Newsletter
Email marketing consent, double opt-in, and newsletter rules by country.
Email marketing rules vary significantly across Europe. In most EU countries, you need explicit opt-in consent before sending marketing emails to individuals (B2C). For business-to-business (B2B) email, the rules differ by country โ cold email to businesses is legal in the Netherlands, UK, Ireland, Belgium, and the Nordics, but effectively prohibited in Germany and Spain. Getting this wrong can result in fines from your national data protection authority and damage to your sender reputation.
Key facts
- โขGermany effectively requires double opt-in for email marketing through court precedent, not just single consent
- โขThe Dutch Telecommunicatiewet requires opt-in for B2C marketing emails, but allows B2B cold email under soft opt-in
- โขSpain's LSSI requires explicit prior consent for all commercial emails โ B2B cold email is prohibited
- โขThe UK's PECR allows B2B marketing emails but requires an unsubscribe mechanism in every message
- โขGDPR requires you to document when and how each subscriber gave consent โ a checkbox record is not enough
What we check
- โNewsletter signup form consent mechanism
- โDouble opt-in implementation where required
- โUnsubscribe link presence in email templates
- โPrivacy policy coverage of email marketing
- โConsent record-keeping practices
Newsletter signup: good vs. bad examples
Pre-checked consent box
A checkbox that says "I want to receive newsletters" is already checked when the page loads. Under GDPR, consent must be a clear affirmative action. Pre-checked boxes are explicitly prohibited by the EDPB.
Unchecked, specific consent box
An unchecked checkbox with clear text: "Yes, I'd like to receive weekly website tips by email. You can unsubscribe at any time." This is specific, freely given, and requires an affirmative action.
Bundled consent
"By creating an account, you agree to our terms and to receiving marketing emails." This bundles newsletter consent with account creation. GDPR Article 7(2) requires that consent for different purposes must be clearly distinguishable and separate.
Double opt-in with confirmation email
After signing up, the subscriber receives an email: "Please confirm your subscription by clicking the link below." The subscriber is only added to the list after clicking. This is required in Germany and best practice everywhere.
No unsubscribe link
A newsletter that only says "Reply with STOP to unsubscribe" at the bottom in grey text. The ePrivacy Directive and PECR require a clear, easy-to-use unsubscribe mechanism in every marketing email, ideally a one-click link.
Clear unsubscribe in every email
Every newsletter includes a prominent "Unsubscribe" link at the top or bottom. One click takes the user to a confirmation page, no login required. Gmail and Apple Mail also show a one-click list-unsubscribe header.
Hidden opt-in during checkout
Adding customers to a mailing list when they make a purchase, with the opt-in buried in the terms and conditions. This is not valid consent. The subscriber must actively choose to sign up.
Separate consent with record-keeping
Newsletter signup is a separate form or clearly separated checkbox. The system records the timestamp, IP address, the exact text shown and the form version. This proves exactly when and how consent was given.
Pre-checked consent box
A checkbox that says "I want to receive newsletters" is already checked when the page loads. Under GDPR, consent must be a clear affirmative action. Pre-checked boxes are explicitly prohibited by the EDPB.
Bundled consent
"By creating an account, you agree to our terms and to receiving marketing emails." This bundles newsletter consent with account creation. GDPR Article 7(2) requires that consent for different purposes must be clearly distinguishable and separate.
No unsubscribe link
A newsletter that only says "Reply with STOP to unsubscribe" at the bottom in grey text. The ePrivacy Directive and PECR require a clear, easy-to-use unsubscribe mechanism in every marketing email, ideally a one-click link.
Hidden opt-in during checkout
Adding customers to a mailing list when they make a purchase, with the opt-in buried in the terms and conditions. This is not valid consent. The subscriber must actively choose to sign up.
Unchecked, specific consent box
An unchecked checkbox with clear text: "Yes, I'd like to receive weekly website tips by email. You can unsubscribe at any time." This is specific, freely given, and requires an affirmative action.
Double opt-in with confirmation email
After signing up, the subscriber receives an email: "Please confirm your subscription by clicking the link below." The subscriber is only added to the list after clicking. This is required in Germany and best practice everywhere.
Clear unsubscribe in every email
Every newsletter includes a prominent "Unsubscribe" link at the top or bottom. One click takes the user to a confirmation page, no login required. Gmail and Apple Mail also show a one-click list-unsubscribe header.
Separate consent with record-keeping
Newsletter signup is a separate form or clearly separated checkbox. The system records the timestamp, IP address, the exact text shown and the form version. This proves exactly when and how consent was given.
Official resources
Related guides
Double Opt-in: Required or Not? It Depends on the Country
Double opt-in is required in Germany, recommended in Austria, and optional elsewhere in Europe. Here's what the law says in each country and how to set it up.
Newsletter Signup Forms: GDPR Requirements
Your newsletter signup form needs more than a checkbox. Here are the GDPR rules for email consent, what to store and how to avoid common mistakes.
Pre-checked Signup Boxes Are Illegal: Here's Why
Pre-checked checkboxes for newsletters and marketing don't count as valid consent under GDPR. The Planet49 ruling made this clear. Here's what to fix.
Email Marketing Consent: Country-by-Country Rules
Email marketing rules differ across Europe. Here are the consent requirements for the Netherlands, Germany, UK, Belgium and more.
The Soft Opt-in Exception: When You Can Email Without Consent
The soft opt-in lets you email existing customers without explicit consent. But strict conditions apply. Here is how it works.
Related from other areas
GDPR Compliance Checklist for Your Website (2026)
A practical GDPR checklist for small business websites. Check cookies, privacy policy, consent forms, and tracking scripts.
Cookie Banner Requirements 2026: What Actually Counts
Most cookie banners fail basic GDPR requirements. Here is what yours actually needs: reject buttons, no dark patterns, real consent.
Check your website now
Scan your website for Newsletter issues and 30+ other checks.
Scan your site free