Email marketing is a vital strategy for brands aiming to directly promote their products or services and boost sales. It involves targeting consumers via email to enhance brand awareness and foster loyalty. While cost-effective, flexible, and efficient, email marketing raises privacy concerns. Companies must ensure they avoid crossing into unsolicited spamming.
This guide outlines the legal requirements for email marketing campaigns, associated risks, and tips for complying with privacy laws. Note that regulations vary by jurisdiction, so consulting a local lawyer for accurate legal advice is recommended.
A. Email Marketing / Advertising Management
1. What is Email Marketing / Advertising Management?
Email Marketing, also known as Email Direct Marketing (EDM), is a highly effective digital marketing channel. It involves sending emails to past and potential customers to promote products or services. Common content includes:
- New products or services
- Discounts
- Engagement activities/Call-to-action
- Educational articles
- Brand awareness articles
2. Why Email Marketing / Advertising Management?
Advantage #1: Email Has The Most Number Of Active Users
With 296 billion emails sent and received daily (3.4 million per second), and a projected 4.3 billion active email users by 2023, email is a dominant communication platform. As 99% of consumers check their email daily, email marketing surpasses other digital strategies in reach.
Advantage #2: Email Marketing Management Has The Best Conversion Rate
Email marketing yields an average return on investment (ROI) of $42 for every $1 spent. Direct emails enable one-click purchases, unlike social media, which primarily fosters interaction. Studies show email orders have three times the value of social media orders, making it a powerful sales tool.
Advantage #3: Email Marketing Management Turns One-Time Buyers Into Loyal Fans
Email allows dynamic content like links, PDFs, blogs, and social media. For example, a promotional email can drive traffic to a new article while building personal connections. By analyzing demographics, businesses can tailor emails to specific customer groups, boosting engagement and loyalty for sustained revenue.
B. Unsolicited Spam Mail
1. “Unsolicited” Meaning and Definition
In most jurisdictions, sending unsolicited emails is illegal under privacy laws. “Unsolicited” refers to emails sent without the recipient’s request or verifiable permission.
2. What is Spam Mail?
Spam mail is unsolicited bulk email sent indiscriminately to a large recipient list, sharing identical content across all messages.
3. How Does Spam Mail Work?
Spam emails, typically commercial, are sent after businesses collect email addresses through methods like:
- Questionnaires
- Giveaways, lucky draws, or social media challenges
- Newsletter subscriptions
- Purchasing customer lists
For emails to be spam, they lack recipient consent, are sent en masse repeatedly, and often omit opt-out options. Despite low ROI and reputational damage, some businesses use spam due to its low cost. However, this risks blacklisting by internet service providers and emails landing in junk folders. Governments worldwide have introduced privacy measures to curb spam.
C. How to Avoid Breaking the Law?
1. Compliance with Legal Obligations
Anti-spam laws vary by jurisdiction. Consulting a local lawyer is essential to avoid liability. Below are guidelines for Hong Kong, the EU, and the UK.
2. Email Marketing Management Requirements in Hong Kong
In Hong Kong, the Unsolicited Electronic Messages Ordinance (Cap. 593) (UEMO) regulates unsolicited commercial electronic messages (e.g., via phone, SMS, MMS, fax, or email) with a “Hong Kong link,” defined as:
- Originating in Hong Kong
- Received in Hong Kong
- Sent to a Hong Kong phone or fax number (including roaming numbers)
The UEMO excludes:
- Person-to-person telemarketing calls
- Broadcasting or TV services
- Responses to recipient requests
- Subscription or product updates
For messages under UEMO’s scope, businesses must follow these rules:
Guideline #1: Sender Information Must be Clear and Accurate
Senders must provide accurate contact details (name, address, phone, email) valid for 30 days post-send. If outsourced, identify the organization on whose behalf the message is sent (except for resellers). Information must be in English and Chinese unless the recipient opts for one language. If a Chinese name is unavailable, one language suffices.
Guideline #2: Give an Option to Unsubscribe from Future Emails
Messages must include a clear unsubscribe statement in the prescribed language, ensuring:
- The unsubscribe facility is available for 30 days
- It’s free
- It’s user-friendly
- It avoids promotional content
- For emails, it includes an email address, webpage, or web address
- The option is prominently placed and visible
Guideline #3: Honour the Unsubscribe Requests Promptly
Unsubscribe requests must be honored within 10 working days, with records kept for three years in their original or accurate format.
Guideline #4: Do Not Use Misleading Subject Headings for the Emails
Subject lines must accurately reflect the email’s content.
Guideline #5: Do Not Hide the Caller Line Identification Information
Caller line identification must not be concealed (applies to phone/fax messages).
Guideline #6: Do Not Send Messages to Numbers Registered with Do-Not-Call Register
The Do-Not-Call (DNC) register, managed by the Office of the Communications Authority, blocks unsolicited messages to registered phone/fax numbers without consent. This excludes person-to-person marketing calls, governed by a voluntary Code of Practice.
Additional Guidelines: Businesses must not:
- Use unscrupulous techniques to expand message reach
- Engage in fraud or illicit activities
Penalty: Violating UEMO triggers an enforcement notice. Non-compliance may result in fines up to HK$1,000,000 and up to five years’ imprisonment.
Direct Marketing: Per the New Guidance on Direct Marketing, unsolicited emails to unidentified recipients or random numbers are not “direct marketing.” However, emails to named recipients fall under the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), requiring prior consent. Learn more in What is Direct Marketing?.
3. Email Marketing Management Requirements in the European Union (EU under GDPR)
The GDPR, effective since 2018, mandates strict consent requirements.
Guideline #1: Silence, Pre-Ticked Boxes, or Inactivity Should Not Constitute Consent
Positive opt-in is required. Pre-ticked boxes are non-compliant.
Guideline #2: Email Consent Must Be Separated from Privacy Policy and Other Terms of Use
Consent for marketing emails must be optional and separate from service terms, privacy, or cookie policies.
Guideline #3: Demonstrate That the User Has Given Consent to the Processing Operation
Maintain records of:
- Who consented
- When they consented
- What they were told
- How they consented
- If they opted out
Guideline #4: Allow Users to Opt-Out or Withdraw Their Consents
Users must easily withdraw consent at no cost, ideally via an unsubscribe link in every email.
4. Email Marketing Management Requirements in the United Kingdom (UK)
The UK’s Privacy and Electronic Communications Regulations 2003, guided by the Information Commission’s Office, prohibits electronic marketing emails to individuals unless:
- They specifically consented, or
- They are existing customers who purchased (or negotiated to purchase) from you, with an opt-out option provided initially and in messages.
Sole traders and some partnerships are treated as individuals. Personal corporate email addresses (e.g., firstname.lastname@org.co.uk) may also require data protection considerations.
5. Opt-Out List
Add anyone who opts out to a do-not-contact list and screen contact lists against it before sending emails. Confirm unsubscriptions immediately, but avoid further contact, including re-opt-in requests.
D. Feel Like the Legal Compliance Requirements Are Too Complicated?
If compliance feels overwhelming, consider hiring a marketing agency or online marketer. Their expertise can help manage email marketing campaigns while minimizing legal risks.
Please note that this is a general summary of the position under the Laws of Hong Kong SAR and does not constitute legal advice.
