Email marketing is an essential marketing strategy for brands who wish to directly market their product/good and increase their sales. Email marketing involves companies targeting their consumers directly to increase brand awareness and the prospects of consumer loyalty. While email marketing has clear benefits such as being low cost, flexible and effective, consumer privacy is at stake – companies must be hyperaware to ensure that they do not cross the line between email marketing and unsolicited spamming.
But what exactly are the legal requirements you must comply with for email marketing campaigns, and what are the associated risks? We will be giving you some pointers on how you can comply with the privacy laws of your jurisdiction and avoid legal liability relating to unsolicited spam mails. You should also note that the laws and regulations of each jurisdiction may well be different and you may want to consult a local lawyer to obtain the most accurate and professional legal advice.
A. Email Marketing / Advertising Management
1. What is Email Marketing / Advertising Management?
Email Marketing also called Email Direct Marketing (EDM), is one of the effective digital marketing channels. It involves targeting past and potential customers by sending emails to promote products and services. Email marketing is one of the most common and effective online marketing strategies.
There is a lot of content you can promote via email marketing. Some examples include:
- New products or services
- Discounts
- Engagement activities/Call-to-action
- Educational articles
- Brand awareness articles
2. Why Email Marketing / Advertising Management?
Advantage #1: Email Has The Most Number Of Active Users
Statistics show that 296 billion emails are sent and received each day, and 3.4 million emails are sent every second (a few million were sent just as you read this paragraph.) It is also currently projected that the number of active email users will reach 4.3 billion by 2023. With at least 99% of consumers checking their email daily, email marketing will prove to be far more important than any other digital marketing strategy.
Advantage #2: Email Marketing Management Has The Best Conversion Rate
Email marketing has an average expected Returns on Investment (ROI) of $42 for every $1 spent.
Direct emails also enable the consumer to purchase the product/service in just one click, whereas other marketing techniques such as social media marketing tend to just promote social interactions. Studies have shown that the average order value of an email is 3 times higher than that of social media. This means it is 3 times easier to generate sales online by email marketing!
Advantage #3: Email Marketing Management Turn One-time Buyers Into Loyal Fans
One special feature is – dynamic content, you can attach links, pdf files, word documents, blogs, social media, business websites, etc. For instance, you can send a promotional email to communicate a newly published article about your business. Not only can you generate a large flow of traffic to the published article, but you can also build personal connections with your audience through email. When executed well, email marketing helps increase customer loyalty to your brand and raise brand awareness, eventually leading to a steady source of cash flow.
Through email marketing, you will also be able to curate content for potential customers by looking at their demographics. By analysing your audience, you can tailor-make emails for specific groups of customers. This will ensure that they only see the messages they want most, increasing the conversion and overall engagement rate.
B. Unsolicited Spam Mail
1. “Unsolicited” Meaning and Definition
In most jurisdictions, it is illegal (under privacy law) to spam people with unsolicited emails.
But what exactly does “unsolicited” mean? The word is used in circumstances where the recipient has not asked for or authorised the sender to send email to him. It involves the absence of verifiable permission given by the recipient for the email to be received.
2. What is Spam Mail?
Spam mail is an unsolicited bulk email sent indiscriminately to a large list of recipients. This means that the email being sent shares identical content with all the other emails being sent to different people.
3. How does Spam Mail Work?
Typically, spam emails are sent for commercial purposes by a business. To send commercial advertisement emails, businesses will first obtain customers’ email addresses. Common strategies to do so include:
- Filling a questionnaire
- Signing up for a giveaway, lucky draw or social media challenge
- Subscribing to the business newsletter
- Purchasing a customer list from other companies or marketing agencies
For emails to constitute spam mail, the business must have had no consent or permission to send the email out. The business then typically compiles a list of recipients and mass sends promotional emails in a repeated fashion. Additionally, for spam mails, there are usually no checkboxes for customers to or opt-out of the emails, unlike other marketing emails.
Despite the tremendously low revenue generated (ROI) per email and the damage caused to the businesses’ image, some businesses continue to send spam mail due to its low cost. However, this is risky because their domain and emails are often blacklisted by internet service providers as a result. Additionally, spam emails often head straight to the junk box.
Governments around the world, however, have implemented new privacy measures to protect consumers from spam emails. We will now be explaining the specific compliance requirements you need to comply with while using email marketing as your digital marketing strategy.
C. How to Avoid Breaking the Law?
1. Compliance with Legal Obligations
The law against spam mails differs across jurisdictions. To obtain the most accurate and professional legal advice, you should consult a local lawyer to avoid liability for your business. Here are some guidelines on email marketing management if you are based in the HK, EU, or the UK.
2. Email Marketing Management Requirements in Hong Kong
In Hong Kong, the unsolicited electronic commercial messages are regulated by the Unsolicited Electronic Messages Ordinance (Cap. 593) (the “UEMO”).
The UEMO covers sending of commercial unsolicited electronic messages via phone, short message service (SMS), multimedia message service (MMS), fax, or email with a ‘Hong Kong’ link. As per the UEMO, a message has ‘Hong Kong’ link if:
- the message originates in Hong Kong
- the message is received in Hong Kong
- the message was sent to a Hong Kong telephone or fax number (including those messages that were sent to a HK telephone number that may have roamed outside of HK).
However, the UEMO does not apply to the electronic messages set out below:
- person-to-person telemarketing calls;
- sound broadcasting services or Television programme services;
- any messages sent in response to the recipient’s request
- any messages sent with a purpose to provide any update on subscription account or product updates / upgrades which the recipient is entitled to receive etc.
If a business is sending a commercial electronic message that falls within the scope of the UEMO then it must ensure compliance with the general rules set out below:
Guideline #1: Sender Information Must be Clear and Accurate
When sending an electronic message, the sender must identify itself by providing accurate contact information. For e-mail messages, the sender must include the sender’s name, address, contact telephone number and contact email address. This information must be valid for 30 days after the message is sent to the recipient. This enables the recipient to identify the sender and how to contact them.
If the process of sending the message is outsourced to another company, the organisation on whose behalf the message is being sent should be identified in the message. However, this does not apply in cases where a reseller is selling the products on its own because in such a case the reseller’s information should be provided in the message.
The sender information must be given in English and Chinese unless the recipient chooses to receive the information in 1 language only. There might be scenarios where the information cannot be provided in Chinese. For instance, if the organisation does not have a Chinese name then in such a case the particular information can be given in either English or Chinese.
Guideline #2: Give an option to Unsubscribe from future emails
The message sent to the recipient must include a clear statement of how he/she can unsubscribe from receiving such messages from the organisation. The statement must be written in the prescribed language as mentioned above in guideline #1. The sender must ensure that:
- it can receive the unsubscribe request via the unsubscribe facility for at least 30 days after the message is sent
- the unsubscribe facility is free of charge
- is convenient and easy to use; and
- the unsubscribe facility does not include any information to promote its products / services
- for e-mail messages, at least one unsubscribe facility is an email address, a web page or a web address.
- the option to unsubscribe is prominently placed (either at top or bottom of the e-mail message) and is reasonably visible to the sender
Guideline #3: Honour the unsubscribe requests promptly
Any subscription request received by the sender must be honoured within 10 working days from the day on which the unsubscribe request was sent to the sender. The sender is required to keep a record of the unsubscribe request for at least 3 years after its receipt. It must be recorded in the format it was originally received or in the format that will accurately represent the information as was originally received.
Guideline #4: Do not use misleading subject headings for the emails
The subject line must accurately reflect the content of the message.
Guideline #5: Do not hide the caller line identification information
The calling line identification number should not be concealed. This is applicable to a telephone or fax message.
Guideline #6: Do not send messages to numbers registered with Do-not-call register
The consumers can register their telephone or fax number on a do-not-call-register (DNC register) to block unsolicited commercial electronic messages. The DNC register is administered by the Office of the Communications Authority. This implies that businesses are prohibited from sending unsolicited electronic messages to the numbers registered with DnD, without prior consent of the recipient. This guideline is applicable to a telephone or fax message only
The DnD register does not cover any person-person telephone calls for marketing purposes. Such marketing calls are subject to the voluntary Code of Practice on person-to-person marketing Calls issued by the Communications Authority.
Additional Guidelines: The UEMO also provides that a business sending such commercial electronic message should not:
- use unscrupulous techniques to expand the reach of commercial electronic messages; or
- not engage in fraud and other illicit activities related to the sending of multiple commercial electronic messages
Penalty: In the event of violation of the UEMO by the sender, the Communications Authority will send an enforcement notice to the sender. If the sender contravenes the enforcement notice then the sender will be liable to a fine up to HK$ 1,000,000 and imprisonment for up to 5 years on conviction on indictment
Direct Marketing: As per the New Guidance on Direct Marketing issued by the Privacy Commissioner, “direct marketing” does not include unsolicited business electronic messages that are sent to email addresses, telephones or fax machines without addressing specific persons by their names and person-to-person calls that are made to phone numbers generated randomly. Therefore, any marketing email sent to an unidentified owner is not direct marketing. Hence, a business can send unsolicited emails without identifying the recipient by name.
However, if such e-mail is sent to a named recipient then it is a form of direct marketing and is regulated by the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”). As per the PDPO, a business cannot use the personal data of the recipient for direct marketing without the recipient’s prior consent. To understand how to obtain prior consent of the recipient for direct marketing purposes, read our article What is direct marketing? Can I use my customers’ personal data for the purpose of direct marketing?
3. Email Marketing Management Requirements in the European Union (EU under GDPR)
The GDPR has been in force since 2018. Its requirements go well beyond the EU Privacy Directive as it requires affirmative, informed, and unambiguous consent from email recipients to be compliant.
Guideline #1: Silence, pre-ticked boxes or inactivity should not constitute consent.
This means that positive opt-in is required from customers. If you have ticked boxes for users to opt-in, they need to be unchecked to comply with the GDPR. Do not use pre-ticked boxes.
Guideline #2: Email consent must be separated from privacy policy and other terms of use.
Users should have a choice to use online services without signing up for newsletters or other marketing materials. If the use of services is conditional on the user accepting the terms of use, privacy policy, cookie policy and marketing materials through one checkbox, then it will be deemed that consent has not been freely given. Accepting email materials should be optional and selected separately.
Guideline #3: Demonstrate that the user has given consent to the processing operation.
You will need to keep records of consent by your users and be able to provide proof of:
- the identity of the individuals who consented
- the time of consent
- what they were told at the time of consent
- how they consented
- if they have opted out of the consent
Guideline #4: Allow users to opt-out or withdraw their consents.
The GDPR requires you to allow your users the right to withdraw his or her consent at any time. You must make it easy for your users to opt-out and must not charge any fees for it. The best way is to include an unsubscribe link to the bottom of every email to your users as per the US requirements above.
4. Email Marketing Management Requirements in the United Kingdom (UK)
In the UK, the Privacy and Electronic Communications Regulations 2003 determines if an email constitutes spam or a marketing strategy. Here is the legal guide issued by the Information Commission’s Office.
To put it bluntly, you must not send electronic mail marketing to individuals, unless:
- they have specifically consented to electronic mail from you; or
- they are an existing customer who has bought (or negotiated to buy) a product or service from you in the past, and you gave them a simple way to opt-out both when you first collected their details and in the messages you sent.
Sole traders and some partnerships are treated as individuals. So, you may also need to consider data protection implications if you are emailing employees at a corporate body who have personal corporate email addresses (eg firstname.lastname@org.co.uk).
5. Opt-out list
As soon as someone objects to or opts out of your marketing, you should add them to a do-not-contact list. Additionally, before sending out the marketing emails, you should screen the contact list against this list to ensure you don’t contact anyone who has opted out. You may send an immediate reply confirming they have unsubscribed, but you must not contact them later even if this is just to ask if they want to opt back in.
D. Feel like the legal compliance requirements are too complicated?
If you feel like the legal compliance requirements are too complex, you can hire a marketing agency or an online marketer to help manage email marketing for you. With expertise and experience, these agents can help you avoid liability in email marketing.
Please note that this is a general summary of the position under the Laws of Hong Kong SAR and does not constitute legal advice.