Email Marketing Laws: The Basics

May 25, 2023

We are not lawyers — but here are some email marketing laws to keep in mind.

When doing email marketing, there are legal requirements to consider for each of the chapters of this guide. We suggest talking with a lawyer to ensure you are always in compliance with the latest regulations. Here are a few of the major laws that most likely pertain to your company that you should look over before implementing any of the strategies above. Also, please talk to a lawyer, this is not legal advice. :)

GDPR 

If your company collects data from citizens in the European Union you will also need to comply with their specific data protection laws called General Data Protection Regulation, or GDPR. This includes their email address for email marketing purposes.

You know those (annoying) cookie banners that you now see plastered all over the internet when you’re trying to browse the internet for your new favorite meme or recipe? You probably know that those can be credited to GDPR. However, there is much more to the newish set of regulations that you need to be aware of if you don’t wish to pay massive fines.

Consider the following GDPR guidelines when performing your email marketing:

  • Consent. Your customers must provide consent to receive your marketing emails. This consent must be given through a clear action. They will only be able to receive marketing emails that they consent to.This even means that adding a pre-ticked checkbox to sign up for your emails would be a violation. The customer will need to click this checkout themselves.

  • Your company must keep a record of this consent. The customer is able to withdraw consent at any time.

  • Opt-out. You must make it just as easy for your customers to opt-out of receiving marketing messages as it was for them to originally opt-in.

If these requirements seem overly vague and open to interpretation it is because they are. We recommend speaking with a lawyer to ensure that you are in full compliance with GDPR.

CAN-SPAM Act

The CAN-SPAM act is “a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.”

This law is in place to ensure a handful of requirements are met when sending emails for commercial purposes.

  • Don’t use false or misleading header information

  • Don’t use deceptive subject lines

  • Identify the message as an ad

  • Tell your recipients where you are located

  • Tell your recipients how they can opt-out of future messages from you

  • Honor opt-out requests within 10 business days


With each violation of this act resulting in fines of up to $46,517, it is absolutely critical that your company is compliant.

It is important to note that Transactional Emails do not fall into this category of “commercial content” and are therefore exempt from the majority of the requirements of the CAN-SPAM act. This is because the primary purpose of Transactional Emails are not promotional in nature and instead are communications based on updates to a current customer with an already agreed-upon relationship.

CASL

The Canada Anti-Spam Legislation (CASL) “protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats.”

Much like GDPR, these regulations do not only apply to businesses operating in Canada. They also must be followed by any company that is sending marketing messages to residents of Canada.

Consider the following CASL regulations and please contact a lawyer if you believe this regulation will affect you and your business:

  • Obtain express or implied consent. Expressed consent is when your recipient has taken a direct action to allow for your marketing messages. Implied consent results from an existing business relationship such as existing customer or suppliers, family and friends, or potential customers who have opted into other communications from you such as a newsletter. Implied consent is only allowed if you have had a documented relationship with the recipient within the past two years. It may be best to require express consent to avoid any trouble.

  • Unsubscribe/opt-out. Your communications must offer a way for the recipient to unsubscribe from future marketing communications and also display your company information with relevant contact information.

  • Send accurate messages and subject lines. Sending misleading marketing messages is a violation of CASL.

Email Marketing Laws: The Basics

May 25, 2023

We are not lawyers — but here are some email marketing laws to keep in mind.

When doing email marketing, there are legal requirements to consider for each of the chapters of this guide. We suggest talking with a lawyer to ensure you are always in compliance with the latest regulations. Here are a few of the major laws that most likely pertain to your company that you should look over before implementing any of the strategies above. Also, please talk to a lawyer, this is not legal advice. :)

GDPR 

If your company collects data from citizens in the European Union you will also need to comply with their specific data protection laws called General Data Protection Regulation, or GDPR. This includes their email address for email marketing purposes.

You know those (annoying) cookie banners that you now see plastered all over the internet when you’re trying to browse the internet for your new favorite meme or recipe? You probably know that those can be credited to GDPR. However, there is much more to the newish set of regulations that you need to be aware of if you don’t wish to pay massive fines.

Consider the following GDPR guidelines when performing your email marketing:

  • Consent. Your customers must provide consent to receive your marketing emails. This consent must be given through a clear action. They will only be able to receive marketing emails that they consent to.This even means that adding a pre-ticked checkbox to sign up for your emails would be a violation. The customer will need to click this checkout themselves.

  • Your company must keep a record of this consent. The customer is able to withdraw consent at any time.

  • Opt-out. You must make it just as easy for your customers to opt-out of receiving marketing messages as it was for them to originally opt-in.

If these requirements seem overly vague and open to interpretation it is because they are. We recommend speaking with a lawyer to ensure that you are in full compliance with GDPR.

CAN-SPAM Act

The CAN-SPAM act is “a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.”

This law is in place to ensure a handful of requirements are met when sending emails for commercial purposes.

  • Don’t use false or misleading header information

  • Don’t use deceptive subject lines

  • Identify the message as an ad

  • Tell your recipients where you are located

  • Tell your recipients how they can opt-out of future messages from you

  • Honor opt-out requests within 10 business days


With each violation of this act resulting in fines of up to $46,517, it is absolutely critical that your company is compliant.

It is important to note that Transactional Emails do not fall into this category of “commercial content” and are therefore exempt from the majority of the requirements of the CAN-SPAM act. This is because the primary purpose of Transactional Emails are not promotional in nature and instead are communications based on updates to a current customer with an already agreed-upon relationship.

CASL

The Canada Anti-Spam Legislation (CASL) “protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats.”

Much like GDPR, these regulations do not only apply to businesses operating in Canada. They also must be followed by any company that is sending marketing messages to residents of Canada.

Consider the following CASL regulations and please contact a lawyer if you believe this regulation will affect you and your business:

  • Obtain express or implied consent. Expressed consent is when your recipient has taken a direct action to allow for your marketing messages. Implied consent results from an existing business relationship such as existing customer or suppliers, family and friends, or potential customers who have opted into other communications from you such as a newsletter. Implied consent is only allowed if you have had a documented relationship with the recipient within the past two years. It may be best to require express consent to avoid any trouble.

  • Unsubscribe/opt-out. Your communications must offer a way for the recipient to unsubscribe from future marketing communications and also display your company information with relevant contact information.

  • Send accurate messages and subject lines. Sending misleading marketing messages is a violation of CASL.

Email Marketing Laws: The Basics

May 25, 2023

We are not lawyers — but here are some email marketing laws to keep in mind.

When doing email marketing, there are legal requirements to consider for each of the chapters of this guide. We suggest talking with a lawyer to ensure you are always in compliance with the latest regulations. Here are a few of the major laws that most likely pertain to your company that you should look over before implementing any of the strategies above. Also, please talk to a lawyer, this is not legal advice. :)

GDPR 

If your company collects data from citizens in the European Union you will also need to comply with their specific data protection laws called General Data Protection Regulation, or GDPR. This includes their email address for email marketing purposes.

You know those (annoying) cookie banners that you now see plastered all over the internet when you’re trying to browse the internet for your new favorite meme or recipe? You probably know that those can be credited to GDPR. However, there is much more to the newish set of regulations that you need to be aware of if you don’t wish to pay massive fines.

Consider the following GDPR guidelines when performing your email marketing:

  • Consent. Your customers must provide consent to receive your marketing emails. This consent must be given through a clear action. They will only be able to receive marketing emails that they consent to.This even means that adding a pre-ticked checkbox to sign up for your emails would be a violation. The customer will need to click this checkout themselves.

  • Your company must keep a record of this consent. The customer is able to withdraw consent at any time.

  • Opt-out. You must make it just as easy for your customers to opt-out of receiving marketing messages as it was for them to originally opt-in.

If these requirements seem overly vague and open to interpretation it is because they are. We recommend speaking with a lawyer to ensure that you are in full compliance with GDPR.

CAN-SPAM Act

The CAN-SPAM act is “a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.”

This law is in place to ensure a handful of requirements are met when sending emails for commercial purposes.

  • Don’t use false or misleading header information

  • Don’t use deceptive subject lines

  • Identify the message as an ad

  • Tell your recipients where you are located

  • Tell your recipients how they can opt-out of future messages from you

  • Honor opt-out requests within 10 business days


With each violation of this act resulting in fines of up to $46,517, it is absolutely critical that your company is compliant.

It is important to note that Transactional Emails do not fall into this category of “commercial content” and are therefore exempt from the majority of the requirements of the CAN-SPAM act. This is because the primary purpose of Transactional Emails are not promotional in nature and instead are communications based on updates to a current customer with an already agreed-upon relationship.

CASL

The Canada Anti-Spam Legislation (CASL) “protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats.”

Much like GDPR, these regulations do not only apply to businesses operating in Canada. They also must be followed by any company that is sending marketing messages to residents of Canada.

Consider the following CASL regulations and please contact a lawyer if you believe this regulation will affect you and your business:

  • Obtain express or implied consent. Expressed consent is when your recipient has taken a direct action to allow for your marketing messages. Implied consent results from an existing business relationship such as existing customer or suppliers, family and friends, or potential customers who have opted into other communications from you such as a newsletter. Implied consent is only allowed if you have had a documented relationship with the recipient within the past two years. It may be best to require express consent to avoid any trouble.

  • Unsubscribe/opt-out. Your communications must offer a way for the recipient to unsubscribe from future marketing communications and also display your company information with relevant contact information.

  • Send accurate messages and subject lines. Sending misleading marketing messages is a violation of CASL.