Could GDPR mean the end of spam emails?

9 Oct 2017 Richard McBarnet
Spam emails

If you do not stay on top of your emails, your inbox can very quickly become full of largely unwanted messages. We all receive too many emails, the majority of which are marketing messages we are simply not interested in. When we feel overwhelmed by the sheer number of them, we call them spam. But is this the correct term?

What is spam?

The OED definition of spam is “Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.” This means the term ‘spam’ does not include the marketing emails – however annoying you find them – which you have given consent to receive, even if you have forgotten that you have done so.

Marketing emails

Under the current Privacy and Electronic Communications Regulations (PECR), which sit alongside the Data Protection Act, there are differing rules regarding communication with B2B and B2C audiences.

  • With B2B – limited companies, PLCs, LLPs etc, but not sole traders – companies are entitled to send marketing emails without requiring consent. However, if someone opts out by unsubscribing, the company must act on this.
  • With B2C – includes sole traders, employees of sole traders as well as individuals – a soft opt-in in the absence of consent, which basically means if someone buys from your company or expresses interest, for example by requesting a catalogue, you can market relevant goods and services to them.

Under GDPR the standard of consent is much tighter, but for the alternatives provided by PECR things are not necessarily going to change hugely. New ePrivacy legislation is due to come in with GDPR to replace PECR, but that is unlikely to change the rules around the soft opt-in and corporate subscribers.

Subscribing and unsubscribing

The biggest impact we will see after GDPR will be with the ‘subscribe’ tick boxes. Companies will no longer be allowed to add pre-ticked boxes, which means consumers will not be fooled into giving their consent for companies to sell their data to third parties.

There will be much tighter regulation around consent which will have to be unambiguous and freely given. The onus will be on businesses to prove they have been granted clear consent.

If you unsubscribe from a mailing list, then even though the company will still have your details, they will not be allowed to contact you. This year, the airline Flybe was fined £70,000 for deliberately contacting people who had unsubscribed from their mailing list. Under GDPR, the fines will potentially be considerably higher which should prevent this happening again.

Spam emails

There are many maverick marketing companies that are currently using loopholes in the law to send messages you have not consented to, and these emails can be classified as spam. Parent companies create new subsidiaries which spring up overnight and disappear just as quickly. GDPR will target the parent companies and all their subsidiaries, making it easier to prosecute them, and the fines will be huge. This means that, in theory, on the day after GDPR comes into effect, the slate will be wiped clean and everyone will have to re-give their consent.

Unfortunately, there are companies that operate outside of the law and are therefore unlikely to stop sending us so much spam and will be more difficult to stop. These produce the automated spam messages none of us want and most of us loathe, e.g. the ones that are trying to sell viagra. Many of these can be diverted with a decent spam filter.

Good news for the private individual

GDPR and the new UK Data Protection Bill will be great for us as individuals. However, they will make things more difficult for companies to market their products and services. Contact us if you would like to know more about GDPR compliance. 


Contact Lumina

We use cookies to ensure that we give you the best experience on our website.