Email Marketing UK Legalities

A Summary.

Data is highly regulated in the UK, with provisions under a variety of Acts of Parliament, Regulations and Codes of Practice. These provisions are designed to protect the rights of individuals when they surrender personal information about themselves to companies for marketing purposes.

Privacy in Electronic Communications (Directive) Regulations 2003

On the 11th December 2003, the Privacy in Electronic Communications (Directive) Regulations 2003 came into force in the UK. They have significant implications for everyone involved in email marketing in the UK.

In essence, the 2003 Regulations are encapsulated in two main rules:

RULE 1 – Applies to all marketing emails:

• The sender must not conceal their identity

• The sender must provide a valid address for opt-out requests

RULE 2 – Applies to unsolicited marketing emails sent to individual subscribers:

• The sender cannot send marketing emails unless they have the recipient’s prior consent to do so.

It is the second rule that is most key for marketers; it puts the onus onto the marketer to obtain consumer’s specific permission to send them marketing emails.

It gets a little tricky here as the 2nd rule comes with a caveat which states that the opt-in rule is relaxed in the following circumstances:

  • The recipients email address was collected “in the course of a sale or negotiation for a sale”
  • The sender only broadcasts promotional messages relating to “similar products and services”
  • When the address was collected, the recipient was given the opportunity to opt-out (free of charge) which they did not take. The opportunity to opt-out must be given with every subsequent message


  • All three criteria must be fulfilled in order for the exemption to be effective.
  • The UK Information Commissioner is responsible for enforcing the Regulations.

There must be specific consent at the point at which the email address is given, to receive marketing emails from the company and, if the company specifies it, from its partners. This consent must come in the form of a positive opt in (opt in box NOT pre-ticked), or an extremely explicit opt-out, where it is made absolutely clear to the consumer that by not ticking the box to opt-out, they are giving their consent to receive marketing emails.

Other Regulations you should be aware of

While much attention is focused on the Privacy in Electronic Communications (Directive) Regulations 2003, there are several other existing pieces of Legislation and Code of Practice which need to be know about/adhered to….

– The Data Protection Act 1998

This Legislation confers rights on individuals in respect of others’ use of their data, and places obligations on data controllers when they are processing personal data.

The Act sets out 8 data protection principles, covering data collection, use, disclosure, maintenance, security, international data transfer and the outsourcing of data processing.

– Consumer Protection (Distance Selling) Regulations 2000

These Regulations apply to any “direct response” email message to which a consumer can respond by ordering a product or service and require the supplier to disclose their identity, the characteristics of what is being offered and the price; fulfilment requirements; and a cancellation right got most products.

– Committee of Advertising Practice Code of Advertising, Sales Promotion and Direct Marketing (aka the CAP Code)

The Privacy in Electronic Communications (Directive) Regulations 2003 exempt “corporate subscribers”, including limited companies from the rules, meaning that they can be sent unsolicited commercial emails relating to goods and services which they might be interested in either in a personal or business capacity.

The CAP Code however makes it clear that companies may only send unsolicited marketing emails to corporate subscribers about goods/services in which they would be interested in their business capacity.

– The Direct Marketing Association (DMA) Email Code of Practice

The DMA’s Code of Practice sets out in detail for DMA members the standards to which they should adhere and the rules they should follow when conducting direct marketing, including email marketing campaigns. In addition, in July 2004, the DMA Email Marketing Council launched its Best Practice Guidelines for Email marketing; this explains in detail how to conduct email campaigns responsibly and legally, covering data collection, list rental, measurement and reporting metrics and international issues.


NOTE: We are not legally trained experts and this is not legal advice only a summary of how we perceive the laws and regulations surrounding email marketing and data in the UK.  Professional legal advice should always be sought.

Share Post

Related Reads

Ready to take your email marketing to the next level?

If you want help to create a customer-centric, personalised, intelligent email marketing programme, get in touch with eFocus Marketing and discover how we can help you skyrocket your results.

You may also like...