1. Foreword

Law and trust

“You are talking to the devil,” the representative of an Internet service provider told us when we presented our plans to launch the Certified Senders Alliance (CSA) at a conference in the USA in 2004. Trying to build a bridge between the senders of automated emails and those who sought to protect their networks and customers from spam seemed unimaginable.

After almost 20 years of the successful existence of the CSA, we can confirm that this bridge is accepted far beyond Germany and contributes to successful self-regulation in the market.

The protected space for legitimate, desired commercial email communication initiated at that time already included legal requirements in the first version of the CSA criteria: Requirements for consent or its revocation and the legal notice were already included in 2004.

The CSA has continuously updated the legal criteria catalogue over the years in line with adapted case law. Today, the CSA criteria are based on European specifications and also cover internationally applicable law in email marketing. Compliance with the legal CSA criteria protects senders from consequences due to unlawful sending while protecting end users from spam.

However, with these guidelines for permissible email marketing, we go beyond the CSA criteria and would like to invite readers to learn details on specific topics and receive practical implementation suggestions. Legal requirements in the relevant topics always go back to essential cornerstones that are intended to protect the recipient of advertising:

The recipient shall:

  • Act voluntarily and informed
  • Give their consent explicitly and demonstrably
  • Be able to revise their decision without disadvantages

Personal preferences and privacy on the part of senders as values should be respected. This is very important, even irrespective of applicable law, in order to establish a relationship of trust between sender and recipient. Or would you let just anyone handle your personal data?

In this seventh version of the Directive for Permissible Email Marketing, we are limiting ourselves for the first time to a purely digital version in order to be able to update and add to them continously and to protect the environment.

The seventh version contains the following changes and additions to the previous version from 2016:

The introduction of the GDPR in 2018 has posed significant challenges for the industry and still does. Thus, there is still uncertainty regarding the interpretation and application of certain provisions of this framework law. Subsequently, further national laws were supplemented and adapted to the Regulation. For Germany, examples include the Telecommunications Act (TKG), the Telemedia Act (TMG) and the Federal Data Protection Act (BDSG). In addition, important reforms, such as the implementation of the e-privacy directive, are still pending.

The Schrems II ruling of the European Court of Justice has created further uncertainties with regard to the exchange of data, especially with the USA, which have not been resolved to date.

The guideline classifies the relevant legal regulations understandably and gives concrete examples of and many useful suggestions for possible solutions.

We wish you a good read!

Julia Janßen-Holldiek & Thomas Rickert



    Get in touch with us