament tried to regulate part of the field at the EU level. The result is a confusing legal position across Europe.

The majority favour opt-out. Ten EU member states, including France and the UK, and the European Parliament remain happy with a simple approach to email marketing to businesses. This allows for users to opt-out if they do not want to receive marketing emails. This approach is similar to the one adopted in the US.

Email Rules: GDPR – General Data Protection Regulation

The information above concerns permission. The question posed is has the recipient of the email message given explicit permission for their email data to be used, and whether indeed this is required. The GDPR is a piece of European wide legislation that is often confused in its understanding. Whilst it does address permission it is primarily concerned with the processing of personal data. The legal basis for processing personal data is also confirmed. Direct Marketers can use either Legitimate Interest or Consent under Recital 47 of the GDPR. This is very important as GDPR email compliance is paramount. GDPR explicitly permits email marketing when you process the data correctly. PECR outlines the permissions.

GDPR email marketing is permitted. GDPR sits alongside PECR, and does not supersede it. You can operate within PECR and GDPR at the same time. Please contact us if you need any further assistance with understanding the distinction between the two regulations.

Email Legislation in the USA : CAN SPAM

The legislation in the USA is far more relaxed that that in Europe or Canada. In the US however you still must adhere to certain standards in order for an commercial electronic message to be legal. Firstly, it must be made clear who the message is coming from. Secondly, the subject line should not be in any way misleading. Recipients must be given a clear and unambiguous opportunity to remove themselves from the list. Emailers must adhere to this request. Also, it must be made plain that the message is a promotional message. For more information on CAN SPAM please visit our US website CAN SPAM explanation.