Resources > Opt-In Laws in the USA and EU

Opt-In Laws in the USA and EU

Opt-In Laws in the USA and EU

Legal Requirements in the USA and EU
Quick Checklist of Legal Requirements
Quick Checklist of Email Best Practices



Legal Requirements in the USA and EU

The purpose of this table is to give an overview of the basic email requirements in the United States and Europe. Always check the best email marketing practices and the national legislation in each country before engaging in bulk email marketing activities.

Requirements

United States

Europe

Type of Email Messages

The CAN-SPAM Act covers commercial email messages, the primary purpose of which is the advertisement or promotion of a commercial product or service.

The EU directive covers all direct email marketing messages, including charitable and political messages.

Permission / Opt-In Requirement

No, the CAN-SPAM Act allows direct marketing email messages to be sent to anyone, without permission, until the recipient explicitly requests that they cease ("opt-out").

Yes, direct marketing email messages may be sent only to subscribers who have given their prior consent ("opt-in"). Prior permission is required for business-to-consumer (B2C) communication covering all "natural persons".

Exceptions:
A business relationship in which contact information was obtained constitutes prior consent as long as a means to opt out was provided at the same time and continues to be provided with each such message and each message is about similar products or services by the same company.

For business-to-business communication (B2B), i.e. "legal persons", EU member states are free to make "opt-out" the minimum legislation. However, national legislation of the member states can require opt-in for B2B email, too.

Unsubscribe / Opt-Out Requirement

Yes, every message must include opt-out instructions. The sender must honor the opt-out requests of recipients within 10 days.

New Rule Provision 2008:
An email recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender.

Yes, every message must include opt-out instructions. The practice of sending email for purposes of direct marketing or without a valid address to which the recipient may send a request that such communications cease, is prohibited.

Existing Business Relationship:
When the email address is obtained in the context of the sale of a product or service, the natural or legal person may use the email for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details when they are collected and on the occasion of each message in case the customer has not initially refused such use.

Sender Identity

The CAN-SPAM Act bans false or misleading header information. The email's "From", "To" and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.

The Act prohibits open relay abuses, falsifying header information, generating multiple email addresses to send from, deceptive subject headers, address harvesting and dictionary attacks, and other fraudulent ways of sending spam.

New Rule Provision 2008:
The definition of "sender" was modified to make it easier to determine which of multiple parties advertising in a single email message is responsible for complying with the Act's opt-out requirements.

New Rule Provision 2008:
A definition of the term "person" was added to clarify that the CAN-SPAM Act's obligations are not limited to natural persons.

Disguising or concealing the identity of the sender on whose behalf the communication is made is prohibited.

Subject Lines / Labeling

Deceptive subject lines are prohibited. The subject line cannot mislead the recipient about the contents or subject matter of the message. Identification that the message is an advertisement or solicitation is required.

 

Contact Information / Postal Address

Yes, a valid physical postal address is required.

New Rule Provision 2008:
A "sender" of commercial email can include an accurately registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act's requirement that a commercial email display a "valid physical postal address".

Yes, the same information disclosure requirements apply to business email as to physical business letters. Companies registered or operating in the EU need to state their company details on every electronic business communication sent from their organization. Business email messages sent by a company should include:

  • The full name of the company and its legal form
  • The place of registration of the company
  • The registration number
  • The address of the registered office
  • The VAT number

A valid return address must be always provided.

Legislation

"CAN-SPAM Act"

The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act).

"EU Opt-In Directive"

The EU directive 2002/58/EC. The EU directive specifies a minimum legislation for the member states.

Directive 2003/58/EC amending Council Directive 68/151/EEC.

Links

FTC's Spam Site:
http://www.ftc.gov/spam/

15 USC Chapter 103 - Controlling The Assault Of Non-Solicited Pornography And Marketing
http://uscode.house.gov/
download/pls/15C103.txt

FTC Approves New Rule Provision Under The CAN-SPAM Act
http://www.ftc.gov/opa/
2008/05/canspam.shtm

16 CFR Part 316: Project No. R411008: Definitions and Implementation Under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the CAN-SPAM Act): Final Rule and Statement of Basis and Purpose
http://www.ftc.gov/os/
2008/05/R411008frn.pdf

European Law:
http://eur-lex.europa.eu

EU Directive 2002/58/EC Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) Article 13 Unsolicited communications
http://eur-lex.europa.eu/LexUriServ/
LexUriServ.do?
uri=OJ:L:2002:201:0037:0037:EN:PDF

Directive 2003/58/EC
http://eur-lex.europa.eu/LexUriServ/
LexUriServ.do?
uri=CELEX:32003L0058:EN:HTML

Amending Council Directive 68/151/EEC
http://eur-lex.europa.eu/LexUriServ/
LexUriServ.do?
uri=CELEX:31968L0151:EN:HTML

Wikipedia

http://en.wikipedia.org/
wiki/CAN-SPAM

http://en.wikipedia.org/
wiki/Directive_on_Privacy_and_
Electronic_Communications

L-Soft is a proponent of explicit prior recipient permission, opt-in, and strongly recommends double opt-in, even if this is not required by legislation. Here are two quick checklists that can help you comply with email marketing messaging requirements.

Quick Checklist of Legal Requirements

  • Do I have prior explicit and verifiable permission, opt-in, from the recipient?
  • Does the message have:
    • A clear and accurate sender identity?
    • An accurate subject line?
    • Clear and easy opt-out instructions?
    • A physical postal address and company details?
    • A valid return address?
  • Have I tested that the subscription and unsubscription works?
  • Have I checked the test messages carefully before posting? Did my colleague do this, too?
  • Can I process the replies and any subscriber requests promptly?

Quick Checklist of Email Best Practices

  • Obtain prior permission via double opt-in subscription. Send an automated and well thought-out welcome message with key instructions and expectations.
  • Test deliverability
    • Use email authentication: Check that SPF, Sender ID, DomainKeys, DNS records correctly verify the sender.
    • Use a spam checker: Scan email message to make sure that it is not identified as spam by common spam filtering applications such as SpamAssassinTM.
  • Test readability
    • Check the HTML message design and readability. It must work with blocked images.
    • Use alternative text part for HTML messages.
    • Keep the subject line short and clear. 25 characters display in most clients.
  • Provide wanted, expected, relevant and interesting messages to each recipient.
  • Provide clear instruction on how the subscribers can automatically unsubscribe (opt out). Send an automated and well thought-out farewell message. This works as a successful confirmation, gives an opportunity to ask for feedback and thank the subscriber.
 

LISTSERV is a registered trademark licensed to L-Soft international, Inc.
All other trademarks, both marked and unmarked, are the property of their respective owners.
See Guidelines for Proper Usage of the LISTSERV Trademark for more details.