Legal Requirements For Email Marketing

Legal Requirements For Email Marketing

If you engage in email marketing, you need to be aware of some legal requirements such as having and displaying a Privacy Policy.

This article will describe the legal requirements that apply to email marketing throughout the global market and how to comply with those regulations when executing your email marketing campaigns.

Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:

  1. Click on "Start creating your Privacy Policy" on our website.
  2. Select the platforms where your Privacy Policy will be used and go to the next step.
  3. PrivacyPolicies.com: Privacy Policy Generator - Select platforms - Step 1

  4. Add information about your business: your website and/or app.
  5. PrivacyPolicies.com: Privacy Policy Generator - Add your business info - Step 2

  6. Select the country:
  7. PrivacyPolicies.com: Privacy Policy Generator - Add your business info - Step 2

  8. Answer the questions from our wizard relating to what type of information you collect from your users.
  9. PrivacyPolicies.com: Privacy Policy Generator - Answer questions from our wizard - Step 3

  10. Enter your email address where you'd like your Privacy Policy sent and click "Generate".

    PrivacyPolicies.com: Privacy Policy Generator - Enter your email address - Step 4

    And you're done! Now you can copy or link to your hosted Privacy Policy.



Laws that Affect Email Marketing

The wild popularity and longevity of electronic marketing has led to plenty of complaints and lawsuits that, in turn, led to the enactment of email marketing regulations in almost every corner of the world.

Below we'll briefly discuss the most common privacy laws that apply to marketing communications, who they pertain to, and what each entails and requires.

The General Data Protection Regulation (GDPR)

It's not surprising that the most extensive privacy regulation in history would include stipulations concerning direct marketing communications. Although the GDPR is a European initiative, it applies to (and will be enforced upon) any business that collects personal information from EU residents.

If your marketing database contains any European email addresses, this regulation will apply to you, no matter where your company is based. This is what the GDPR has to say about email marketing:

  • Consumers must provide valid consent to receive marketing messages
  • That consent must be given through a clear, affirmative action, never implied or assumed. This means that consent checkboxes in webforms may not be pre-ticked.
  • Companies that send marketing communications must keep clear records of each user's verified consent
  • Customers may only be contacted in regard to marketing the service or products they consented to
  • Revoking direct marketing consent must be as easy and accessible as giving consent

Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM)

CAN-SPAM is one of the longest-running email marketing regulations in the world. Its laws were released in 2003 after years of email spam and unsolicited pornography filled inboxes the world over.

CAN-SPAM applies to U.S.-based businesses sending marketing emails to US residents.

Here are its requirements:

  • Do not use deceptive email addresses, names, domain names or subject lines to mislead the recipient. Be truthful and honest.
  • If sending an email to an individual who has not given prior consent to receive marketing communications from your company, you must identify the message as an ad
  • If the message contains adult content or explicit imagery, this must be specified clearly in the subject line of the email
  • Include a physical street address within the content of all marketing emails
  • Provide consumers with a conspicuous and straightforward way to unsubscribe from marketing emails. Fulfill unsubscribe requests within 10 days.

Canada Anti-Spam Legislation (CASL)

This regulation does not apply solely to Canadian businesses. Any company that sends marketing communications to Canadian residents will be subject to CASL. These are its basic tenets:

  • You must have consent, either express or implied, from an individual before sending them promotional emails
  • Consent forms must be plainspoken and include both identification and contact information for the business
  • Consent forms must disclose that users may revoke consent if they wish
  • Records of consent must be kept for all Canadian residents
  • Marketing emails must include the name of the company, contact information, and instructions to unsubscribe

How to Comply with Email Marketing Laws

How to Comply with Email Marketing Laws

Many requirements overlap between one governing body and another, so we've put together a step-by-step guide that explains how to satisfy all of the requirements outlined above.

Since the internet is a global marketplace, it can be difficult to pinpoint exactly where the contacts on your marketing list physically reside. For this reason, most companies choose to satisfy all of the above regulations in order to avoid potential lawsuits or legal allegations.

Both the GDPR and CASL require a business to obtain and store records of consumer consent before sending marketing messages. Here are some measures to follow to ensure that your consent mechanisms are considered valid.

Don't pre-tick consent checkboxes. The user should perform a clear, affirmative action in order to provide consent.

Here is an example of an unticked checkbox for email marketing consent from Which UK:

Which UK email sign-up form

Be clear and honest about what the user is signing up for, as Sainsbury's has done here:

Sainsburys Communications Preferences consent form

Open, straightforward language is important here. Marketing consent will not be considered valid if it is confusing, or if it is bundled in with user membership or other types of consent. Make the consent opt-in as specific, simple, and direct as possible.

Keep records of user consent. Obtaining valid consent will have no legal value if you don't keep records of it. Store consent records for each customer in an accessible manner where they can be easily called up if needed. It is also important to keep organized records of all those individuals who have unsubscribed from your email list to make sure they are not accidentally added back in.

Especially for customers in Canada and Europe, it is imperative to maintain records of valid consent. If your previous email collection methods did not record consumer consent, a repermission campaign will be in order.

Repermission campaigns consist of emails sent to each customer to confirm their consent to receive marketing communications. Here's an example of a repermission email from SuperOffice:

SuperOffice repermission for consent email

Note that SuperOffice is transparent about the type of emails that the customer can expect and the fact that users may unsubscribe at any time.

The most important takeaway is that if the consumer does not actively click the button to opt-in, they must be deleted from the mailing list. In this way, your business records the valid consent of each customer that confirms their subscription while also avoiding potential privacy complaints from individuals who haven't provided valid consent.

3. Display Proper Contact Details

Include your business street address and an additional contact method within the email signup form.

Here's how Canada Goose has done it:

Canada Goose email subscribe and consent form

Always list the name and physical address of your company within the content of any promotional emails you send, as demonstrated in the footer section of this email from Zazzle:

Screenshot of Zazzle email footer

4. Keep the Communication Honest, Straightforward and Clear

Don't use a fake or misleading email address, name, or domain name. For instance, the following email is from the domain name getourfinancedeal.com, yet the company name appears as "Order-Cancelled" and the subject line is both misleading and fictitious. This is an example of what not to do:

Screenshot of Getyourfinancedeal spam email header

Instead, make sure your marketing communications are plainspoken and truthful in order to avoid infringement of multiple spam laws.

CAN-SPAM also requires that any email containing explicit or sexual content include a notice in the subject line, like so:

Screenshot of X Club spam email header

5. Opting-out Should be Simple, Easy and Accessible

Remind users that they have the right to unsubscribe when they first sign up to receive marketing communications.

Here's how National Geographic does it:

National Geographic email sign-up form

Make sure to include a conspicuous unsubscribe link in every marketing email.

Shein's promotional emails include this unsubscribe link at the bottom, which automatically opts the user out of marketing emails upon clicking:

Screenshot of Shein email footer

Remember that the method to opt-out should be as easy as the method for signing up. If your email newsletter signup form is a one-click process, so should the unsubscribe process be equally as simple.

More Best Practices for Marketing Communications

More Best Practices for Marketing Communications

The above guidelines will fulfill the minimum requirements necessary to comply with the laws that regulate email marketing. Nevertheless, there are additional steps you can take to prevent privacy complaints and improve the quality of your contact lists.

Use Double Opt-in Procedures

Double opt-in describes the email signup method that requires users to take a second step to confirm their consent to receive marketing emails by clicking a confirmation link sent to their inbox. This method prevents users from signing up by accident or using false email addresses to sign other people up without permission.

NextDraft illustrates this process with a simple confirmation email that requires the user to click to confirm their consent:

Screenshot of NextDraft email subscription confirmation and consent email

Once this second step is complete, the user will be subscribed to the marketing email list. The method requires very little effort on the part of the consumer but can easily prevent spam reports or privacy complaints about your business.

Not only will broken links and poorly coded emails result in higher unsubscribe rates, but these preventable mishaps are just plain irritating to consumers. Test your marketing emails thoroughly before sending them and, most importantly, make sure unsubscribe links are functioning and up-to-date.

Don't Be Spammy

Avoid sending repetitive emails too frequently. Make each email count by incorporating interesting content that resonates with the interests of your brand and your customers. The same goes with subject lines. Gimmicky subject lines and cliche sales phrases will result in lower open rates and more unsubscribes.

Now you have the rundown on building lawful, effective email marketing campaigns that will retain the loyalty of your customers while satisfying the many requirements of international spam laws.