Newsletter
Email marketing consent, double opt-in, and newsletter rules by country.
Email marketing rules vary significantly across Europe. In most EU countries, you need explicit opt-in consent before sending marketing emails to individuals (B2C). For business-to-business (B2B) email, the rules differ by country โ cold email to businesses is legal in the Netherlands, UK, Ireland, Belgium, and the Nordics, but effectively prohibited in Germany and Spain. Getting this wrong can result in fines from your national data protection authority and damage to your sender reputation.
Key facts
- โขGermany effectively requires double opt-in for email marketing through court precedent, not just single consent
- โขThe Dutch Telecommunicatiewet requires opt-in for B2C marketing emails, but allows B2B cold email under soft opt-in
- โขSpain's LSSI requires explicit prior consent for all commercial emails โ B2B cold email is prohibited
- โขThe UK's PECR allows B2B marketing emails but requires an unsubscribe mechanism in every message
- โขGDPR requires you to document when and how each subscriber gave consent โ a checkbox record is not enough
What we check
- โNewsletter signup form consent mechanism
- โDouble opt-in implementation where required
- โUnsubscribe link presence in email templates
- โPrivacy policy coverage of email marketing
- โConsent record-keeping practices
Newsletter signup: good vs. bad examples
Pre-checked consent box
A checkbox that says "I want to receive newsletters" is already checked when the page loads. Under GDPR, consent must be a clear affirmative action. Pre-checked boxes are explicitly prohibited by the EDPB.
Unchecked, specific consent box
An unchecked checkbox with clear text: "Yes, I'd like to receive weekly website tips by email. You can unsubscribe at any time." This is specific, freely given, and requires an affirmative action.
Bundled consent
"By creating an account, you agree to our terms and to receiving marketing emails." This bundles newsletter consent with account creation. GDPR Article 7(2) requires that consent for different purposes must be clearly distinguishable and separate.
Double opt-in with confirmation email
After signing up, the subscriber receives an email: "Please confirm your subscription by clicking the link below." The subscriber is only added to the list after clicking. This is required in Germany and best practice everywhere.
No unsubscribe link
A newsletter that only says "Reply with STOP to unsubscribe" at the bottom in grey text. The ePrivacy Directive and PECR require a clear, easy-to-use unsubscribe mechanism in every marketing email, ideally a one-click link.
Clear unsubscribe in every email
Every newsletter includes a prominent "Unsubscribe" link at the top or bottom. One click takes the user to a confirmation page, no login required. Gmail and Apple Mail also show a one-click list-unsubscribe header.
Hidden opt-in during checkout
Adding customers to a mailing list when they make a purchase, with the opt-in buried in the terms and conditions. This is not valid consent. The subscriber must actively choose to sign up.
Separate consent with record-keeping
Newsletter signup is a separate form or clearly separated checkbox. The system records the timestamp, IP address, the exact text shown and the form version. This proves exactly when and how consent was given.
Pre-checked consent box
A checkbox that says "I want to receive newsletters" is already checked when the page loads. Under GDPR, consent must be a clear affirmative action. Pre-checked boxes are explicitly prohibited by the EDPB.
Bundled consent
"By creating an account, you agree to our terms and to receiving marketing emails." This bundles newsletter consent with account creation. GDPR Article 7(2) requires that consent for different purposes must be clearly distinguishable and separate.
No unsubscribe link
A newsletter that only says "Reply with STOP to unsubscribe" at the bottom in grey text. The ePrivacy Directive and PECR require a clear, easy-to-use unsubscribe mechanism in every marketing email, ideally a one-click link.
Hidden opt-in during checkout
Adding customers to a mailing list when they make a purchase, with the opt-in buried in the terms and conditions. This is not valid consent. The subscriber must actively choose to sign up.
Unchecked, specific consent box
An unchecked checkbox with clear text: "Yes, I'd like to receive weekly website tips by email. You can unsubscribe at any time." This is specific, freely given, and requires an affirmative action.
Double opt-in with confirmation email
After signing up, the subscriber receives an email: "Please confirm your subscription by clicking the link below." The subscriber is only added to the list after clicking. This is required in Germany and best practice everywhere.
Clear unsubscribe in every email
Every newsletter includes a prominent "Unsubscribe" link at the top or bottom. One click takes the user to a confirmation page, no login required. Gmail and Apple Mail also show a one-click list-unsubscribe header.
Separate consent with record-keeping
Newsletter signup is a separate form or clearly separated checkbox. The system records the timestamp, IP address, the exact text shown and the form version. This proves exactly when and how consent was given.
Official resources
Guides are coming soon.
Check your website now
Scan your website for Newsletter issues and 30+ other checks.
Scan your website free