Skip to Content Skip to Navigation

An email newsletter is a great marketing tool to generate leads and keep customers engaged with your business. But before launching yours, take a bit of time to get familiar with the email marketing laws and privacy concerns that may apply to your new venture.

Online privacy laws

One of the biggest objections that customers have, when it comes to email signup forms, is handing over their personal information. In a 2019 survey, 79% of Americans were concerned about how their data is being used by companies.

Because you’re collecting personal data such as names and email addresses, you will need to ensure you do so in compliance with online privacy laws such as the California Online Privacy Protection Act (CalOPPA) and General Data Protection Regulation (GDPR).

It’s important to note that you’ll need to comply with all legislation that applies to both your business’ and your subscribers’ locations around the world.

At a minimum, you must have a privacy policy that notifies subscribers about:

  • the types of data you collect about them,
  • how you use and share their data with third parties,
  • why you need to collect and use certain information,
  • the rights they have over their data, and
  • how your business will protect their privacy.

Your policy should be featured somewhere on your website that is clear and easily accessible to users, which will also help build trust with potential subscribers.

Anti-spam laws

According to Statista, almost 55% of email traffic in September 2019 was classified as spam. Unfortunately, this commonly includes newsletters and messages sent by businesses like yours. Besides being put on a blacklist by internet service providers, your business could get hit with thousands of dollars in fines if you fail to comply with anti-spam laws.

In the US, the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003 regulates commercial emails which are sent for marketing purposes. This includes your email newsletters, which likely promotes content featured on your business website or includes some commercial messages to recipients.

While your business can send emails without prior opt-in consent, CAN-SPAM states that you must provide recipients with the ability to opt-out of future emails.

Enforced by the Federal Trade Commission (FTC), some of the key requirements you must adhere to are:

  • Don’t use false or deceptive information in your emails.
  • Include a valid physical postal address in your emails.
  • Clearly explain how users can opt-out of receiving future emails from your business — always include an unsubscribe link in newsletters.
  • Action opt-out requests within 10 business days.

You can read the full compliance guide on the FTC’s website.

However, if the GDPR applies to your business, you will need to get opt-in consent before you can add new subscribers to your email list. Under this law, the terms of consent are much stricter — user consent must be “freely given, specific, informed and unambiguous”. This means no pre-ticked opt-in checkboxes on subscription forms, and it should be clear to users what they’re signing up for.

Instead of lumping together requests for consent to send your email newsletter along with other types of emails, you must have separate checkboxes on your form so that users can provide explicit consent for each.

Users have the right to withdraw their consent at any time, and like CAN-SPAM, the opt-out process should be made as easy as possible. The GDPR also requires businesses to retain proof of consent. By keeping records of when and how your subscribers joined or opted out of your email list, you’ll be less likely to send unwanted emails and protect your business should any disputes arise.

Depending on where your business and customers are based around the world, you should consult with a legal advisor to ensure your email marketing activities are in full compliance with any applicable laws.

Like any other marketing strategy, it’s important to start off on the right foot by respecting your customers’ privacy and making sure that your emails continue to add value to their daily lives.

Secure your email marketing strategy with a privacy policy

Generate a GDPR-ready privacy policy in under 2 minutes. Get started with