Share

4 min read

Writen by Stefanija Rikaloska

Posted on: January 5, 2022

Opt-in and privacy rules in EU and USA: key differencies

While opt-in rules in the U.S. and the EU differ, the intent remains the same. These laws aim to protect consumers against unwanted marketing communications. Because data privacy is not a privilege, it is a right.

Before engaging in email marketing activities, it is crucial to follow the regulations and market’s best practices to avoid enforcement actions and achieve the desired results.

Below you will find a simplified overview of email marketing rules in EU and USA.

European Union

The legal instrument covering this topic and supplementing the GDPR in the EU is the e-Privacy Directive. There is a difference between B2C and B2B marketing.

When sending B2C [business-to-consumer] emails, all recipients must give express prior consent. The consent must be freely given, specific, informed and unambiguous through a clear affirmative action, which means that pre-checked boxes or other types of implied consent is not sufficient. The recipient must also be informed exactly how their data will be used. Senders must keep evidence of the consent and provide proof if challenged.

The case is different with B2B [business-to-business] emails. The Directive gives the Member States room to maneuver how they will legally address this issue. It is up to each Member State to address this question in their national legislation.

However, for both B2C and B2B emails, there must be an opt-out possibility included. Sending email for purposes of direct marketing without a valid address or link to which the recipient may send a request that such communications cease is prohibited.

Moreover, disguising or concealing the identity of the sender on whose behalf the communication is made is prohibited.

Finally, companies registered or operating in the EU need to state their company details on every electronic business communication sent from their organisation. Business email messages sent by a company should include: the full name of the company and its legal form; the place of registration of the company; the registration number; the address of the registered office; and the VAT number.

United States

In the USA direct marketing by email is regulated by The CAN-SPAM Act, which covers commercial email messages with the primary purpose of advertisement or promotion of a commercial product or service.

The CAN-SPAM Act allows direct marketing email messages to be sent to anyone, without permission [i.e., this applies both to B2B and B2C emails], until the recipient explicitly requests that they cease (opt-out).

Every message must include opt-out instructions and the sender must honour the opt-out request within 10 days.

The CAN-SPAM Act prohibits false email header information. The subject line cannot mislead the recipient about the content or subject matter of the message. Identification that the message is an advertisement or solicitation is required.

Lastly, a valid physical postal address is required. A sender of commercial email can include an accurately registered post office box or private mailbox established under United States Postal Service regulations to satisfy the requirement that a commercial email display a valid physical postal address.

Conclusion

The EU follows GDPR legislation, which is more comprehensive than regulations in the US. One of the biggest differences between the two legislations is that the US does not require opt-ins for email marketing. Even so, many businesses in the U.S. collect opt-ins for enhanced transparency, and to ensure they are being compliant to customers around the world. 

GDPR Local is a proponent of opt-in (explicit prior consent) and strongly recommends using double-opt-in (subscription confirmation) even if this is not required by legislation.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Stefania, Adam.

Contact Us

Recent blogs

5 noticable GDPR statictics from 2021

During the previous year a lot of companies finally got aware of the Data Protection and the GDPR r

Data Protection and Corona Virus

Since vaccinations against corona virus became available, the employers have been increasingly seek

Can you refuse to comply with a Data Subject Access Request [SAR]?

The right of access under GDPR gives data subjects the right to obtain a copy of their personal dat

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.

06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.