Certified Senders Alliance (CSA) recently released guidelines for marketers who want to conduct email marketing in Germany, Austria and Switzerland. Their laws are strict in regard to email marketing. However, they serve as a good legal foundation to conduct email marketing across Europe.
The CSA guidelines are clear, comprehensive and contain several examples for you to read. It is long but Selligent, a renowned expert on email marketing has written a short and neat summary of this mega 50 page document.
Firstly, a brand needs the explicit consent of the recipient in order to send any promotional email. An exception would be that they already are clients of your brand and they did not complain about receiving promotional emails. The consent of the recipient needs to be recorded in detail and presented upon request.
- The consent must be transparent: The declaration of consent must be easily readable and the user must know who will have access to their data in the future. "Blank consent" for "partner companies" is not valid unless those partners are explicitly named during the registration process.
- Conscious, unequivocal, and express consent: Consent must be explicitly given for example by clicking a check box. A check box must also be clicked when you don't want to receive any email advertisements. A pre-clicked check box opting in to receive promotional emails is not permitted.
- Consent always has to be given separately and cannot be combined with other declarations. For example, when buying goods online, the client has to declare that he understands the TOS by checking a check box. Your brand will have to provide a separate check box in order to obtain consent to send advertisements to the customer as well.
- Data economy: It is only permitted to require data that your brand needs to properly execute your service. Usually, in order to send emails to a client, you only need his email address. Any additional data (name, address, etc.) may be requested but only on a voluntary basis. Therefore, there should not be any "required" fields in the sign up form.
- Co-registration and purchase of addresses: When collecting addresses for third party companies, these third party companies are to be named at the moment of registration. This list has to be manageable. It is recommended to add a max of 10 companies to this list.
As the purchaser of lists, you have to make sure that you receive the records of the consent for all users in the bought list, as you will have to be able to prove that the owner of an email address actually gave consent to receive emails from you.
While it is not illegal to purchase lists as long as you can provider the proper consent information, we strongly discourage it. It goes against all Best Practices defined for the Deliverability area and will almost always cause delivery and IP/brand reputation issues. You should always try to avoid getting data from third parties.
- Demonstrability of the consent (double opt-in): You have to be able to prove that a user gave explicit consent to you. Not only will you have to show the consent record, but you will also have to prove that the recipient is the one who actually gave the consent. In order to be able to prove this, it is recommended to have a double opt-in procedure ready. Not only will this help you prove consent, it will also avoid abuse by third parties and it will make sure your emails are only sent to people who actually want them.
- The confirmation email must always be free of advertising and it must only confirm the consent. It is again not allowed to combine the confirmation with other actions. For example: don't send an email to confirm a user's participation in a competition containing a confirmation button that says "by clicking this button you join the competition AND you subscribe to our newsletter". As a sender always save the content of a confirmation email for your consent records.
- Tell-a-friend: These are no longer acceptable in Germany! Recently a court ruled that emails sent to users by means of tell-a-friend campaigns are in violation of the law, because no consent was sought to receive emails. I expect this ruling is going to expand across Europe, as European law also dictates that consent is required when sending commercial emails to a user, unless that user is already a client of the sending company.
At any time users should be able to unsubscribe from your services in an easy manner. This should be clearly mentioned during the registration process as well.
The best way is to add an unsubscribe link directly in your emails. After clicking the link, a user must be shown a confirmation page stating that their cancelation was successful.
The subject should reflect the content of the email and must not be misleading in any way.
The subject must be:
- Brief and concise
- Associated with the text in the email
- Must not conceal the commercial nature of the email
- May not contain any typical spam words, capital words or special characters
The sender must be easily recognizable
A recipient should be able to easily recognize the sender of the email. Therefor the sender should contain the name of the company, the product or a person. As with the subject line, the sender may not be misleading.
Each business related communication must contain a legal notice. This information may be included in the email as a whole (this method is preferred) or by adding a link. The legal notice must at least contain the following information:
- Name of the sender or company name
- Authorized representatives
- Postal address of the sender (no P.O. box)
- Telephone number, fax number or electronic contact form
- The sender's email address
- Commercial, cooperative, association or partnership register number
- Naming of the publisher or person responsible for the content of the email
- If available: VAT identification number or business identification number
This information must be:
- Easily discernible
- Directly accessible
- Permanently available
The CSA guidelines mention the legal framework in Austria and Switzerland but Selligent's recommendation is to apply the German rules in all three countries because of the similarity between their legal frameworks and also to have extensive legal coverage.
Every EU country is governed by the EU directive on data privacy but some countries have a more extensive legal coverage than others. It is important for your brand to investigate the legal situation in the respective country where your brand plans to send promotional emails.
Certified Senders Alliance guidelines are free to download here.
In regard to Germany, Austria and Switzerland, more information can be found at each of their respective data privacy bureaus.
Austria: https://www.rtr.at/de/tk/NutzenECG [link only available in German)
For a full list of EU data privacy agencies please see: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm