As the world becomes increasingly connected, the email marketing regulation landscape becomes more and more complex. Whether or not you operate directly in different countries, it's good practice as an email marketer to know which laws and regulations apply to your subscribers, wherever they are in the world. In recent years, keeping on top of new legislation has been challenging – most notably in Europe, with the introduction of GDPR (General Data Protection Regulation).
The team at EmailOctopus have compiled this guide to make things easier. Our aim is to create a space where the email marketing community can keep each other up-to-date about regulations around the world, so it's easier for us all to be aware of new legislation, as and when it's implemented.
At a glance
For more detail about a country's legislation, click the country name.
Country
Legislation
Content required
Opt-out required
Consent required
Penalties
Australia
Spam Act 2003
Name, contact information
Yes
Implied consent if you have a previous business relationship. Otherwise, explicit
Up to $1.8m AUD per day
Belgium
outre-Quiévrain law, GDPR
Name, mailing address, clear identification of the sender
Yes
Explicit consent
Up to €20m, or 4% annual global turnover – whichever is higher
Brazil
LGPD
Name, contact information
Yes
Implicit consent via soft opt-in where an existing commercial or social interest can be demonstrated (effectively legitimate interest)
2 percent of the revenue from Brazil, up to R$50 million per infraction
Canada
CASL
Name, mailing address, contact information
Yes
Implied consent if you have a previous business relationship. Otherwise, explicit
Up to $10m CAD per violation
China
Regulations on Internet Service
Name, email address
Yes
Explicit consent
10,000-30,000 yuan per email
Denmark
Danish Marketing Practices Act, GDPR
Name, mailing address, clear identification of the sender
Yes
Explicit consent
Up to €20m, or 4% annual global turnover – whichever is higher for GDPR violation; Danish government will impose an additional fine which is to be decided by the governing body
Finland
Electronic Communication Services Act, GDPR
Name, mailing address, clear identification of the sender
Yes
Implied consent if you have a previous business relationship. Otherwise, explicit
Up to €20m, or 4% annual global turnover – whichever is higher
Germany
Federal Data Protection Act, GDPR, Telemedia Act
Name, mailing address, clear identification of the sender
Yes
Implied consent if you have a previous business relationship. Otherwise, explicit
Up to €20m, or 4% annual global turnover – whichever is higher
Hong Kong
The Unsolicited Electronic Messages Ordinance
Clear identification of the sender
Yes
Implied consent
Up to $1,000,000 and imprisonment for up to 5 years on conviction on indictment
Iceland
GDPR
Name, mailing address, clear identification of the sender
Yes
Explicit consent
Up to €20m, or 4% annual global turnover – whichever is higher for GDPR violation
India
None at present
None
No
Consent is not required
None
Ireland
Irish Data Protection Act 2018, GDPR
Name, mailing address, clear identification
(read more)