Opt-in for email marketing: do you comply with current legislation?

jrineakter · Post by **jrineakter** » Sat Jan 18, 2025 5:59 am

It used to be common practice to buy a 'CD' with email addresses that could be used for email marketing purposes. Fortunately, we have left that era far behind us and we generally handle the collection of data from (potential) customers, including email addresses, with care. However, it is good to occasionally consider the way in which you collect those email addresses and the way in which the so-called opt-in is recorded. Does this recording still comply with the most current regulations? In this article we will give you an update on the current state of affairs in this area.

As an email marketer, you are of course aware of the fact that you have to comply with certain laws and regulations. The basis for the rules that we as email marketers have to comply with was once laid down in the Telecommunications Act . However, this Telecommunications Act left a lot of room for interpretation, so in the context of self-regulation, the Dutch Email Industry (DDMA, EMMA-nl and Thuiswinkel.org) formulated the Email Code. This Email Code is managed by the Data Driven Marketing Association (DDMA).

Since the above-mentioned laws and regulations have been in place for quite some time, you would expect that it would be clear by now how we as e-mail marketers should behave. The reality is different. Renowned parties within the market have been confronted with high fines in recent years because they violated armenia telegram number list the spam ban. The fine decisions that underlie these fines are often a reason for the sector to 'take another good look at the rules' and, if necessary, tighten them with additional guidelines.

How can things go wrong?
One of the things that went wrong in practice was the registration of an opt-in. The sender must demonstrate permission. In fine decisions, including those issued to Daisycon, it turned out that a timestamp alone is not sufficient:

The sender must be able to demonstrate that the subscriber in question has given prior consent for the transmission of unsolicited communications. It follows from the above that the sender must be able to demonstrate for each recipient that (i) the recipient in question has given consent, (ii) when he gave consent, (ii) to whom the consent was given, and (iv) for what purpose this consent was given. In doing so, he will of course also have to provide insight into (v) the manner in which the consent of the recipient in question was obtained. If he does not do so, it cannot be established, and therefore cannot be proven, that the consent allegedly obtained is “the freely given, specific and informed expression of will.”

In response to this fine and others, the sector is working on a ' Guideline Consent for third party e-mail ' that is expected to be published in June 2016. This guideline was drawn up by the DDMA and is the subject of ongoing consultation with the Netherlands Authority for Consumers & Markets (ACM) . The guideline contains a number of provisions that very specifically indicate how you should deal with recording the burden of proof when collecting e-mail addresses.

This guideline describes that the registration text on the basis of which consent was obtained and other information such as the privacy statement applicable at that time must be recorded as evidence. Although the guideline in question is aimed at sending third party e-mail, you can assume that the rules described here also apply to parties that send e-mail to mailing lists of which they are the owner.

'Active action'
In addition, the DDMA affiliated E-mail Service Providers (ESP) recently released the Council E-mail Technical Guidelines . If an E-mail Service Provider follows these guidelines, it is guaranteed that the requirements of the law and regulations are met. This also applies to the provisions that apply to recording the burden of proof around the collection of e-mail addresses.

While the Telecommunications Act only stipulated that 'the sender must demonstrate that the subscriber has given prior consent' and the E-mail Code added an 'active act' to this, the above-mentioned guidelines specifically describe the burden of proof that must be established in the context of obtaining this consent (the so-called opt-in).