SuretyMail Email Reputation Certification

 

How to Comply with Email Marketing Laws and Regulations Around the World

You know that if you are based in the U.S. you need to comply with CAN-SPAM; and if you are based in Canada, you need to comply with CASL. But in an increasingly global market and economy, what about the other email marketing laws and email marketing privacy laws of other countries in which you may have users or customers, or to which you may be otherwise sending email? What are they, and do you need to worry about them?

Here is an overview of those laws (as well as links to the applicable anti-spam and email marketing laws of many countries, including the United States, the EU, the UK, and Argentina, Australia, Austria, Belgium, Brazil, Canada, China, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Hong Kong, Hungary, Indonesia, Ireland, Israel, Italy, Japan, Malasia, Malta, Netherland, New Zealand, Pakistan, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland and Turkey), and 3 simple steps to be in compliance with nearly all of the email marketing laws of all countries.

(Note: In addition to needing to comply with the email marketing and anti-spam laws of the various countries into which or from which you may send email, you need to be familiar with the EU-US Privacy Shield Regulations of 2016.)

In addition to the general information below, we have included links to the email marketing and anti-spam laws of individual countries around the world. If you have information about anti-spam or email marketing laws for a country that we have not included, please drop us a line and let us know.

The bottom line is that if your email address collection process, and your email sending practices, comply with the following (and of course you are doing all of the obvious things like including your actual physical address, not spoofing your headers, and not hiding who you are or pretending to be someone you’re not), then you can and will avoid 98% of the email marketing legal compliance problems into which you might otherwise run:

3 Steps to Comply with International Email Marketing Laws and Regulations

Follow these rules to be in compliance with the vast majority of email marketing laws around the world:

  1. Only add an email address to your mailing list after having obtained provable permission of the owner of the email address. (Most countries have an exception for email addresses belonging to existing customers.)
  2. This is one of the most critical points. For example, the UK requires that “a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender.”

    The UK’s Information Commissioner’s Office elaborates, explaining that “you must not send electronic mail marketing to individuals, unless they have specifically consented to electronic mail from you, or they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent.”

    Note the “similar product or service” language. This brings us to our second point for international email marketing compliance.

  3. Never take an email address and move it from one list to another, or otherwise repurpose the email address, without the user’s express permission.
  4. Even the United States’ CAN-SPAM law, widely regarded as the most permissive, prohibits you from “repurposing” an email address if the user has otherwise opted out of your mailings.

    It is unlawful, says CAN-SPAM, “for the sender, or any other person who knows that the recipient has made such a [opt-out] request, to sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic mail address of the recipient) for any purpose other than compliance with this Act or other provision of law.”

    And, speaking of opt-out, that leads us to point #3.

  5. Include a working opt-out mechanism in all non-transactional email, and process all opt-outs immediately.
  6. The Canadian anti-spam law is a good example of the opt-out (unsubscribe) requirements of most laws: “The unsubscribe mechanism must (a) enable the person to whom the commercial electronic message is sent to indicate, at no cost to them, the wish to no longer receive any commercial electronic messages, or any specified class of such messages, from the person who sent the message or the person – if different – on whose behalf the message is sent, using (i) the same electronic means by which the message was sent, or (ii) if using those means is not practicable, any other electronic means that will enable the person to indicate the wish; and (b) specify an electronic address, or link to a page on the World Wide Web that can be accessed through a web browser, to which the indication may be sent… The person who sent the commercial electronic message and the person — if different — on whose behalf the message was sent must ensure that effect is given to an indication sent in accordance with paragraph (1)(b) without delay, and in any event no later than 10 business days after the indication has been sent, without any further action being required on the part of the person who so indicated.

The bottom line is that if you are a legitimate email marketer, or conscientious company that utilizes email marketing, you are probably already doing nearly everything that you need to do in order to not get in trouble with the laws of whatever countries you are sending email to or from. With a little tweaking, you can ensure that you are on the right side of the law pretty much everywhere.

And as a happy side effect, because these points also track best email practices, by making sure that your email practices adhere to these points you will also be helping to optimize your email deliverability so that you get to the inbox, and stay out of the junk folder.

[Want us to help you ensure that you are doing everything right? Apply here.]

List of Anti-Spam and Email Marketing Laws, Regulations and Practices by Country or Region

United States

How to comply with CAN-SPAM

Full text of CAN-SPAM

Canada

How to comply with CASL

Full text of CASL

European Union (EU)

The EU has adopted a set of regulations (directives) dealing with email marketing, privacy, and spam. Bear in mind that these are not automatically in operation in a given EU member country, and every member country of the EU is free to adopt their own versions of these regulations (and many have). Moreover, any citizen of the EU can apply directly to the European Court of Justice for relief, and since the Francovich holding in 1991, EU Member States can be liable to pay compensation to individuals who suffer a loss by reason of the Member State’s failure to transpose an EU directive into national law. This means, at least in theory, that there are 28 countries to or from which you may send email that can be touched by the EU email marketing and privacy directives, even if they didn’t adopt them directly.

EU regulations regarding email marketing, spam, and privacy protection of PII

Email Marketing and Anti-Spam Laws of Individual Countries

Argentina

Personal Data Protection Act

Australia

Spam Act of 2003

Austria

Austrian Telecommunications Act

Belgium

Belgium Law of March 11, 2003

Brazil

Movimento Brasileiro de Combate ao Spam

Canada

Canadian Anti-Spam Law (CASL)

China

China Regulations On Internet Email Services

Cyprus

Regulation of Electronic Communications and Postal Services Law of 2004

Czech Republic

Act No. 480/2004 Coll. on Certain Information Society Services

Denmark

Danish Consolidated Marketing Practices Act

Finland

Act on the Protection of Privacy in
Electronic Communications

France

Law of June 21 2004 for Confidence in the Digital Economy

Germany

German Unfair Competition Act

Hong Kong

Unsolicited Electronic Messages Ordinance

Hungary

2001 Act on E-Commerce

Indonesia

Law Concerning Electronic Information and Transactions

Ireland

European Communities Electronic Communications Networks and Services Data Protection and Privacy Regulations of 2003

Israel

2008 Amendment to the Communication Telecommunications and Broadcasting Law of 1982

Italy

Italian Personal Data Protection Code

Japan

Act on Regulation of the Transmission of Specified Electronic Mail

Malaysia

Communications and Multimedia Act of 1998

Malta

Data Protection Act

Netherland

Dutch Telecommunications Act

New Zealand

Unsolicited Electronic Messages Act of 2007

Pakistan

Prevention of Electronic Crimes Ordinance

Singapore

Spam Control Act of 2007

South Africa

Electronic Communications and Transactions Act of 2002

South Korea

Act on Promotion of Information and Communication Network Utilization and Information Protection

Spain

Information Society Services and Electronic Commerce Act

Sweden

Swedish Marketing Act – Marknadsföringslagen

Switzerland

Law against Unfair Competition

Turkey

Electronic Commerce Law

United Kingdom (UK)

The Privacy and Electronic Communications Regulations (PEC Regulations) 2003

United States (US)

CAN-SPAM

 

SuretyMail inbox 500