This is what you are going to learn in this guide:
- don't forget about anti-spam regulations
- don't forget about an opt-in/double opt-in process
When you maintain an email newsletter you are about to face the fact that you collect personal information about your recipient: you may have access to this recipient's name, and certainly their email address. This usually happens via your website when you collect that email address to add it to your database.
Now, you are about to collect that visitor's email address. What does this mean for your newsletter and how can you process that visitor's email address in a way that respects regulations regarding the matter?
From a legal perspective, once you collect personal data by visitors like their email, you need to inform them of various things (and this is a constant across most legislations and systems. More information about the international regulatory framework can be found here):
- personal data must be processed fairly and lawfully. This includes, in particular, to tell
the individuals concerned who you are and that they you plan to use these details for marketing purposes;
- you need to tell people if you plan to pass those details on to third parties, including selling or
sharing the data for marketing purposes, for which you are likely to need their consent to do so;
- you collect personal data for specified purposes, and cannot later decide to use it for other other purposes unrelated to your email marketing purposes;
- keep time in mind: a marketing list which is out of date, or which does not accurately record people’s marketing preferences, could breach privacy regulations.
- MailChimp - Terms of Service
- Campaign Monitor - Terms of Service
- Constant Contact - Terms of Service
and among others
The Site and the Products shall only be used for lawful purposes and you shall use the Site and the Products only in compliance with this Agreement, the CAN-SPAM Act and regulations thereunder and all other applicable U.S., state, local and international laws in your jurisdiction, including but not limited to (a) Canada's Anti-Spam Legislation and any other policies and laws related to unsolicited emails, spamming, privacy, obscenity, or defamation, copyright and trademark infringement and child protective email address registry laws (...)
- Madmimi - Terms of Service
You represent, covenant, and warrant that you will use the Services only in compliance with the Agreement and all applicable laws (including but not limited to policies and laws related to spamming, privacy, obscenity, or defamation).
and among others
- Vertical Response - Terms of Service
- Exact Target - Terms of Service
Email Footer. Upon activation of Customer’s email account, ExactTarget adds a default footer to each email sent via
the Platform. The default footer includes: (a) Customer’s physical mailing address; (b) links to ExactTarget’s profile update and
attribution that the email was powered by ExactTarget. Notwithstanding the foregoing, Customer may opt at any time to
remove one or more portions of the default footer from email messages sent via the Platform; provided, however, that should
Customer opt to remove (a), (b), and/or (c) above, it shall add within the body of such email messages (i) the identification of
the sender; (ii) instructions on how the recipient can opt-out of future commercial mailings; (iii) the sender’s valid physical
- Tiny Letter - Terms of Service
Tiny letter is a MailChimp company, the terms are therefore following their lead
You represent and warrant that your use of TinyLetter will comply with all applicable laws and regulations. You’re responsible for determining whether our Services are suitable for you to use in light of any regulations like HIPAA, GLB, EU Data Privacy Laws, or other laws.
If you’re located in the European Economic Area (EEA) or send to anyone in the EEA, you represent and warrant that in creating your Email distribution list, sending Emails via TinyLetter and collecting information from sending Emails, you:
2) Have complied, and will comply, with all regulations, as well as data protection, electronic communication, and privacy laws that apply to the countries where you’re sending any form of email through TinyLetter.
- Sendgrid - Email Policy
Is there anything else I have to think about?
Yes, you should take a look at anti-spam legislation like the US CAN-SPAM act (depending on where your recipients are based, you should take a look at local anti-spam requirements as well). These anti-spam rules usually make you
- include an unsubscribe link
- usually a physical company address
That's also what Privacy and Electronic Communications Regulations in Europe requires:
- a sender must not conceal his identity
- and must include a valid address for opt-out requests
- as well as information about the company
The opt-in/opt-out discussion:
The biggest difference in international law (and sometimes a little tricky to understand) is the opt-in/opt-out discussion. This is the way how you collect email addresses and what you're allowed to with them. This means you will need to get consent by people where you collect email addresses. Below is the British model:
Opt-in is where you don’t get marketing emails from an organisation unless you actively consent to receive them. This consent is usually given by actively ticking a box as an indication that you understand and want to be contacted by email for newsletters. The basic rule looks like this: organisations must collect your email address on an opt-in basis unless they can satisfy three exemption criteria.
Opt-in is usually the best method to make sure that your recipient has given you their address with prior consent (condition to legitimately send that newsletter).
Opt-out is where you are told that you will get marketing emails unless you say you don't want them. For this you need to have three exemption criteria:
- your email address was collected in the course of a sale or negotiations for a sale
the sender only sends promotional messages relating to their similar products and services; and
- when your address was collected, you were given the opportunity to opt-out (free of charge except for the cost of transmission) which you didn’t take. The opportunity to opt-out must be given with every subsequent message.
- What kind of personal data is collected
- Describe how this information will be used by the company.
- Describe how this information will be transferred to third party companies.
- Provide instructions on how users can modify or delete their personal information.
- Provide instructions on how users can opt-out of future communications.
Depending on who your newsletter provider is - you would include some information about them and what their privacy practices look like. Luckily iubenda offers exactly that.
What do I do now?
You can either hire a lawyer, write your own complete policy or use iubenda's generator right away to make your policy for you.
1. Define the services and categories of data collection your site/app/newsletter is making use of.
3. Get the link to embed the policy into the footer of your newsletter (full disclosure the embedding link is a PRO feature).