EEC Global Email Marketing Compliance Guide



Affirmative (Opt-In) Consent

Affirmative consent, also known as “opt-in”, is any explicit action taken by a consumer in acceptance of a clear and specific call-to-action to receive promotional messages. In practice, for affirmative consent to be valid the sender must request consent prior to adding the recipient to any recurring marketing programs.
It is common for consumers to be asked to check a box, fill out an email collection form, or click an ‘Agree’ button to unambiguous marketing terms to give consent. The recipient may then receive a notification informing them they will now receive messages, or with a clear call-to-action to confirm their initial consent.
Please see the Messaging, Malware and Mobile Anti-Abuse Working Group’s (MAAWG) Sender Best Common Practices for in-depth guidance.


Best Practice

Best business and privacy practices, per established codes of practice or based on common sense, which may go above and beyond what is allowed by law to ensure an optimal consumer experience. Best practice within this document means “recommended practice”.


Commercial Electronic Message (CEM)

A commercial electronic message is an electronic message that has as its primary purpose, or one of its purposes, to encourage participation in a commercial activity through offers, advertisements, promotions or any other solicitations, or that contains a request for consent to send further commercial messages.

It is important to note that in some jurisdictions, notably within the UK and EU member states, messages that do not encourage commercial activity but merely facilitate a business relationship are still considered CEMs. Such messages are generally exempted from prior consent and opt-out compliance requirements but may still be subject to sender identification and related transparency obligations.


Consent Record-Keeping

Marketers must keep a record of permission level given (implied or express consent) and date of consent given. Through record-keeping can include the IP address, date and time of opt-in captured as well as the URL of the page submitted. Any information captured when providing consent should be solid enough to be proved in court as verifiably obtaining consent.


Double / Confirmed Opt-In Consent

Double opt-in is a strong permissioning process where an email recipient takes an explicit action to confirm their interest to receive marketing messages from a sender. Once the recipient confirms the subscription they can be included in future messaging and are considered double opted-in.
The benefit of double opt-in is that ownership of the opted-in address is verified thereby reducing the occurrence of spoofed or invalid subscriptions.


Factual (Transactional) Message

A commercial electronic message that serves an informational, transactional, legally mandated or an otherwise administrative purpose and does not encourage new commercial activity. This category includes purchase receipts, monthly statements, customer experience feedback requests and data breach notifications. These messages are commonly exempted from prior consent and opt-out requirements, but may be subject to sender identification and related transparency obligations.


First Party

A first party is an organization with either an existing and direct business relationship with or unambiguous consent from the email recipient such that the recipient reasonably expects to receive marketing communications from the organization. First parties may reserve the right to share customer email addresses with unaffiliated business partners for their own marketing purposes.


Implied Consent

Implied consent is generally considered to exist during the course of a business relationship where the recipient has volunteered their email address and reasonably expects to receive commercial electronic messages. Expectations are typically managed through clear and unambiguous statements in the sender’s privacy policy but may include more up-front disclosures where the email address is collected.


Indirect (Third-Party) Consent

Indirect consent is the practice of first-parties granting themselves the right to share customer email addresses with unaffiliated third-parties without the recipient’s prior affirmative or informed consent. By relying on statements in the first-party’s privacy policy that email addresses may be shared with ‘trusted partners’ for their own marketing purposes, the third-party is said to have indirect consent to engage. As with opt-out consent practices, recipients commonly perceive this practice as resulting in unsolicited commercial email, a.k.a ‘spam’

In contrast, a co-registration agreement where the third-party’s brand is referenced with an unchecked box on a partner website reduces the risk of sending ‘spam’. A site visitor would know they are subscribing to emails from a specific brand, would be able to give their unambiguous consent, and the resulting email would not be viewed as unsolicited.


Informed Consent

Informed Consent is in the middle ground between Affirmative and Implied Consent where marketing is presented as part of the service or product being offered. Commonly, and particularly in the UK and other EU member states, informed consent takes the form of an up-front, clear and unambiguous disclosure of marketing intent and the ability to opt-out at any time. By accepting the terms of service and proceeding, the recipient is said to give their informed consent.


Mixed Content

A commercial electronic message (CEM) that combines promotional and informational elements. Within the US, the Federal Trade Commission provides senders with a Primary Purpose Test to reasonably determine whether the message is primarily promotional or factual. It is important to note that this test is unique to the US. Outside of the US, any message that has as one of its purposes to encourage new commercial activity is generally treated as a promotional message.


Opt-Out Consent

Opt-out consent is the practice of first-parties assuming broad rights to use the recipient’s email address for marketing purposes until such time that they object using an unsubscribe mechanism. Rights may also include the ability to share email addresses with unaffiliated third-parties for their own marketing purposes without the recipient’s prior affirmative or informed consent. Recipients commonly perceive this practice as resulting in unsolicited commercial messages, a.k.a ‘spam’.


Opt-Out Mechanism

A link or mechanism in an email message that allows the recipient to request cessation of communications from the sender or senders.


Pre-Checked Boxes

Pre-checked boxes are choice mechanisms that are checked by default. They are commonly used to assume consent on the part of the recipient but are accompanied by adjacent disclosures of marketing intent. If the recipient does not make the effort to uncheck the box when the email address is collected, depending on the robustness of the disclosures they may be said to have given their informed or implied, but not affirmative consent.

This practice is regulated in some jurisdictions, notably Canada and Germany.


Promotional Message

A commercial electronic message (CEM) that has as its primary purpose to encourage participation in a commercial activity through offers, advertisements, incentives or any other solicitations.


Refer-a-Friend (RAF) Mechanism

A Refer-a-Friend mechanism is an online form that allows existing customers to refer the brand’s products or services to potential new customers. Since the brand does not yet have a direct business relationship with the end-recipients, they are generally precluded from adding the end-recipient’s email address to their marketing lists. A common best practice is for the RAF message to be a one-time, personalized message ‘from’ the customer to their friend, and containing a call-to-action for the friend to opt-in to the brand’s marketing program.


Remarketing (abandoned cart) Message

A commercial electronic message (CEM) that encourages a new commercial activity closely related to a prior activity, or the conclusion of a previously incompleted commercial activity. Shopping cart abandonment reminders are a common example of remarketing messages that despite regarding a transaction are no different from any other promotional message.


Third Party

A third party is an organization that may not have a direct pre-existing business relationship with the end-recipient, instead relying on sharing disclosures within a first party’s privacy policy to engage potential future customers. It is a best practice for first parties to promote third party offers within their own marketing messages through joint marketing and co-registration partnerships. A growing number of privacy laws around the world, as well as industry codes of practice, place a higher burden on third parties relying on indirect and opt-out forms of consent to directly engage a first party’s customers.


Unsolicited Commercial Email (UCE)

Unsolicited Commercial Electronic Message is commonly defined as any commercial message that is sent to a recipient without that recipient’s prior affirmative, informed or implied consent. International privacy and data protection laws regulate UCE with various limitations, in most cases requiring some form of prior consent.

Recent guidance issued by international privacy commissioners (e.g., Canada, Australia, U.K.) has set out exactly how their respective privacy laws may apply to electronic marketing. The common theme expressed by privacy commissioners is that consent for marketing should be knowingly given in a manner that is clear, specific, and overt.

In practice, contracts between senders and email service providers, and email service providers and receivers, are what control UCE.