Is your email marketing legal?

What is an unsolicited direct marketing email?
Under the relevant regulations, electronic mail is any electronic message that consists of text, voice, sound or images – ie, email, text, picture, video, voicemail and answer phone messages.

Direct marketing is defined as a message that is trying to sell goods or services, or is promoting the values or beliefs of a particular organisation.
Unsolicited marketing is marketing that has not been specifically asked for.

If you want to use email to carry out unsolicited direct marketing, you need to comply with the rules in the Privacy and Electronic Communications Regulations and with the Data Protection Act 1998.

Are unsolicited direct marketing emails illegal?
The applicable regulations distinguish between an individual subscriber (eg and a corporate subscriber (eg However, note that sole traders and individuals in partnerships are regarded as individual subscribers even if you are emailing them in their business capacity.

You can only carry out unsolicited direct marketing by email to individual subscribers if the individual you are sending the message to has given you their permission (known as an Opt In) OR you obtained his or her email details during the course of a sale (or negotiations towards the sale) and the email is relating to similar products or services that were the subject of such sale AND you give such individual subscriber the right to opt out of further emails (known as the “Soft Opt In”).

The prior consent rule does not apply to a corporate subscriber. However marketing emails to corporate subscribers should still identify the sender and provide a geographical address (see below).

Information to be provided before consent is given
If you are collecting contact details which include personal data (which could include the name of an individual in a corporate email address, such as, certain information must be notified to the individual:
• your identity; and
• the purpose(s) for which you are processing the individual’s data (eg to send them marketing email about products or services that they may be interested in); and
• any further information which is necessary to make the processing of that individual’s data fair – ie be open and honest with individuals about how you are going to use their personal data.

This information should be given to the individuals or made readily available to them (for example in a link on your website) at the point of collection.

The best way to meet these requirements is through a privacy policy.
Information to be provided in all marketing emails
All marketing emails (even those where no personal data is used such as must clearly display your identity and your address and if you are registered as a company, you must also include the:
• company registration number;
• place of registration; and
• registered office address.

What is good practice?
The Information Commissioner has stated that, notwithstanding the legal requirements, good practice requires that marketers follow the guidelines set out below.
• Try to go for opt-in-based marketing as much as possible.
• Provide a statement of use when you collect details typically via a privacy policy).
• Make sure you clearly explain what individuals’ details will be used for.
• Do not have consent boxes already ticked.
• Provide a simple and quick method for customers to opt out of marketing messages at no cost other than that of sending the message.
• Promptly comply with opt-out requests from everyone, not just those from individuals.
• Have a system in place to deal with complaints about unwanted marketing.
• When you receive an opt-out request, suppress the individual or company details rather than deleting them so that you have a record of who not to contact.

Suzanne Dibble, multi- award winning business lawyer