I've spoken about the Privacy and Electronic Communications Regulations 2003 (PECR), also known as the cookie law, before. This law also covers spam and it can carry hefty fines.
Marketing email rules
One of the PECR rules relates to opting in to receive marketing. You're only allowed to send marketing emails to your customers under certain conditions.
If someone buys a product or service from you then you're allowed to send marketing communications to them in a rule known as 'soft' opt-in. At the point of collecting their details you must provide an opt-out option. Assuming the user does not opt-out you may then send them marketing emails. This form of marketing requires that future communications are related to similar products or services. You must also provide an easy way to opt-out from an online account and / or an unsubscribe link in every email.
Users can also opt-in to general marketing from you via a newsletter or account signup form. In this circumstance you're allowed to send a wider range of marketing than from a soft opt-in. This may help to explain why when you buy something there are often three checkboxes – one to allow soft opt-in email, one to allow additional marketing, and the terms and conditions. Remember that you must also include an unsubscribe link in every one of these emails too.
A third type of email known as a service email does not generally fall under these regulations. Service emails include order status, account security notices, etc. These emails must not include marketing of any sort to fall outside of the PECR rules.
Hello, can we spam you?
Think about the following scenario. You've just updated your website and would like to inform all of your registered users and ask them to clarify their marketing preferences. How can you go about this? Well – you can't. This sort of email is marketing yourself, something you're not allowed to do to customers that have opted out of marketing, or for those that you only have soft opt-in authorisation for. Those soft opt-ins only care about products and services, not a new website or shop.
That sort of email is basically spam, asking if they're allowed to spam you, which is exactly why two companies were recently fined. Fined a total of £83,000, Flybe and Honda broke the rules on marketing communications, with Flybe asking "Are your details correct?" whilst including entry into a prize draw including to people who had previously opted out of marketing, and Honda who asked people to clarify their marketing preferences – something you're not allowed to ask unless you already have permission to ask it.
You can read more about the Flybe and Honda ruling on the ICO's blog.