Shop confidently - 14-day no-hassle return policy

6 Email Marketing Legal Requirements and How to Follow Them

6 Email Marketing Legal Requirements and How to Follow Them

Email marketing is the cornerstone of many marketing strategies, and has incredible potential for growing your business, increasing sales, and connecting with your audience. In fact, studies show that for every $1 spent on email marketing, the average ROI is $42. Social media, on the other hand, has shown to have an average ROI of about $2.80 for every $1 spent. 


If you’re looking for a way to directly engage with your audience, email marketing is a must-have part of your marketing strategy. However, because it’s such an effective way to market, it’s also been abused enough that many countries have created email marketing legal requirements that all business owners must be aware of and follow.

 

Email Marketing Legal Requirements of the GDPR, CAN-SPAM Act, and CASL

In fact, when it comes to email marketing, there are three main pieces of legislation that small business owners need to be aware of and abide by — The GDPR from the European Union, the CAN-SPAM Act from the United States, and CASL from Canada. 


Yes, even if they don’t live in any of those countries. (Unless you neither live in any of those countries and also never market to anyone in those countries. In that case, you can move along.)


But don’t worry, we’ve got you covered. First, we’ll look at those three pieces of legislation and their requirements, and then we’ll look at exactly what those email marketing legal requirements mean for your email marketing.

CAN-SPAM Act

The CAN-SPAM Act is a United States law that sets rules for commercial emails. It contains rules to limit deceptive advertising, as well as requires an easy opt-out for recipients. And each separate email in violation of the Act can result in penalties of up to $43,792.

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a regulation in the European Union that protects personal data and privacy for EU citizens. Those protections covered are consent, data transparency and protection, and more. Fines for lack of compliance can be up to20 million or 4% of the business’s global annual revenue, whichever is higher. 

Canada’s Anti-Spam Legislation

The final law we’ll cover in this blog post is Canada’s Anti-Spam Legislation (CASL). This spam and electronic threats law applies to emails, text messages, social media, and other forms of digital communication sent for commercial purposes. It requires consent, clear identification, and an unsubscribe mechanism. Fines can go up to $1 million for individuals or $10 million for businesses.

 

Explicit Consent 

The GDPR requires that businesses have explicit permission from recipients before sending marketing emails. Importantly, this means that consent must be given through clear, affirmative action. Please don’t simply find or collect email addresses given to you and import them into your email marketing platform or marketing email list. Having someone’s email address is very different from having consent to send them email marketing.


So, what does consent look like? First, make sure your language is always clear and unambiguous. Don’t hide what you’re asking someone to do when it comes to signing up for your email list. Then, make your audience member take action to actually be added to your list. Typically this looks like checking anunchecked opt-in box, signing up via a subscription form, or entering an email address in a field explicitly stating its use for marketing. 


Oh, and under this part of the GDPR, you’re also required to keep records of the consent given, including when, how, and what the individual was told at the time of sign-up.(If you use an email marketing platform like Klayvio, ConvertKit, Flodesk, etc. they’ll keep track of these records for you!)

 

Clear Sender & Subject Lines 

The CAN-SPAM Act requires that all of your marketing emails have clear sender and subject lines and that you aren’t deceptive in your messaging tactics.


Let’s start with your sender information. The “From” field of all of your marketing emails must clearly identify your business or brand. You’ll want to make sure that you don’t have any misleading or deceptive information in the header of your email, that you aren’t misrepresented as another business or person, and that you aren’t using vague or generic sender names like “customer service” or “support team”. Basically, make it clear that the emails are from your business.


Then we have your subject lines. Your subject lines cannot be deceptive, and must accurately reflect the actual content of the email. Deceptive subject lines (whether accidental or intentional) is a common occurance in the online marketing space, and you may not even be aware that you’re doing it. Here are some examples: 

  • Using “Re:” or “Fwd:” in your subject line when it’s not actually a response or something you’re forwarding.
  • “Are You Still Interested” when you’re sending a cold marketing message without a prior relationship to said product or service.
  • “Your Account Has Been Suspended” when it’s actually a marketing message for a product or service (and no account is being suspended).
  • “You won a free gift!” about a giveaway someonecould win but hasn’t yet.

Unfortunately, these are just a few examples that you’ll commonly find in the email marketing space. But just because someone else is doing it, doesn’t mean that you should. Make sure every subject line you send is clear in regards to what’s inside said email.

 

Easy Opt Out and Removal from your Email List

Both CAN-SPAM and the GDPR require that every single email you send has an easy way for subscribers to opt out of being on your list. Using an email marketing platform to manage your email marketing makes this simple. Your emails always have an unsubscribe link, and it takes care of unsubscribing for you so that you don’t have to do it manually. 


However, if you aren’t using one, make sure that every email you send has a clear and easy-to-find unsubscribe link — one that does not require multiple steps to unsubscribe — and that you honor every opt-out within 10 days of someone unsubscribing. 

 

Physical Address Email Marketing Legal Requirements

All three laws require a physical postal address to be present in your emails. If you’re someone who solely works from home and your home address is also your business address, you may want to consider alternatives to using your home addressThat can look like renting a physical office space, renting a PO Box, using a mail forwarding service, or setting up a virtual mailbox.

 

Content Requirements

The CAN-SPAM Act requires emails to be identified as advertisements, and that the disclosure is clear and conspicuous. Outside of that, there isn’t specific formatting or wording that’s required, so you have some flexibility here. 


Often, you’ll find this disclaimer at the bottom of marketing emails alongside the other mandatory CAN-SPAM elements like the unsubscribe button and physical mailing addresses. Here’s an example:


This is a promotional email from [insert your company name or your brand]. You are receiving this email because you signed up for our email newsletter. If you’d like to stop receiving emails from us, click here to unsubscribe.

[Insert Your Physical Address]

 

Data Protection Email Marketing Legal Requirements

Both the GDPR and CASL require explicit consent for data collection and the right for customers to access, rectify, and delete their data. Under this requirement, there are essentially two important parts: data transparency and data protection.


First, data transparency. When it comes to data transparency, you are required to inform recipients about what data you are collecting, how it will be used, and who it will be shared with. In plain language? You need a comprehensive privacy policy.



Then, we’ve got the data protection side of this email marketing legal requirement. As a business owner collecting personal information, it’s your responsibility to implement appropriate policies and security measures to protect personal data. 


How do you do this? First, ensure that you’re encrypting any personal data and using secure storage solutions. Again, this is a great reason for using an email marketing platform instead of simply managing your own email list through your Gmail account. 


You’ll also want to make sure that you are only collecting data that is necessary for your specific purposes. And that you have clear policies on how long you will retain personal data, and delete or anonymize it when it is no longer necessary. 


Using a reliable email service provider can help you comply with various email marketing legal requirements such as built-in unsubscribe links, GDPR consent checkboxes, and more. And if you’re working on setting up some of these foundational legal and marketing pieces in your business, check out our No-Nonsense Guide to Starting a Business. Inside, you’ll find a full checklist and guide that covers everything you need to know to set a firm legal foundation for your business - whether it’s brand new, or you’re just getting around to the legal side of things.


Leave a comment

Comments will be approved before showing up.


Also in The Blog

What to Know about the New Treasury Form for LLCs: Beneficial Ownership Information Report
What to Know about the New Treasury Form for LLCs: Beneficial Ownership Information Report

Common Legal Issues New Businesses Face
Common Legal Issues New Businesses Face

How to Deal with an Upset Customer or Client
How to Deal with an Upset Customer or Client