Email Marketing and anti-spam law

Category: Email Marketing

Monday November 9th, 2015

This blog is for guidance only and does not constitute legal advice which should be only sought from your solicitor.

Understanding anti-spam law

Anti-spam law restricts the sending of unsolicited marketing emails or ‘spam’ to individual subscribers. Unsolicited emails can still be sent to corporate subscribers if they are relevant to their work.

The Information Commissioner enforces Anti-spam law Information Commissioner and any breach made can lead to a fine currently of up to £5,000.

Civil liability also applies to anyone who suffers damage as a result of the breach. The rules are in the Privacy and Electronic Communications (EC Directive) Regulations.

‘Solicited’ and ‘unsolicited’ are not defined terms, but solicited emails are probably emails that recipients specifically ask you to send them. A recipient can solicit an email from you via a third party such as a reseller or another company within the same group as yours. An unsolicited email is any other email.

A ‘marketing’ email is not defined by the law either, but must include any email promoting your goods and services. For not-for-profit bodies like charities it includes promotion of your ideals.


The rules for CORPORATE subscribers

Emailing a corporate subscriber is permitted if the email is work-related (e.g. promoting office furniture to a facilities manager) but NOT if it is personal (e.g. promoting family holidays to the sales team at a recruitment company).


The rules for INDIVIDUAL subscribers

Individuals who specifically consent (‘opt-in’) to receiving emails

You can send direct marketing emails to individual subscribers if they have ‘previously notified the sender’ of their specific consent (i.e. they have ‘opted in’) to receiving such emails from you.

Specific consent requires some positive action by the subscriber. They must tick an opt-in box or entering their email address, for example.

Opt-in is temporary

If an individual subscriber does opt-in, his or her consent is only given ‘for the time being’. You are entitled to assume the individual’s consent remains valid until there is a good reason for you to consider otherwise.

Third party advertising consent

If you are going to let third parties advertise in your emails, you should obtain the consent of any individual subscribers on your emailing list before you do so. Without it, your emails might be construed as unsolicited direct marketing emails from your advertisers to your subscribers.

‘Opt-in’ and bought-in lists

Opt-in has to be previously notified to ‘the sender’ of direct marketing emails. If this means consent must be given to you directly, then addresses on any list compiled by a third party after December 2003, cannot be an ‘opted in’ list for your purposes.

Guidance from the Information Commissioner envisages that a consent can be collected from an individual by a third party on your behalf, provided the third party makes it clear to the individual that it is proposing to pass his or her details to businesses offering the sort of products and services you offer. For example, if you offer birdwatching holidays, a third party can ask an individual for consent as follows:

“We would like to pass your details on to specially selected third parties so that they can send you more information about birdwatching holiday specialists. Do you agree to this?”

A positive response, according to the guidance, means ‘it is likely’ the third party can pass those details to you and you can send direct marketing emails to those contacts to promote your holidays. It does not matter that the individual has never heard of you previously.

‘Soft’ opt-in
There are circumstances in which you can treat an individual subscriber as having consented to receiving emails from you, even though they haven’t specifically done so. This is called ‘soft’ opt-in. You can send direct marketing emails to individual subscribers under the soft opt-in rules if:

  1. Their email address was obtained by you in ‘the course of the sale or negotiations for the sale of a product or service’  (e.g. if the individual is already a customer or has entered into negotiations with you with a view to a sale or has registered an interest in a product and allowed their email address to be recorded for future marketing use).
  2. The direct marketing is in respect of your ‘similar products and services only’  For example, if you are a hotelier, guests would reasonably expect you to offer conference, party and catering facilities as well as rooms, and these could be promoted using direct marketing emails.
  3. The recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his or her contact details for the purposes of such direct marketing, at the time that the details were initially collected.
  4. The individuals are given the opportunity to opt out in every subsequent email to them Individuals whose email addresses you buy in from a list broker cannot have opted in to receive emails from you under the soft opt-in rules if they have never dealt with you, but only the list broker. Nor can an individual who gives his or her email address to your company be treated as having opted in to receiving direct marketing emails from other companies in the same group as you, unless he or she has specifically consented to this.
  5. It’s also likely that, if you have opt-in from a subscriber to receiving emails from one brand or business name, and you want to promote another brand or business name you own, you can only do so if the recipient would associate the two as being under common ownership.


Rules applying to ALL emails

All direct marketing emails, whether to corporate subscribers or individuals, and whether unsolicited or solicited, must:

  • make the identity of the sender clear (the sender must not be ‘disguised or concealed’)
  • provide a valid address to which ‘unsubscribe’ messages may be sent.


Existing emailing lists

By concession, the Information Commissioner has said that he will not apply the law to ‘legacy lists’. This means:

  • email addresses you had at 31 October 2003
  • that you have used within the last 12 months
  • that you collected in compliance with the law at the time (at a minimum, you told the people whose addresses you collected that you would be using the addresses for marketing purposes when you collected them)
  • whose owners haven’t told you to stop emailing them


Subcontracting your e-marketing

The Information Commissioner will proceed against you first if the rules are breached, as the ‘instigator’ of the email communication.


Data Protection Act 1998

The anti-spam rules specifically say that they do not affect your obligations in relation to personal data under the Data Protection Act 1988. Under that Act individuals (as opposed to businesses) can prevent you from processing ‘personal data’ (which includes using it to send them unsolicited marketing emails) without their consent.

Personal data is data relating to a living individual (but not companies). So, if you have an email address but cannot tie it to a person’s name or other personal details, it is not personal data. If it is, however:

  • you should not send unsolicited marketing emails to any person who has not consented to your doing so
  • even if they originally consented, recipients of your direct marketing emails can write and ask you to stop using personal data to send out direct marketing emails at any time afterwards


Source: accessed 2 November 2015

Image courtesy of stuart miles/