You know that if you are based in the U.S. you need to comply with CAN-SPAM; if you are based in Canada, you need to comply with CASL, and if you are in the EU you need to comply with GDPR. But in an increasingly global market and economy, what about the other email marketing laws and email marketing privacy laws of other countries in which you may have users or customers, or to which you may be otherwise sending email? What are they, and do you need to worry about them?
Here is an overview of those laws (as well as links to the applicable anti-spam and email marketing laws of many countries, including the United States, the EU, the UK, and Argentina, Australia, Austria, Belgium, Brazil, Canada, China, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Hong Kong, Hungary, Indonesia, Ireland, Israel, Italy, Japan, Malasia, Malta, Netherland, New Zealand, Pakistan, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland and Turkey), and 3 simple steps to be in compliance with nearly all of the email marketing laws of all countries.
(Note: In addition to needing to comply with the email marketing and anti-spam laws of the various countries into which or from which you may send email, you need to be familiar with the EU-US Privacy Shield Regulations of 2016.)
In addition to the general information below, we have included links to the email marketing and anti-spam laws of individual countries around the world. If you have information about anti-spam or email marketing laws for a country that we have not included, please drop us a line and let us know.
The bottom line is that if your email address collection process, and your email sending practices, comply with the following (and of course you are doing all of the obvious things like including your actual physical address, not spoofing your headers, and not hiding who you are or pretending to be someone you’re not), then you can and will avoid 98% of the email marketing legal compliance problems into which you might otherwise run:
3 Steps to Comply with International Email Marketing Laws and Regulations
Follow these rules to be in compliance with the vast majority of email marketing laws around the world:
- Only add an email address to your mailing list after having obtained provable permission of the owner of the email address. (Most countries have an exception for email addresses belonging to existing customers.)
- Never take an email address and move it from one list to another, or otherwise repurpose the email address, without the user’s express permission.
- Include a working opt-out mechanism in all non-transactional email, and process all opt-outs immediately.
This is one of the most critical points. For example, the UK requires that “a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender.”
The UK’s Information Commissioner’s Office elaborates, explaining that “you must not send electronic mail marketing to individuals, unless they have specifically consented to electronic mail from you, or they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent.”
Note the “similar product or service” language. This brings us to our second point for international email marketing compliance.
Even the United States’ CAN-SPAM law, widely regarded as the most permissive, prohibits you from “repurposing” an email address if the user has otherwise opted out of your mailings.
It is unlawful, says CAN-SPAM, “for the sender, or any other person who knows that the recipient has made such a [opt-out] request, to sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient (including through any transaction or other transfer involving mailing lists bearing the electronic mail address of the recipient) for any purpose other than compliance with this Act or other provision of law.”
And, speaking of opt-out, that leads us to point #3.
The Canadian anti-spam law is a good example of the opt-out (unsubscribe) requirements of most laws: “The unsubscribe mechanism must (a) enable the person to whom the commercial electronic message is sent to indicate, at no cost to them, the wish to no longer receive any commercial electronic messages, or any specified class of such messages, from the person who sent the message or the person – if different – on whose behalf the message is sent, using (i) the same electronic means by which the message was sent, or (ii) if using those means is not practicable, any other electronic means that will enable the person to indicate the wish; and (b) specify an electronic address, or link to a page on the World Wide Web that can be accessed through a web browser, to which the indication may be sent… The person who sent the commercial electronic message and the person — if different — on whose behalf the message was sent must ensure that effect is given to an indication sent in accordance with paragraph (1)(b) without delay, and in any event no later than 10 business days after the indication has been sent, without any further action being required on the part of the person who so indicated.
The bottom line is that if you are a legitimate email marketer, or conscientious company that utilizes email marketing, you are probably already doing nearly everything that you need to do in order to not get in trouble with the laws of whatever countries you are sending email to or from. With a little tweaking, you can ensure that you are on the right side of the law pretty much everywhere.
And as a happy side effect, because these points also track best email practices, by making sure that your email practices adhere to these points you will also be helping to optimize your email deliverability so that you get to the inbox, and stay out of the junk folder.
[Want us to help you ensure that you are doing everything right? Apply here.]
List of Anti-Spam and Email Marketing Laws, Regulations and Practices by Country or Region
European Union (EU)
The EU has adopted a set of regulations (directives) dealing with email marketing, privacy, and spam. Bear in mind that these are not automatically in operation in a given EU member country, and every member country of the EU is free to adopt their own versions of these regulations (and many have). Moreover, any citizen of the EU can apply directly to the European Court of Justice for relief, and since the Francovich holding in 1991, EU Member States can be liable to pay compensation to individuals who suffer a loss by reason of the Member State’s failure to transpose an EU directive into national law. This means, at least in theory, that there are 28 countries to or from which you may send email that can be touched by the EU email marketing and privacy directives, even if they didn’t adopt them directly.
EU regulations regarding email marketing, spam, and privacy protection of PII
Email Marketing and Anti-Spam Laws of Individual Countries
Austrian Telecommunications Act
Movimento Brasileiro de Combate ao Spam
China Regulations On Internet Email Services
Regulation of Electronic Communications and Postal Services Law of 2004
Act No. 480/2004 Coll. on Certain Information Society Services
Danish Consolidated Marketing Practices Act
Act on the Protection of Privacy in
Law of June 21 2004 for Confidence in the Digital Economy
Unsolicited Electronic Messages Ordinance
Law Concerning Electronic Information and Transactions
European Communities Electronic Communications Networks and Services Data Protection and Privacy Regulations of 2003
2008 Amendment to the Communication Telecommunications and Broadcasting Law of 1982
Italian Personal Data Protection Code
Act on Regulation of the Transmission of Specified Electronic Mail
Communications and Multimedia Act of 1998
Unsolicited Electronic Messages Act of 2007
Prevention of Electronic Crimes Ordinance
Electronic Communications and Transactions Act of 2002
Act on Promotion of Information and Communication Network Utilization and Information Protection
Information Society Services and Electronic Commerce Act
Swedish Marketing Act – Marknadsföringslagen
Law against Unfair Competition
United Kingdom (UK)
The Privacy and Electronic Communications Regulations (PEC Regulations) 2003
United States (US)