Privacy and Email Marketing to Residents of the United Kingdom

Heads up: This page may include affiliate links. Read the full disclosure.

These days, it is rare to find a company that does not send email newsletters or performs email marketing.

However, suppose your email list includes individuals that reside in the United Kingdom. In that case, there are specific rules that you will need to follow to ensure that your email marketing does not violate any privacy laws, such as the Privacy and Electronic Communications Regulations 2003 (PERC) and the United Kingdom Data Protection Act 2018 (UK DPA).

Otherwise, you could face steep fines or even be required to delete residents of the United Kingdom from your list.

In this article, we will discuss the new guidance issued by the United Kingdom’s Information Commissioner’s Office on email marketing, such as how to obtain consent, the information that you will need to provide, opt-in rules, and more so that you can ensure that you follow the appropriate rules in your email marketing campaigns.

Disclaimer: The information in this article is provided for awareness purposes only and should not be construed as legal advice. Consult your attorney for legal matters.

What is electronic mail marketing?

How To Grow Your Email List

Even though it may seem obvious, it is first important to determine whether you perform electronic mail marketing to determine if you need to follow the rules listed below.

PERC and UK DPA rules apply to electronic mail, defined as any privacy message stored for a specific intended recipient to collect.

This definition includes email and text messages, picture and video messages, voicemail messages, in-app messages, and direct messaging on social media.

In addition, direct marketing is defined as the communication, by whatever means, of advertising or marketing material that is directed to particular individuals.

This definition includes commercial marketing, such as the promotion of products or services, as well as the promotion of aims and ideals, such as fundraising or campaigning.

The Rules for Sending Email Marketing

There is one major rule when sending email marketing messages to residents of the United Kingdom – you must obtain their consent to do so, or you must meet all of the requirements of the soft opt-in.

Consent is any freely given, specific, informed, and unambiguous indication of the individual’s wishes by which they, by a statement or by a clear, affirmative action, signify their agreement to the processing of their personal data.

For consent to be valid for email marketing, the following factors must be met:

  • Individuals must have a free choice of whether they want to receive marketing emails. For example, requiring individuals to sign up for a marketing list to make a purchase would not be considered a free choice;
  • You must make it clear that the individual’s personal data will be used for marketing, and your Privacy Policy must disclose what your identity and personal data are collected, how they will be used, and the categories of third parties that the data will be shared with. Your Privacy Policy must also state that individuals can withdraw their consent to your use of their data;
  • You must have no doubt that the individual is consenting;
  • The individual must take positive action to consent, meaning pre-ticked boxes, silence, or inactivity are insufficient to demonstrate consent.

Consent on Images - I Agree

In addition, for consent to be valid, individuals must have a way to withdraw that consent. Your email marketing should have an unsubscribe button, and your Privacy Policy should state how individuals can exercise this privacy right.

While the UK DPA does not provide an exception to the consent requirement, PERC does. PERC states that direct marketing via email may be sent if:

  • You obtained the contact details of the individual in the course of the sale or negotiations for the sale of a product or a service to that individual;
  • Direct marketing is in respect of that person’s similar products or services only;
  • The individual has been given a simple means of refusing to use their personal data for the purposes of direct marketing at the time their personal data was initially collected and where they did not refuse such communications.

If you meet the above requirements, you may not be able to send the individual email marketing if the contact details were collected as part of your fundraising or campaigning activity, you want to use their contact details to send messages about fundraising or campaigning, you want to use their contact details to send someone else’s direct marketing, or if you do not give them a clear, simple way to opt-out or change their mind about your marketing in each message that you send.

In addition, please note that even if you meet the rules above, you may still not be able to send email marketing without consent if the UK DPA applies to you.

Rules on tracking pixels in email

If your email marketing contains tracking pixels that tell you whether an individual opened the email or clicked on an image or video, PERC rules do not apply to that tracking pixel.

However, the ePrivacy Directive and the UK DPA 2018 still apply, which specify that you must obtain the individual’s consent before tracking them through cookies and pixels.

To ensure that your email marketing is compliant with both PERC and UK DPA, it is best to obtain the affirmative consent of any individuals on your list that reside in the United Kingdom and to ensure that they can withdraw their consent to the processing of their personal data for the purposes of marketing at any time.

You can do so by offering the proper checkboxes to obtain consent when initially collecting the data, having a Privacy Policy that makes all of the required disclosures, and providing users with a real choice as to whether or not they would like to receive direct marketing emails.

Related Posts

Looking for something?

Privacy laws apply to businesses that collect personal information. Since no personal information is collected by the MainWP plugins, no privacy laws apply to the MainWP plugins. This includes GDPR, UK DPA 2018, PIPEDA, Australia Privacy Act 1988, LGPD, PIPL, and other privacy laws.
Donata Stroink-Skillrud
Donata Stroink-Skillrud
President of Agency Attorneys

Your Download Is Just One Click Away

…or just download the plugin.

By entering your email, you agree to our Terms of Service and Privacy Policy.