We are the change

Email marketing: is what you’re doing legal?

Is your email marketing legal?

Email marketing can be one of the most valuable forms of communication with your existing and potential customers. But is what you are doing legal?

Firstly, you have to ask yourself:

Is your email an unsolicited direct marketing electronic mail?

Under the relevant regulations, electronic mail is any electronic message that consists of text, voice, sound or images – ie, email, text, picture, video, voicemail and answer phone messages.

Direct marketing is defined as a message that is trying to sell goods or services, or is promoting the values or beliefs of a particular organisation.

Unsolicited marketing is marketing that has not been specifically asked for.

If you want to use email to carry out “unsolicited direct marketing” by email, you need to comply with the rules in the Privacy and Electronic Communications Regulations and with the Data Protection Act 1998.

Are unsolicited direct marketing emails illegal?

Well, it depends…

The applicable regulations distinguish between an individual subscriber (eg amandasmith@hotmail.com) and a corporate subscriber (eg amandasmith@123ltd.com). However, note that sole traders and individuals in partnerships are regarded as individual subscribers even if you are emailing them in their business capacity.

You can only carry out unsolicited direct marketing by email to individual subscribers if:

  1. the individual you are sending the message to has given you their permission (known as an Opt In); OR
  2. you obtained his or her email details during the course of a sale (or negotiations towards the sale) and the email is relating to similar products or services that were the subject of such sale AND you give such individual subscriber the right to opt out of further emails (known as the “Soft Opt In”).

You do not need to get prior consent from a corporate subscriber but marketing emails to corporate subscribers should still identify you as the sender and provide a geographical address (see below).

Information to be provided before consent is given

If you are collecting contact details which include personal data (which could include the name of an individual in a corporate email address, such as amanda.smith@123ltd.com), certain information must be notified to the individual:

  • your identity; and
  • the purpose(s) for which you are processing the individual’s data (eg to send them marketing email about products or services that they may be interested in); and
  • any further information which is necessary to make the processing of that individual’s data fair – ie be open and honest with individuals about how you are going to use their personal data.

This information should be given to the individuals or made readily available to them (for example in a link on your website) at the point of collection.

The best way to meet these requirements is through a privacy policy. The next article from Suzanne will cover privacy policies and will also provide you with a free template privacy policy (usual price £50) to use on your website so look out for that…

Information to be provided in all marketing emails

All marketing emails (even those where no personal data is used such as admin@123ltd.com) must clearly display your identity and your address and if you are registered as a company, you must also include the:

  • company registration number;
  • place of registration; and
  • registered office address.

What is good practice?

The Information Commissioner (the chap responsible for data protection matters like this) has stated that, notwithstanding the legal requirements, good practice requires that marketers follow the guidelines set out below.

  • Try to go for opt-in-based marketing as much as possible.
  • Provide a statement of use when you collect details (typically via a privacy policy).
  • Make sure you clearly explain what individuals’ details will be used for.
  • Do not have consent boxes already ticked.
  • Provide a simple and quick method for customers to opt out of marketing messages at no cost other than that of sending the message.
  • Promptly comply with opt-out requests from everyone, not just those from individuals.
  • Have a system in place to deal with complaints about unwanted marketing.
  • When you receive an opt-out request, suppress the individual or company details rather than deleting them so that you have a record of who not to contact.

What’s the sanction if you get it wrong?

In theory, the Information Commissioner has the right to fine you up to £500,000 for any illegal email marketing. In practice, high fines are only likely to be levied on the most serious offenders. However you should be aware that if a recipient of an email notices that there is no unsubscribe option or is aggrieved at being included on your list in the first place, he may report you to the Information Commissioner who may then investigate you and audit your business records – something that not many small businesses would relish.

Most email solutions (such as Mailchimp) prompt an opt in regardless of whether someone is an individual or corporate subscriber and some even have the double opt in requirement where an email is sent to the email address asking them to confirm that they do in fact want to be added to your list. So you may in fact already be doing much more than the law requires… But if not, watch out!

Copyright Suzanne Dibble 2013

The information contained above is based on English law only and is provided for information purposes only and is not intended to amount to advice on which reliance should be placed. Suzanne disclaims all liability and responsibility arising from any reliance placed on such information. Professional advice should be obtained before taking or refraining from taking any action as a result of the above contents.

Leave A Reply

Your email address will not be published.

  1. Alyson Reay says

    If someone has already been emailed from a list that may not have had specific opt-in (eg was made up of data harvested from business cards given to the emailer) and they have had the option to opt-out in the email received, but have not opted out, have they then by default given appropriate consent? Sorry, that was such a long explanatory question!

    1. Suzanne Dibble says

      Hi Alyson

      The first and any subsequent emails to individual subscribers (as opposed to corporate subscribers) would be outside of the Regulations unless you had happened to ask the person giving their business card whether they were happy for you to add them to your email list. The soft opt in where you can email individual subscribers without their consent as long as you give them the right to unsubscribe can only be used where you have obtained the email address during the course of a sale or negotiations towards the sale and you are emailing them about similar products or services.


  2. Alyson Reay says

    Thanks Suzanne, your explanation is very clear and helpful. I have received conflicting advice on this in the past, but I appreciate you taking the time to clarify.