Email marketing regulations around the world
As the world becomes increasingly connected, the email marketing regulation landscape becomes more and more complex. Whether or not you operate directly in different countries, it's good practice as an email marketer to know which laws and regulations apply to your subscribers, wherever they are in the world. In recent years, keeping on top of new legislation has been challenging – most notably in Europe, with the introduction of GDPR (General Data Protection Regulation).
The team at EmailOctopus have compiled this guide to make things easier. Our aim is to create a space where the email marketing community can keep each other up-to-date about regulations around the world, so it's easier for us all to be aware of new legislation, as and when it's implemented.
At a glance
For more detail about a country's legislation, click the country name.
|Country||Legislation||Content required||Opt-out required||Consent required||Penalties|
|Australia||Spam Act 2003||Name, contact information||Yes||Implied consent if you have a previous business relationship. Otherwise, explicit||Up to $1.8m AUD per day|
|Brazil||None at present, LGPD comes in August 2020||None||No||Consent is not required||None|
|Canada||CASL||Name, mailing address, contact information||Yes||Implied consent if you have a previous business relationship. Otherwise, explicit||Up to $10m CAD per violation|
|Germany||Federal Data Protection Act, GDPR, Telemedia Act||Name, mailing address, clear identification of the sender||Yes||Implied consent if you have a previous business relationship. Otherwise, explicit||Up to €20m, or 4% annual global turnover – whichever is higher|
|India||None at present||None||No||Consent is not required||None|
|United Kingdom||GDPR, PECR||Name, mailing address||Yes||Explicit consent, via a minimum of soft opt-in||Up to €20m, or 4% annual global turnover – whichever is higher|
|USA||CAN-SPAM||Name, mailing address, contact information||Yes||Prior consent is not required||Up to $16,000 per violation|
Explicit vs implied consent and other key terms
Explicit consent gives the individual or business the right to deal with personal data. Consent can be acquired in writing or verbally. Generally speaking you'll need to keep a record of consent collection.
A typical example in email marketing is a website registration form. Some legislations will require that you include a check-box to allow customers to consent to receiving your newsletter.
- Soft opt-in: When you've collected an email address as part of another process, such as a purchase flow, and can reasonably assume the customer will be happy to receive further communications. However, you must have given them a clear chance to opt out – both when you first collected their details, and in every future message you send.
- Single opt-in: A one step opt-in, so only a registration form is filled out.
- Double opt-in: A multi-step opt-in, so the registration is confirmed via a link sent to the acquired email address.
Implied consent, also known as inferred consent, is usually derived from actions and circumstances, often a previous purchase or enquiry.
The best example is during online shopping. Imagine a customer has just bought a games console from your online store. You may assume that the client is interested in games and wish to contact them after their initial purchase with other similar products. If you haven't specifically asked to contact this user again (via a checkbox or similar), this is called implied consent.
The exact boundaries for both types of consent are defined in the specific country laws.
This guide is a community resource which is open to edits from members of the public. Information may be inaccurate and shouldn't be taken as legal advice – always consult a local lawyer before carrying out email marketing in any region.