Like with most consumer-focused businesses, email communication has always played a big role in e-commerce.
With the recent increased focus on data privacy and laws like the GDPR and CCPA coming into effect, it’s important to know what rules to follow when sending customer emails – and specifically, when you need consent to do it.
In this post, we’ll take a quick look – by region – at when consent is and isn’t required when sending customer communications.
No, under the Federal CAN-SPAM Act you do not need opt-in consent for sending commercial emails. However, you must provide a visible opt-out or unsubscribe option in all such communications. Furthermore, CAN-SPAM rules state that you must provide valid identification information and mark promotional emails as an ad.
If you’re likely to have California-based users on your site, consider that the California Consumer Privacy Act (CCPA) might apply.
The CCPA has many rules that are relevant to website owners. Within this context, you need to obtain valid email consent before sending communications to children under the age of 16.
In the EU, you may need permission before emailing your customers. Let’s have a closer look 👇
Consent is not required in cases of “soft-spam” for existing customers, but only when the following conditions are met:
Do note that opt-out requests must be honored.
In all other cases than the above, email consent is always required when EU-based users are involved. The consent must be freely given, specific, informed, and, withdrawable.
The usual way of acquiring consent is via data collection forms like newsletter, sign-up or checkout forms. However, do note that where opt-in consent is required, certain conditions must be met for the consent to be considered valid.
Most importantly, please note that you must always give the possibility to revoke the consent (opt-out) and honor the request. Under the GDPR, you must also be able to demonstrate that compliant consent was collected, via valid records of consent. More on consent records here.
Find out if your forms are GDPR-compliant:
Learn more about the legal requirements for ecommerce in our short Compliance for Ecommerce summary guide.
Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.