The general rule for electronic direct marketing is that it requires the clear, affirmative consent of the recipient (such as by specifically opting-in) under Regulation 13 of the ePrivacy Regulations.

Nevertheless, consent is not specifically required in respect of every instance of electronic direct marketing, and there is an exception to the general requirement for consent, but only in cases involving existing customers, where certain other conditions are also met.

Under Regulation 13(11) of the ePrivacy Regulations, where an organisation lawfully obtains electronic mail contact details ‘from a customer … in the context of the sale of a product or service’ (this only applies to existing customers), consent to electronic direct marketing is not required as long as the following further conditions are met in relation to the electronic direct marketing communication:

1. The product or service being marketed is the organisation’s own product or service;

2. The product or service being marketed is of a kind similar to that supplied to the customer in the context of the original sale;

3. The customer must be clearly and distinctly given the opportunity to object to the use of their details at the time those details are collected, as well as each time the organisation sends an electronic marketing message to the customer; and

4.  The initial direct marketing communication must be sent within 12 months of the date of the original sale to the customer.

This means that an organisation must not send direct electronic marketing communications to a prospective customer who does not complete a purchase, for example, where they browse online for products but do not complete the checkout process.

Regulation 13(11) further requires that the customer’s electronic mail contact details must have been lawfully obtained in accordance with the Data Protection Act 2018. This means the initial reason for obtaining the contact details must have been compliant with the principles of data protection and have had a valid legal basis, as appropriate for the context in which the electronic mail contact details were originally obtained.