Skip to content

A repository of email marketing legislation around the world, compiled by EmailOctopus.

Notifications You must be signed in to change notification settings

threeheartsdigital/email-marketing-regulations

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 

Repository files navigation

Email marketing regulations around the world (updated for 2024)

As the world becomes increasingly connected, the email marketing regulation landscape becomes more and more complex. Whether or not you operate directly in different countries, it's good practice as an email marketer to know which laws and regulations apply to your subscribers, wherever they are in the world. In recent years, keeping on top of new legislation has been challenging – most notably in Europe, with the introduction of GDPR (General Data Protection Regulation).

The team at EmailOctopus have compiled this guide to make things easier. Our aim is to create a space where the email marketing community can keep each other up-to-date about regulations around the world, so it's easier for us all to be aware of new legislation, as and when it's implemented.

At a glance

For more detail about a country's legislation, click the country name.

Country Legislation Content required Opt-out required Consent required Penalties
Australia Spam Act 2003 Name, contact information Yes Implied consent if you have a previous business relationship. Otherwise, explicit Up to 1.8m AUD per day
Belgium outre-Quiévrain law, GDPR Name, mailing address, clear identification of the sender Yes Explicit consent Up to 20 million EUR, or 4% annual global turnover – whichever is higher
Brazil LGPD Name, contact information Yes Implicit consent via soft opt-in where an existing commercial or social interest can be demonstrated (effectively legitimate interest) 2 percent of the revenue from Brazil, up to 50 million BRL per infraction
Canada CASL Name, mailing address, contact information Yes Implied consent if you have a previous business relationship. Otherwise, explicit Up to 10 million CAD per violation
China Regulations on Internet Service Name, email address Yes Explicit consent 10,000 - 30,000 CNY per email
Denmark Danish Marketing Practices Act, GDPR Name, mailing address, clear identification of the sender Yes Explicit consent Up to 20 million EUR, or 4% annual global turnover – whichever is higher for GDPR violation; Danish government will impose an additional fine which is to be decided by the governing body
Finland Electronic Communication Services Act, GDPR Name, mailing address, clear identification of the sender Yes Implied consent if you have a previous business relationship. Otherwise, explicit Up to 20 million EUR, or 4% annual global turnover – whichever is higher
Germany Federal Data Protection Act, GDPR, Telemedia Act Name, mailing address, clear identification of the sender Yes Implied consent if you have a previous business relationship. Otherwise, explicit Up to 20 million EUR, or 4% annual global turnover – whichever is higher
Hong Kong The Unsolicited Electronic Messages Ordinance Clear identification of the sender Yes Implied consent Up to 1 million HKD and imprisonment for up to five years on conviction on indictment
Iceland GDPR Name, mailing address, clear identification of the sender Yes Explicit consent Up to 20 million EUR, or 4% annual global turnover – whichever is higher for GDPR violation
India None at present None No Consent is not required None
Ireland Irish Data Protection Act 2018, GDPR Name, mailing address, clear identification of the sender Yes Explicit consent Up to 20 million EUR, or 4% annual global turnover – whichever is higher for GDPR violation; Irish government can also impose a fine up to 250,000 EUR per message sent by a company and an individual may be fined up to 50,000 EUR per message
Israel Communications Broadcasting Law Name, mailing address, contact information Yes Explicit consent, otherwise the recipient has given its contact details when purchasing a service or product, or when negotiating such purchase (specified for general advertising which includes marketing emails) Fine of up to 202,000 ILS
Japan ASCT, Anti-Spam Act Name, mailing address Yes Implied consent if you have a previous business relationship, otherwise explicit consent required Up to 1 million JPY or 1 year of imprisonment
Singapore PDPA, Spam Control Act 2007 Name, email address Yes Explicit consent, via a minimum of soft opt-in 25 SGD per email, up to 1 million SGD
South Africa ECTA, CPA, PPIA Name, email address Yes Minimum of implied consent Fines (no limit) or up to 12 months imprisonment
United Arab Emirates RUEC Name, mailing address Yes Implied consent Fines of up to 10 million AED
United Kingdom UK GDPR, PECR, DPA 2018 Name, mailing address Yes Explicit consent, via a minimum of soft opt-in Up to 17.5 million GBP, or 4% annual global turnover – whichever is higher
USA CAN-SPAM Name, mailing address, contact information Yes Prior consent is not required Up to 51,744 USD per violation

Explicit vs implied consent and other key terms

Explicit consent

Explicit consent gives the individual or business the right to deal with personal data. Consent can be acquired in writing or verbally. Generally speaking you'll need to keep a record of consent collection.

A typical example in email marketing is a website registration form. Some legislations will require that you include a check-box to allow customers to consent to receiving your newsletter.

  • Soft opt-in: When you've collected an email address as part of another process, such as a purchase flow, and can reasonably assume the customer will be happy to receive further communications. However, you must have given them a clear chance to opt out – both when you first collected their details, and in every future message you send.
  • Single opt-in: A one step opt-in, so only a registration form is filled out.
  • Double opt-in: A multi-step opt-in, so the registration is confirmed via a link sent to the acquired email address.

Implied consent

Implied consent, also known as inferred consent, is usually derived from actions and circumstances, often a previous purchase or enquiry.

The best example is during online shopping. Imagine a customer has just bought a games console from your online store. You may assume that the client is interested in games and wish to contact them after their initial purchase with other similar products. If you haven't specifically asked to contact this user again (via a checkbox or similar), this is called implied consent.

The exact boundaries for both types of consent are defined in the specific country laws.

Note

This guide is a community resource which is open to edits from members of the public. Information may be inaccurate and shouldn't be taken as legal advice – always consult a local lawyer before carrying out email marketing in any region.