Email marketing and the rule of legitimate interest

A great many businesses are using legitimate interest as a way to get round a lack of consent in their email marketing. But, this rule is often misunderstood. This means that many people could be receiving emails they shouldn’t be!

Legitimate interest is not a “grey area or loop hole” to be exploited by marketers. It is not a “catch all” excuse to send marketing to anyone you fancy. This must be used only as a last resort, when it is in the interest of the recipient and there is no other better option!

To use the legitimate interest rule in your marketing you must consider three tests set out. These tests are in place to protect the recipient and the use of their data, so it’s important to familiarise yourself with them. This is not an exact science, there is no definitive list of what you can and what you can’t do. But, you must be clear about why you are marketing an individual and how it will help them.

The first test – Purpose

The first test is purpose. To satisfy this test you must know exactly why you want to use the data and you must establish exactly what the legitimate interest is.

There must be a specific benefit, which might include growing your business or developing a relationship with your customers. But, the data must be used in a way that your customer might expect. If there’s a possibility that they might be surprised by the contact, and the purpose of the contact, then it won’t pass this test and you can’t proceed in this way.

Situations that might pass this test include:

  • The person recently bought something from you
  • They specifically gave you their contact details
  • There was a clear opportunity to opt out when you captured the details

The second test – Necessity

To satisfy this test, you must be sure that there isn’t a better way to achieve your aims that is less intrusive. If there is a less intrusive way to achieve your purpose then you cannot use legitimate interest as a way to process this data.

For example, running a well targeted ad might reasonably achieve your aims without needing to process specific data. And sending a friendly email might be less intrusive than phoning someone in their home.

You should also consider the frequency of contact and the type of message. For example, an occasional subtle email is less likely to be considered obtrusive than a series of hard sales pitches.

The third test – Balance

In this test you must balance your needs against the interests of the person who’s data you are using. Consumers have the rights so you must consider whether the impact of your use of their data overrides this right. When doing this you should at least consider the following:

  • How sensitive is the data
  • The relationship you already have with the individual
  • The impact it might have on them
  • The age of the user
  • Potential Vulnerabilities

Think about whether your use of data could be detrimental to the individual. For example, if someone is struggling with debt, it might be detrimental to them to receive information that could worsen that situation. Do you know enough about the individual to make sure this cannot happen? If not, then stop!

Likewise, if there has been a security breech or fraudulent activity then it would be considered well within their interests to use the data.

In addition…

The three tests are not the start and end of it. You must also satisfy yourself that the use of an individuals data is ethical and lawful. If you are not sure about that then familiarise yourself with the PECR and GDPR rules. Legitimate interest does not override these rules.

Consider the following when you next consider using legitimate interest as the basis to send an email…

  • If you were asked, could you clearly explain your reasons for using a persons data?
  • Have you given fair warning? To use legitimate interest, you must explain exactly what the legitimate interest is in your privacy policy, you should also state it in the footer of any messages you send.
  • How do you manage the data? You cannot store the data for marketing purposes, but you can keep records that relate to a previous purchase. This means you can collate data to use for your specific purpose, but that list cannot be stored after for use in the future.
  • Is it in the recipients best interests for me to use their data in this way? How will it help them?
  • Is it likely to come as a surprise that I have contacted this person?
  • Could they have unsubscribed from marketing in the past? Have you cross checked this data with your list of unsubscribes?
  • Is there a clear option to opt out of direct marketing when the data is provided, ie at your checkout? If not, you probably don’t qualify to use their data under legitimate interest rules.
  • Does your marketing include details of how to opt out?

One final note on business to business marketing

People often fall back on the fact that it’s ok to message a business. This is likely to be ok, as long as you are not contacting an individual directly. Sending marketing messages to an email address like info@business or customerservice@business is likely to be fine in most cases. Using email addresses like caroline@business or carolinemitchell@business is less likely to be ok.

It is not ok to email an address that belongs to a sole trader, so some research might be needed to make sure the email address you are using belongs to a legal company.

If they have opted out

It is also not ok to market to anyone, business or not, if they have opted out! If there is any chance that you might do this, by accident, or not, then don’t send the marketing. If you aren’t able to check your email address to rule out a previous opt out then stop. On 8th December, Virgin media were fined £50k for doing just that and only one complaint was actually made! You can read the full story here.

Stay up to date

Thanks to an evolving Brexit situation, the rules on legitimate interest are changing frequently. This is just a guide as to the kinds of things you should be thinking about if you are considering using this rule in your future marketing. Please do further research if you are using the rule to make sure you are using up to the minute guidance. The ICO website is a great source of information on the use of legitimate interest.

If in doubt, the bottom line is, don’t do it. You just can’t go wrong if you get full consent from your customers and you give them plenty of opportunities to opt out!


How would your business benefit from an experienced business coach?

You shouldn’t have to fight your way through conflicting and confusing advice. We’ll support and guide you so you can make clear, confident decisions. Book a discovery call with us now and find out how we can help you get the best out of your email marketing.