This article highlights some of the key features of the law governing the use of email for marketing purposes. It considers only the position under English law. Although much of the UK legislation relating to email marketing is EU-inspired, the laws across the EU are not properly harmonized. The position under US law is also quite different from the position under English law.
English law does not have a core conception of a marketing email. Different sets of rules regulate different kinds of email.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 (the "Privacy Regulations"), the most important piece of legislation in this field, regulate the transmission of "communications for the purposes of direct marketing by means of electronic mail". The courts can be expected to place a broad interpretation upon these words. However, the key provisions on email marketing apply only to "unsolicited" communications to "individual subscribers".
The Data Protection Act 1998 regulates emails which contain personal data (e.g. individuals' names - email@example.com).
Voluntary codes (such as the Direct Marketing Association's Code of Practice) and the contractual terms of hosting companies tend to cover a wide range of communications. Some hosting terms, for example, cover all unsolicited commercial emails.
Emails sent to corporate subscribers which do not contain any personal information (e.g. firstname.lastname@example.org) are not specifically regulated under English law - save that the emails must contain certain information (see below).
"Corporate subscribers" in this context includes limited companies, PLCs and LLPs; it does not include sole traders or general partnerships.
In all other cases, unsolicited emails sent for direct marketing purposes will be unlawful unless the recipient has in some way consented to receive the email.
Opt-outs, opt-ins and soft opt-ins are three different ways of obtaining consent to send marketing emails.
There is a good deal of confusion about what kind of consent is required for sending marketing emails.
The position under the Data Protection Act 1998 is that opt-out (or similar) consent is generally thought to be sufficient in the case of marketing emails involving non-sensitive personal data. However, express or opt-in consent would be required for any direct marketing communications which involve the processing of sensitive personal data, such as data relating to ethnicity, politics or medical conditions.
Opt-in or equivalent consent is required under the Privacy Regulations for marketing emails sent to individual subscribers, unless the soft opt-in provisions apply (see above). (NB the Privacy Regulations do not use the terms "opt-in" and "opt-out".)
You should also check the requirements of your email service provider's terms and conditions. These often required a more stringent standard of consent than the general law.
You must comply with each applicable rule set.
If you are collecting contact information which includes or may include personal data, certain information must be notified to the data subject:
The information should in general be given to data subjects or made readily available to them at the point of collection.
The most common way to meet these requirements in the website context is through the use of fair processing notices and privacy policies.
Regulation 23 of the Privacy Regulations says:
"A person shall neither transmit, nor instigate the transmission of, a communication for the purposes of direct marketing by means of electronic mail - (a) where the identity of the person on whose behalf the communication has been sent has been disguised or concealed; (b) where a valid address to which the recipient of the communication may send a request that such communications cease has not been provided; (c) where that electronic mail would contravene regulation 7 of the Electronic Commerce (EC Directive) Regulations 2002(1); or (d) where that electronic mail encourages recipients to visit websites which contravene that regulation".
Regulation 7 of the Electronic Commerce Regulations says:
"A service provider shall ensure that any commercial communication provided by him and which constitutes or forms part of an information society service shall— (a) be clearly identifiable as a commercial communication; (b) clearly identify the person on whose behalf the commercial communication is made; (c) clearly identify as such any promotional offer (including any discount, premium or gift) and ensure that any conditions which must be met to qualify for it are easily accessible, and presented clearly and unambiguously; and (d) clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously."
In addition, the Companies Act requires all business emails sent by a corporation to include the following information:
Under the Data Protection Act 1998, individuals may object at any time to the processing of their personal data for the purposes of direct marketing. Similarly, the Privacy Regulations have the effect of prohibiting the sending of marketing emails to individual subscribers who have notified the sender that they do not wish to receive such emails.
The Information Commissioner has stated that, notwithstanding the legal requirements, good practice requires that marketers follow the guidelines set out below.
There is nothing in the legislation which expressly prohibits the purchasing of email lists. However, if you are thinking of using such a list, you should only purchase it from a reputable company and you should ask for a warranty that the list has been lawfully collected and may be used as intended. Even then, you should think twice.
The terms of service of most ISPs and email marketing service providers prohibit spamming. However, different sets of terms will define spam in different ways. If you are considering sending unsolicited commercial emails, you should ensure that you do not breach the terms of your contract with your ISP or email marketing service provider.
This is an adapted version of an article originally published on www.website-law.co.uk in March 2007.
Copyright © 2007-2017 SEQ Legal LLP.