Email Opt-in laws for Canada, European Union countries, and Australia
We’ve written previously about the rules that apply in the USA. This article will explore the email opt-in laws for email recipients located in Canada, European Union countries, and Australia. There are obviously many more countries in the world where you might do business.
The applicable legislation in Canada is Canadian Anti-Spam Legislation (CASL) S.C. 2010, c. 23. Like the US legislation, CASL covers all commercial emails (and electronic messages – so it includes text messages). CASL explicitly also includes non-profit organizations, where the emails have, as one of their aims, to encourage “participation in a commercial activity”.
The Specific Guidelines under CASL include:
- An opt-in is required before an email can be sent. Generally, this must be express prior permission. Certain exceptions apply to the express prior permission including messages sent by a political party, charitable organizations, family members, people in personal relationships, and persons within an organization or between organizations.
- An accurate and valid postal address for the sender. Instead of the text of address, it is admissible to include a clear weblink to a page containing the address on the email if it is not practical to include the address in body of the email message.
- The sender’s email address must be identified clearly and accurately. CASL prohibits spam, malware, spyware, address harvesting, unauthorized alteration of transmission data as well as false and misleading electronic representations.
- Every email message must include the ability to opt-out easily, and at no cost. For example, an unsubscribe link included clearly and prominently, allowing the recipient to unsubscribe with one click. The sender must honor the opt-out request without delay (and within 10 days of the request).
EUROPEAN UNION (EU)
(This section includes the UK until they exit the EU)
The relevant regulatory documents are the “EU Opt-In Directive”: Directive 2002/58/EC (specifies minimum legislation for member states) & Directive 2003/58/EC (amending Council Directive 68/151/EEC). The EU Opt-In Directive provides regulations for all direct email marketing messages, including charitable and political messages:
- Prior consent – opt-in – is required for email messages to “natural persons” (business to consumer – B2C) that are direct marketing in nature.
- For email messages to “legal persons” (business to business communications – B2B), EU member states can make a clear and no cost opt-out the minimum required. The directive does permit member states to require an opt-in for B2B email communication
- The identity of the sender must be clearly and accurately identified.
- The same information disclosure requirements apply to business email that apply to business letters. Business email messages sent by a company should include: The full name of the company and its legal form, The place of registration of the company, The EU or National registration number (as applicable), The address of the registered office, the VAT number, along with a valid return address.
- Every email must include opt-out information.
- An existing business relationship where the email address was obtained as part of that relationship constitutes prior consent. Opt-out information must still be provided with each message. If the email is to be collected in the context of the sale of a product or service, customers must be given an opportunity to refuse further email contact, easily.
The relevant legislation in Australia is the SPAM Act 2003 which regulates the sending of commercial electronic messages by email or SMS. The Communications Council promotes best practice in eMarketing and has worked with industry and regulators to develop the Australian eMarketing Code of Conduct. The Code has been developed under Section 112(1A) of the Telecommunications Act 1997. The Code should also be considered in the context of The Privacy Act 1988.
The code sets out the procedures that must be followed when sending marketing or promotional messages by email or non-voice mobile communication channels. For the purposes of the code, eMarketers include:
- Organizations that use email or mobile communications as the primary means of marketing their goods or services;
- Third party organizations that use email or mobile communications to market goods or services on behalf of clients.
- The legislation clearly indicates the requirement to include accurate sender information and provision of opt-out (described as “unsubscribe facilities”) information. The information must remain valid for 30 days after the Commercial Communication is sent;
- There must be a link (or the information itself) to the following information about the sender: full Organization name; registered or legal address (PO Box address is not permitted, a virtual office is not permitted); Australian Business Number (ABN if applicable); postal address; email address or a method to send an Electronic Message (such as a web-based form); fixed line telephone number; contact details to which enquires or Complaints should be directed.
- Opt-in Express Consent is required, unless the sender has obtained the recipients email address through a prior commercial relationship. Confirmed Opt-In or Double Opt-In are examples of confirming Express Consent.
- The prohibition against sending unsolicited email messages does not apply to Charities, Religious Organizations, Government Bodies and Registered Political Parties when sending Commercial Communications that relate to their own products or services or Commercial Communications sent on behalf of these entities. It also does not apply to Educational Institutions that are contacting the households of current or former students about the institution’s own goods and services.
- Senders must be able to identify the person who consented to the commercial communications.
- Sender should ensure that their recipients (in Australia) do not receive Commercial Communications between the hours of 9pm and 8am Monday to Friday and 9pm to 9am on weekends, unless the Recipient or Relevant Electronic Account Authority has expressly invited delivery within these hours or been notified in advance that this will be the case. You should also note that the code details similar rules for Australian companies sending emails to international recipients.
The Australian eMarketing Code of Conduct. has additional information that should be considered if you are based in Australia.
Always check the national legislation in each country before sending email messages as part of your direct marketing activities. We recommend explicit prior permission (opt-in) and strongly recommend that you consider double opt-in, even if this is not required by legislation. Be sure to check with the mail management tool you are using as some have recently changed from double opt-in to single opt-in as default.
In Canada, Australia and the European Union, for example, email marketers must collect permission from the owner of an email address before sending any communication. In Australia and Germany, double opt-in is required. In several cases, German courts have held that a single opt-in process is not sufficient proof of prior consent. They argue that a person other than the owner of an email could have entered the address in a form.
A double opt-in is a two-step confirmation process. In some countries, it’s also referred to as confirmed opt-in. Like a single opt-in, users leaves their email in a signup form, but instead of being added to the mailing list immediately, the subscriber gets a confirmation email that includes a link. Only when the user opens the email and clicks the confirmation link is the email address added to the mailing list.
In addition, these countries require email marketers to keep record of the permissions they gain from subscribers. This information can be used in court, where the burden of proving permission always lies with the sender. This means that if you’re based in the US and sending email to subscribers outside the US, you need to understand whether or not your subscription process complies with local legislation.