Email marketing is a great way to reach new and existing customers, enhance your brand reputation, and create a sense of community and personalization with your users.
However, you must ensure your marketing emails are legally compliant.
Below, I walk you through the laws that impact email marketing and explain eight legal requirements you should implement with every email you send.
Laws That Impact Email Marketing
Different laws around the world impact email marketing, and they can apply to your business depending on factors like your location and where your email recipients are located.
Below, I walk you through the most significant laws from the U.S., Europe, the U.K., Australia, and Canada.
CAN-SPAM
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act is a federal U.S. law that regulates email marketing.
It gives individuals the right to tell entities to stop sending them emails and requires marketing emails to meet the following guidelines:
- Avoid false and misleading details
- Avoid misleading subject lines
- State that the message is an advertisement or promotional email
- Include a physical mailing address
- Explain how recipients can opt out of the emails
- Honor all opt-out requests
If you send marketing emails to users in the U.S., you’re subject to following CAN-SPAM.
CCPA/CPRA
The California Consumer Protection Act (CCPA), as amended by the California Privacy Rights Act (CPRA), also impacts email marketing in the U.S.
Specifically, if you send emails to consumers in California, you may be subject to following the CCPA, which requires the following:
- Inform consumers you’re collecting their data, like names or email addresses.
- Present users with an accurate, meaningful privacy policy and only use it for the purposes explained within your policy.
- Provide consumers with a way to opt out of targeted advertising and the selling or sharing of their information.
GDPR
The General Data Protection Regulation (GDPR) impacts your email marketing if you send messages to people in the European Union (EU) or European Economic Area (EEA).
It has a broad scope, impacts businesses around the world, and requires the following:
- Present consumers with a privacy notice explaining what data you collect, your legal basis for collecting it, and the rights they have over that information.
- Only collect personal information for one of five legal bases (email addresses and names are considered personal information under the GDPR).
- If consent is your legal basis, obtain active, opt-in consent before data collection begins.
- Provide consumers with a way to opt out of receiving the emails and honor their requests. If they request to have their data deleted, you must also honor this.
United Kingdom: Privacy and Electronic Communications Regulations (PECR) of 2003
In the UK, the Privacy and Electronics Communications Regulations (PECR) of 2003 impacts marketing emails.
The PECR is a group of laws that impact unsolicited marketing via phone, email, text, fax, or other communication channels.
Under these laws, businesses must obtain explicit consent from UK consumers before sending them marketing emails.
Canada’s Anti-Spam Legislation (CASL)
Canada’s Anti-Spam Legislation, or CASL, is considered one of the strictest anti-spam regulations in the world and directly impacts email marketing.
It prevents entities from sending unsolicited messages to Canadians, meaning you must obtain opt-in consent from consumers to send them marketing emails.
Penalties for violating the CASL are severe.
Businesses may be required to pay an administrative monetary penalty (AMP) of up to $10 million and up to $1 million for individuals who violate the law.
Australia: Spam Act 2003 and Spam Regulations 2021
Two main laws impact email marketing in Australia — the Spam Act 2003 and Spam Regulations 2021. These laws work together to provide rights to Australians regarding unsolicited messages.
For example, these laws require businesses to obtain explicit or implied consent from consumers before sending them any marketing emails or other forms of messaging.
You must also clearly identify your business in the email and include a method for recipients to unsubscribe from receiving future emails.
Email Marketing Legal Requirements
The specific requirements you’ll have to follow depend on the laws that apply to your business and email recipients, but I’ve outlined common ways to help you broadly achieve compliance.
Request Opt-In Consent
Before sending a marketing email to users in specific regions, especially Canada or Europe, ask them to express their consent by actively opting in.
For example, include an unticked checkbox and ask them to select it to express that they’ve read and agree to your privacy policy and to receive your marketing emails.
Doing this helps you meet the requirements of data privacy laws and gives users a choice over if and how you connect with them.
Use Accurate Subject Lines
Always use a clear and not misleading subject line when sending marketing emails. Under laws like CAN-SPAM, this is a legal requirement.
The subject line should clarify to the recipient that they are receiving a marketing email.
Never use a subject line that is blatantly different from the contents of your email, or you risk facing penalties for violating SPAM laws.
Add an Opt-Out Option
Like obtaining opt-in consent, you should also add an opt-out option at the bottom of all your marketing emails to meet requirements outlined by U.S. federal laws like CAN-SPAM.
Sometimes referred to as an email disclaimer, this can be as simple as having a notice at the footer of your email similar to the following:
- UNSUBSCRIBE
- OPT-OUT
You must also include language near the link explaining that users can click it to opt-out of receiving marketing emails from you in the future.
Know Who You’re Emailing
It’s essential you know who you are emailing; this way, you can also prove you have their consent to send the marketing materials.
It’s also essential because it can help you avoid emailing groups of audiences you do not want to target. For example, this applies if you don’t target minors under 13.
Include a Link to Your Privacy Policy
All of your marketing emails should include a link to the current version of your privacy policy; this way, the recipients can always access it.
Not only does having this link help you meet the requirements of data privacy laws like the CCPA and the GDPR, but it also helps you meet additional anti-SPAM laws.
A common place to include a privacy policy link is in the footer of your emails so it appears near your company contact information and links to any other relevant legal policies.
Safely Store Content
Ensure you store personal data securely to prevent unauthorized access and breaches.
Privacy laws like the GDPR and the CCPA hold businesses financially accountable if a data leak occurs. Under the CCPA, individuals also have the right to pursue civil action against you.
Many of your recipients have the right to ask you to access, correct, or delete their data, so be prepared to honor these requests.
State Who You Are
All of your marketing emails should clearly say who your company is and provide some kind of physical mailing address.
Several laws require this, as the recipients have a right to know who’s sending them marketing materials through their email addresses.
Honor Consumer Privacy Rights
It’s important your business can adequately respond to consumer requests to follow through on their privacy rights.
While the specific rights depend on which laws apply, typically, consumers have the right to request to:
- Access their data
- Correct their data
- Delete their data
- Limit the processing of their data
- Opt out of targeted advertising
- Opt out of the sale or sharing of their data with third parties
These requests also apply to all information collected about the user to send them marketing emails.
Ensure Third-Party Services Comply With Applicable Laws
If you rely on a third-party email verifier or platform, vet the service for legal compliance.
For example, you might use a third-party email verifier to help clean up your recipient lists by removing inactive or illegitimate emails, or a platform to help enhance your email deliverability.
Ensure you obtain proper permissions from users if you utilize one of these services, and audit them often for security or compliance gaps.
Additional Tips for Ensuring Compliance
Here are my quick tips to ensure compliance with your email marketing:
- Tip 1: Always clearly introduce your business.
- Tip 2: Include your business’s mailing address in every email.
- Tip 3: Always use accurate subject lines.
- Tip 4: Add an ‘unsubscribe’ option to the footer of all emails.
- Tip 5: Honor all requests to opt out of your marketing emails.
- Tip 6: Store emails and names safely to prevent unauthorized access.
- Tip 7: Use an email verifier as necessary to clean up recipient lists.
Summary
Email marketing is essential for survival in today’s digital economy, but you must follow all applicable laws and guidelines.
To play it safe, request opt-in consent for all your marketing emails. Avoid email lists, which can put users’ personal information at risk.
Finally, remember always to honor when a user wants to opt out of your emails or have their data deleted.
