Guide to Regulations

What Are The Rules Regarding Email Marketing?

The Privacy and Electronic Communications Regulations were introduced in December 2003 as part of a European Directive.

As well as setting out various rules regarding direct marketing by telephone and fax, these established the requirement for individuals to provide “opt-in” consent to receive marketing email.

What Is Meant By “Opt-In”?

The default requirement is that unsolicited direct marketing email must only be sent to an individual recipient who has previously notified the sender that they consent to the email being sent and that certain information about the sender, whose identity must be clear, has been provided to the recipient.

This means that recipients must “opt-in”. In other words they must actively sign up for something and where they know what they are signing up to.  There may be a number of ways to indicate consent. For example, where you tick a box as a positive indication that you agree to receive marketing or where it is made clear to you that providing your email address means you agree to receiving marketing.

There is an exception to the “opt-in” requirement where there is an existing customer relationship with recipients, in which case a marketer may continue to market their own similar products and services to them on an “opt-out” basis. For the exception to apply the following is required:

  • a direct relationship must exist with the recipient arising from a previous sale or negotiations for a sale of a product or service to that recipient;
  • the intended marketing is only for that businesses own similar products or services; and
  • the recipient has been given a valid, simple way to “opt-out” at the point their details were collected and at each time they are subsequently used. This has to be free of charge except for the costs of transmission

The definition of “opt-out” is where you are told that you will get marketing emails unless you say you don’t want them.  Organisations can collect only your email address on an “opt-out” basis if they can satisfy the exemption criteria. The regulator makes a clear distinction between “opt-in” and “opt-out” by highlighting that in their view “failing to opt-out when given the chance is not the same as giving consent”.

What About Marketing To Other Companies?

Although the strict “opt-in” rules only cover individuals and not limited companies, there is also a general rule that it is not permitted to send any marketing email to anyone, whether corporate or individual, where:

  • the identity of the person on whose behalf the e-mail has been sent has been disguised or concealed; or
  • a valid address to which the recipient may send a request for such e-mails to stop has not been provided.

Who Enforces The Regulations?

The Information Commissioner is responsible for enforcing the regulations and can issue enforcement notices against individuals or companies requiring compliance.

A breach of an enforcement notice is a criminal offence and anyone who suffers loss or damage by reason of your breach of the Regulations can sue for compensation through the courts. At the very least, any reputable businesses should be concerned about the potential damage to their brand and reputation that would arise out of a breach of the regulations.

Who Is Responsible For Compliance?

Businesses wishing to send marketing messages by email are responsible for ensuring any database they use meets the requirements and that they have appropriate consent from all individuals on the list. Even when using a third party to deliver the emails on your behalf, it is the responsibility of the sender (in other words who the email is indicated as being ‘from’) to ensure compliance with the regulations.