Kayla Matthews
March 18, 2020

8 Regulations to Know When Developing an Email Marketing Campaign

There Are More Email Marketing Regulations Than Just GDPR

Email marketing is convenient since it allows you to reach potential customers from all over the world with a few quick clicks. However, the respective laws for getting in touch with people online can vary and knowing them could make the difference between earning conversions and getting into legal trouble.

Here are eight email marketing regulations to be aware of, broken down by region.

The European Union

This is the obvious place to start, as GDPR is the most well-known and wide-ranging set of regulations.

If you’re planning to market to Europeans, bear in mind that there may be some country-specific rules to follow. Here, though, we’ll look more broadly by examining some of the regulations that apply to the European Union (EU).

1. The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) gives residents of the EU more control over what advertisers do with their information, and how those parties collect it. Plus, there are some GDPR specifics for email marketing.

Firstly, you can only use or collect customers’ data with consent. You must also keep documentary evidence of them giving that go-ahead. People can withdraw their consent whenever they wish, and you must honor that request. Moreover, companies are obligated to delete information — including emails — that they no longer need.

2. The European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011

These regulations surround the transmission of unsolicited emails. The basics you need to know are that you may not be able to send customers emails if you have not gained consent from them within 12 months, or if they have not given you details within that time-frame when purchasing a product. It’s also forbidden under these regulations to disguise your identity as the sender or otherwise conceal the email’s origin.

You may also want to read: How Will GDPR Affect US Marketers?

The United Kingdom

The United Kingdom finally left the European Union after passing a Brexit withdrawal deal. People are understandably curious about what that means for the GDPR in the United Kingdom. Does it still apply?

The United Kingdom is in a Brexit transition period until the last day of 2020, and the GDPR is still in effect through that point. What happens after that depends on what occurs during the Brexit negotiations, which are currently underway. Stay tuned to remain abreast of developments as they emerge.

3. The Data Protection Act (DPA) of 2018

The DPA works alongside the GDPR and dictates how it functions within the United Kingdom. For example, the DPA stipulates several exemptions from the GDPR that only apply in the United Kingdom. If you plan to carry out email marketing in the United Kingdom, it’s a good idea to check out the detailed DPA guide provided by the United Kingdom’s Information Commissioner’s Office.

4. The Companies Act of 1985

The Companies Act of 1985 is similar to the United States’ CAN-SPAM Act, but it applies to the United Kingdom. It says that emails sent by businesses in the region must have:

  • Your company’s registered name and address
  • Your company’s registration number
  • And your company’s place of registration

You must also include such information in the body of the email and not merely provide a link for people to click and get the details.

The United States

The United States does not yet have the equivalent of a federal data protection law like the GDPR. However, there are still some regulations to know that could impact your email marketing campaign, whether you run it to encourage traffic to an online donation page for a nonprofit or to advertise the launch of a new product line.

5. The CAN-SPAM Act of 2003

This regulation’s full name is the Controlling the Assault of Non-Solicited Pornography and Marketing Act. Despite it being nearly 20 years old, the Federal Trade Commission (FTC) recently conducted a full review of CAN-SPAM and decided it did not need changes.

The CAN-SPAM Act applies to all commercial messages. It requires them to have some straightforward features, including:

  • Accurate and identifying email header information
  • A subject line reflecting the email’s contents
  • Clear disclosure that your message is an advertisement
  • Your company’s physical address contained in the email’s body
  • Instructions on how a person can opt-out of future emails

Even if you contract your email marketing to an outside party, both you and that entity may be liable under the CAN-SPAM Act.

6. The California Consumer Privacy Act (CCPA)

The CCPA is a recent example of action taken at the state level to give people more control over the data that companies keep about them. It affords consumers several rights, including:

  • Knowing if a company collects their personal information
  • Easily finding out what information a company has about them
  • Downloading their personal data and take it elsewhere
  • Opting-out of allowing companies to sell their data
  • Not be discriminated against

Moreover, the CCPA applies to personal information, which is a rather broad definition in this case. In short, it’s any information that could identify, be associated with or describe a California resident. Does personal information extend to email addresses? It can, in some cases, legal experts say.

For example, if an individual has an email in the format of [person’s name]@[company name].com, it could be relatively easy to link a specific person to that address. That’s particularly true if the employee has a unique name or works for a small company.

Even if your business operates somewhere other than California, the CCPA may still apply. Conduct further research to see if you have obligations for handling emails under the CCPA.

You should also take it upon yourself to stay informed about other state-level privacy regulations that may go into effect and impact email marketing. Concerning state-level laws against spam email, CAN-SPAM preempts most of them.


Some experts say that Canada’s Anti-Spam Law (CASL) is one of the strictest of its kind in effect. Check out the following breakdown of what to know.

7. Canada’s Anti-Spam Law (CASL)

CASL applies to all commercial electronic communications sent from or to people within Canada. It requires getting consent from recipients before distributing messages. You can do so either orally or in writing, and the written consent can occur through electronic means. However, companies need not get such permission if there is an existing relationship between the company and the person who receives the email.

However, there are some CASL exemptions. For example, they include emails sent by charities for fundraising purposes and messages sent inside secured, limited-access service interfaces, such as online banking portals.


If you’re planning to send messages to people who live down under, Australia is like other regions listed here, whereby there are specific email rules to follow.

8. The Spam Act of 2003

The Spam Act of 2003 requires obtaining consent as a first step. Next, any messages received must contain your company’s name and contact details, plus give people a way to unsubscribe from your mailing list. Also, the Act differentiates between express and inferred permission regarding consent.

People give express permission by performing a particular action to show approval, such as:

  • Completing an online form
  • Checking a box on a company’s pop-up
  • Giving their consent face to face
  • Providing permission during a telephone call

However, inferred permission happens if they are already customers, or you’re sending an email message associated with something they bought from you. Also, if the person published their email in a publicly accessible database, such as an internet directory, you can treat that as inferred permission.

What About Regulations in Effect Elsewhere?

This overview gives details about what you need to know about email marketing laws in some of the central regions of the world where you may do business. Nevertheless, it’s not all-encompassing — guidelines are not so clear-cut in some places not mentioned above.

For example, many Asian countries are at various stages of adopting or updating their data privacy laws — some of which may affect how you can send marketing emails.

In the Middle East, new data privacy regulations recently became active in Bahrain, and some analysts believe they’ll have a broader effect. In Africa, Kenya passed a data privacy law that mirrors the GDPR and may inspire other countries on the continent to follow suit.

Due to this degree of variation, the safest thing to do is to thoroughly research the applicable privacy laws governing where you do business or want to operate. The fines for failing to comply can be substantial.

Err on the Side of Caution With Your Email Marketing Campaigns

Hopefully, one thing you’ve learned from the content here is that you cannot send an unsolicited email and assume it won’t result in negative consequences. Take the time to learn about the applicable laws to reduce the chances of your otherwise well-planned email marketing campaign hitting a snag.


Featured image: Copyright: ‘https://www.123rf.com/profile_tabitazn‘ / 123RF Stock Photo


The following two tabs change content below.

Kayla Matthews

Kayla Matthews is a digital marketing and branding writer whose work has been featured on Contently, Convince and Convert, Inc.com and Marketing Dive. In the past, she's also been a staff writer for MakeUseOf and a regular contributor to The Next Web. To see more by Kayla, please visit ProductivityBytes.com