Email marketing is a powerful tool, but it also has its own legal pitfalls. In this article, I will give you an overview of some important points that you should keep in mind.
Disclaimer
The legal situation surrounding email marketing law is complex and cannot be dealt with exhaustively in an article like this. So take this article as a suggestion to inform yourself further. If in doubt, seek advice from a specialist. This article does not replace legal advice. We assume no liability for the completeness, topicality and accuracy of the content and recommendations.
In the previous parts of this series of articles, we have already looked at possible formats and areas of application for email marketing and set up a good concept. You also learned how to increase your reach properly. Now it's time for the part where you learn about email marketing law.
Who can I send what to?
An important topic in email marketing law is the keyword "consent": If you want to send emails about your offers and activities as an agency or freelancer, this is only possible if the recipients have actively consented to this. You must be able to prove that they have consented. More on this in a moment.
As a rule, you do not need explicit consent for messages to existing customers that are directly related to the purchased product or service. Example: Someone has signed a maintenance contract with you and now you are adding new services to this offer. In this case, you are usually allowed to inform the customer in question without their express consent.
"*" indicates required fields
In this case, it is important that these emails are actually solely about the existing customer relationship and nothing else. Otherwise, the email could slip into the realm of advertising - and nothing can be done without the consent of the recipient. A seemingly harmless reference to another offer in the footer of your email, for example, can already be too much. So make sure you keep these emails clean.
If you absolutely want to advertise a new offer to your existing customers, this may also be possible without explicit consent, provided it is similar enough to the existing product or service. A regulation on this can be found in Section 7 (3) of the Unfair Competition Act (UWG). You should seek professional advice here.
Please note: Existing customers must also have the option of unsubscribing completely from such emails. Then only transactional emails remain, for example when a purchase is made.
Obtain legally compliant consent
Consent is only valid if it is both conscious and voluntary and the person knows what they are consenting to.
For a newsletter, for example, it is recommended that you explain as comprehensively as possible in clear, simple terms on the registration form what subscribing to the mailing list means. This includes information on the frequency of the newsletter, an overview of possible content, the extent to which you measure success and how a person can unsubscribe.
Do not hide this explanatory text somewhere on a subpage if you want your consent to stand up in court. It is also important to know that if you want to increase the frequency of your newsletter, for example, you may need to obtain consent again.Â
An alternative to registering via the form is a checkbox in the order process, with which a person also registers for the mailing list. This is generally okay as long as this checkbox is not ticked in advance: in this case, a person could claim that they have overlooked it - and there is no conscious consent.
Another problem is when you haven't sent any messages to a mailing list for a long time. Of course, this happens in the stress of everyday life: you set up a newsletter, diligently collect readers for it and then don't have time to take care of it. The bigger this time gap becomes, the more likely it is that the consent has lapsed again. However, there are no clear legal requirements in this regard. The Munich Regional Court considered around 17 months between registration and the first advertising email to be too long. The Federal Court of Justice, on the other hand, declared that consent "does not expire solely due to the passage of time" (judgment of 01.02.2018, case reference III ZR 196/17).
However, a long period of silence is also problematic without legal consequences: Many recipients may have forgotten that they had subscribed in the meantime and mark your email as spam. This can have a negative impact on your delivery rate.
Further note: If a person cancels a purchase, no contractual relationship has been established and it is therefore highly problematic to write to them. Some services and tools offer such functions with which you can still realize lost sales. From an entrepreneur's point of view, they seem very useful. In Germany, however, they pose a considerable risk of a warning unless you have expressly obtained consent to send such a message.
Correct registration via double opt-in
One challenge with consent is that you don't have 100% proof of whether someone is really the person they claim to be. Just because someone knows an email address and adds it to a mailing list does not mean that this email address belongs to this person.
This is why the double opt-in procedure has become established, which you are no doubt familiar with: After registration, a message is sent to the relevant address. This usually contains a link to click on to complete the process.
You must document this double opt-in in such a way that you can prove it in court in case of doubt. The good news is that practically all modern email marketing services and tools now make use of this procedure or at least have it as an option. However, make sure that it is (correctly) activated.
Tip: When registering, make it clear that you are only subscribed to the newsletter after the link in the confirmation email has been clicked. Ideally, you should ask your users to check their email inbox immediately after subscribing. It is quite possible that this email could end up in spam and then be forgotten.
Imprint in all e-mails
You need a legally compliant legal notice not only on your website, but also in your emails. Here too, it is best to seek advice from a specialist. In general, the legal notice should fulfill the same task here: It must be clear who has sent an email and how this person or organization can be contacted. A link to the website imprint may be sufficient, but is generally not considered as secure as a full imprint, for example in the footer of every email.
The complex issue of data protection
Data protection regulations such as the GDPR have also added a little more complexity to email marketing. For example, the principle of data minimization applies: you may only make a mandatory field in a newsletter form what you actually need to send the emails. This will normally only be the email address. All other information must be voluntary.
Incidentally, it is also better from a user experience perspective to keep the registration form as simple as possible. Otherwise, interested parties may feel overwhelmed.
Another aspect is that you will usually use a service provider to send your emails. This can be a simple service such as Amazon SES or a comprehensive service such as Sendinblue or CleverReach. Logically, these service providers can only send your emails if you provide them with the relevant addresses of your recipients. And for this, you need a data processing agreement. Sounds complicated, but it should only take a few clicks. The only important thing is that you actually make these clicks.Â
Providers based in the USA, such as MailChimp, currently have an additional problem here. One reason is that the "Privacy Shield" agreement between the EU and the USA has been declared invalid and there is still no successor. This means that the USA is no longer considered a "safe third country". Some providers are trying to get around this by offering to host data only in Europe for European customers. However, this is not considered sufficient by some data protection experts, as US authorities can also access information outside the USA due to the Cloud Act.
Here too, only a specialist can help. Or, if in doubt, you can rely on providers from the EU.
Please note that the information about data protection also belongs in your privacy policy and not just on the newsletter registration page. Here you must provide the necessary in-depth information about the collection and processing of data.
Content design
As mentioned above, the type of consent determines what you can and cannot advertise via email. Another important point: You must not design your promotional messages in such a way that they look like a personal email. You must not conceal who the sender is and that the message has a commercial background.
Incidentally, you should also make sure that double opt-in messages and autoreplies are completely relevant. Even the company's advertising claim in the footer can be too much here.
Performance measurement allowed or not?
Another stumbling block is the popular measurement of success: this includes, for example, how many readers open an email (open rate) and how many click on a link in it (click rate). In addition to the pure number of subscribers, these are important metrics for assessing the success of your own activities.
It should be noted that the open rate is becoming less and less meaningful. For example, Apple's email applications can prevent the opening of emails from being reliably measured in order to protect users' privacy. Other people may have taken appropriate measures themselves or read the emails on their company PC, which is secured in this way.
However, these measurements can also be problematic from a legal perspective. This is particularly the case if they are not only carried out in general, but also individually for each reader. In this way, email services want to show which subscribers are particularly interested and which are not. Email marketers respond to this with special offers to "reactivate" readers.
However, in order to be allowed to collect such data, readers must be aware of this. You should therefore clearly and comprehensively mention when you register that you are carrying out such a performance measurement. And secondly, it is also important to provide a good explanation as to why this is necessary in the first place. A standard formulation that can often be read, for example, is that the measurements help to improve the newsletter and align it with the interests of the readership. However, whether such a reference and this justification will stand up in court is another matter.
Incidentally, you must also obtain such consent for performance measurement from existing customers. This also applies if they did not have to expressly consent to receiving your email as described above.
Conclusion on the topic of email marketing law
One of the most popular answers to questions in the legal field of email marketing is: "It depends."
Some things are clearly regulated because they can be derived directly from the legal text. For example, there is no doubt that an email address is personal data and that you must comply with the provisions of the GDPR.
Other points, however, are open to interpretation. Relevant rulings can then provide insights and serve as a guide. However, not every ruling immediately means that the decision made there applies always and everywhere. Perhaps it will be overturned by a higher court. Or in your particular case, a small but important detail is different - and the result is different. This is a legal gray area and you need professional advice if in doubt.
A general guideline can be to act in the interests of your readers and customers. You can also ask yourself: What do I want from a company when it comes to handling my own data?
Unfortunately, even this is not one hundred percent protection against warnings. But the probability should at least be lower.
If you want to read up on the topic in more detail, I recommend this article by lawyer Jan Lennart MĂĽller.
Your questions about email marketing law
What questions do you have about email marketing law? We look forward to your comment. Are you interested in current topics related to WordPress and online marketing? Then follow Raidboxes on Twitter, Facebook, LinkedIn or via our newsletter.