New Code of Conduct for Email Marketing

27 August 2004

Gerrit-Jan Zwenne

On 15 June 2004, after more than a year of negotiations, the Dutch Direct Marketing Branch has decided by mutual agreement on a Code for Distributing Unrequested Advertising By E-Mail (the “Code”). Several direct marketing trade organisations and the Confederation of Netherlands Industry and Employers (VNO-NCW) have drawn up the rules of conduct under the neutral presidency of ECP.NL, the Electronic Commerce Platform.

For almost one year the negotiations were thwarted by the angry resignation of one of the trade organisations, the Dutch Direct Marketing Association, which wanted to include the possibility of providing e-mail addresses to third parties. However, when the new strict rules for unsolicited electronic messages of the e-Privacy Directive (2002/58/EC) were implemented in the new Dutch Telecommunications Act (the “Act”), this no longer seemed to be a real issue. Pursuant to the new Act, (which entered into effect on 19 May 2004) an opt-in regime applies. Accordingly, unsolicited commercial e-mail messages are only allowed if the sender can show that the recipients of such e-mail have given their prior consent.

The Code contains rules with respect to the maximum size of the e-mail message, i.e. no bigger than 50 kb incl. compressed files attached, unless the sender and recipient have agreed differently, and the prohibition of sending executable files. In addition, the sender must provide clear and simple opt-out procedures, as well as clear and proper information about the purposes for which the e-mail addresses are used.

According to some, the Code fails dramatically, particularly in the field of clarity. The privacy and digital rights organisation, Bits of Freedom (BoF) criticises the Code because it does not require an e-mail confirmation for the recipients’ prior consent. Pursuant to the Code, it is sufficient for senders of commercial e-mail to ask and obtain consent by requesting the recipient to tick a box on a website. However, without sending a confirmation of the consent, there may always be doubts whether the person who owns the e-mail address is really the same person who has given the consent. As the Act specifically requires the sender of unsolicited e-mail to show that the recipient has given prior consent, such confirmation seems prudent, if not necessary.

On the other hand, the Code (possibly inadvertently) provides for an extension of the protection offered by the Act. The Act only protects subscribers who are natural persons. Consequently most business and employees’ e-mail addresses are not protected because the employer and not the employee, is the party to the agreement with an ISP for internet access. This limited scope of protection is one of the results of a vigorous and successful lobby by the Direct Marketing Branch. Nevertheless the Code does not protect every ‘addressee’ which is defined as: ‘the person to whom the advertisement is aimed’. In addition, the Code grants ‘anybody’ the right to submit complaints to the Advertising Standards Committee (“Reclame Code Commissie”). Consequently, not only subscribers who are natural persons, but also persons with business e-mail addresses, such as employees, are protected by the Code and can file complaints to the Committee.

Next year, the Code will be re-assessed on the basis of practical experience.

The text of the email code is available in Dutch and can be found at