Email Marketing Legal Requirements

There are laws and regulations behind the practice of email marketing, mainly the Privacy and Electronic Communications Regulations 2003 (PEC Regulations 2003) and the Data Protection Act 1998. It is worth taking the time to read each of these acts and regulations in order to fully understand your legal obligations in regard to sending electronic mail communications.

I have compiled a summary of the main points below but this is in no way a comprehensive list and I do advise reading the above acts and regulations fully. There is a summarised version of the PEC Regulations 2003 which you can find here: Privacy Regulations 2003 The Guide

Do note that I take no responsibility or liability should any of these points be incorrect or change over time. At time of publication I believe to my best knowledge these points to be correct.

  1. You cannot fake sender information
    Just like the spammers do when they send us emails from "Barclays Bank" or "HSBC" which are obviously not from the actual banks themselves.
  2. You must clearly provide an opt-out process
    You must provide an opt-out process or address for recipients to easily unsubscribe from future email messages.
  3. Individual subscribers & corporate subscribers are different
    An individual person, a sole trader or unincorporated partnerships are defined as individual subscribers. Limited and private limited companies are seen as corporate subscribers, though schools, hospitals, government dept's, agencies and public bodies can also be included. This is mainly email address that start with info@, admin@, mail@, sales@, helpdesk@. However jobloggs@limitedcompany.co.uk is seen as an individual. See next point for why this matters.

  4. Obtain an individuals explicit consent
    You need an individuals explicitly consent to send them email marketing messages, ideally on a double opt-in basis. A double opt-in basis is where the user subscribes to a mailing list and then receives a second email to confirm if they are still happy to subscribe. This helps prevent fake subscriptions and protects the user.
  5. Provide opt-out for corporate's
    You can send marketing messages to corporate addresses providing you supply a clear opt-out process or address for the corporate recipient to unsubscribe. This is called a soft opt-in process, also informally called 'cold email' like 'cold calling'.
    Note jobloggs@limitedcompany.co.uk is not seen as an individual subscriber and therefore cannot be sent messages like other corporate subscribers HOWEVER there is an exception if the email message content is work related. i.e. if jobloggs is the office stationary manager and your emails contain office stationary products you should be ok, but if your advertising family holidays this would not be allowed.
  6. Include Ltd company information
    If your a limited or private limited company in England and Wales you need to include the following information in your email marketing messages; Company name, registration number, place of registration and registered office address.
  7. You can send to past customers & enquirers but only if...
    You can send marketing messages to past customers who have purchased from you or people who have enquired about the purchase of goods / services from you but never completed a sale AS LONG AS the individual was given the opportunity to withdraw consent when their details were first processed AND they have not previously withdraw consent to receive such communications AND that the products / services you market to them are similar to those they first purchased or enquired about.
  8. Comply with the data protection act
    You must keep stored information about your customers / subscribers secure and only collect information that you need for a specific purpose, ensure it is always relevant and up to date, only hold as much as you need and only for as long as you need it.
  9. Don't disclose other subscriber information
    If you store subscriber information you must not disclose it to other subscribers. This is often done by mistake when multiple email addresses are added to the 'To:' or 'CC:' field in email programs.
  10. Allow access to stored personal details upon request
    An individual who's details you store can legally ask for a 'subject access request' under the data protection act 1998. Here is how to deal with a subject access request.
  11. Purchased subscribers list can be used BUT...
    You can purchase email subscribers lists and you are allowed to use them. But you must be clear and confident that all subscribers on that list have given consent to receive third party email marketing messages AND that they gave consent to receive marketing material about the products / services you intend to promote. Do note that while some companies offer legitimate email lists for purchase, some do not and will tell you anything to make the sale. So be cautious.
  12. Process opt-out request
    When you receive an opt-out request it's advisable to process it quickly. Ideally use an automated system that does this for you.
  13. Supplying your list to third parties
    If you intend to supply your email subscriber list to third parties you will need to obtain consent from every subscriber before doing so. You will have to satisfy individuals that you clearly explained from the outset that their details may be used by third parties.
  14. Third parties within your email marketing message
    If you plan to feature a third party within your email marketing campaign messages you will have had to of made it clear to subscribers from the outset that there is the possibility that third parties may appear in your email marketing messages and what products / services those third parties may feature.
  15. Don't link to viruses or spyware
    You cannot feature links within your email marketing message that link to viruses or spyware applications from external website's.
  16. Competition generated subscriptions
    Any subscriptions generated through a competition entry process must clearly state that the subscriber consents to having future email marketing messages sent to them. You cannot just run a prize draw of email addresses and then use those addresses to send marketing messages to if you did not clearly state future messages would follow.

Author: Jamie King
Dated: January 1st 2013

< Back to Marketing Advice