Is Cold emailing illegal in the West?

[Justarabbit]

I see a lot of stuff that says cold emailing is bad or is illegal.

You see a lot of ppl saying you need to have double opt in or you'll get in trouble or get arrested but I've never heard of anything like that actually happening.

So what is the real deal with cold emailing? Is it illegal?

 

[TheVigilante]

Not that I heard of its mostly the guys from West who do it regularly lol

Where did you hear it's illegal?

 

[kimse]

Cold emailing isn’t illegal, but it is subject to specific rules. In the U.S., it’s allowed as long as you follow CAN-SPAM guidelines (including providing an unsubscribe link and real contact information). In the EU, it’s stricter—usually requires consent unless it’s B2B and there's a legitimate interest.

 

[INCC]

It is 100% illegal.

The fines are pretty harsh in Europe.

We are talking about hundreds of thousands of Euros - if I remember correctly.

Might even be worse. Arrests wouldn't surprise me, although I have never heard anyone getting busted for it.

----------------------------------------------------------

EDIT @Grok:

Maximum Fines:

• Up to €20 million or 4% of the organization’s global annual turnover (whichever is higher) for serious infringements, such as processing personal data without a lawful basis or failing to honor data subject rights (e.g., opt-out requests)
• For less severe violations (e.g., inadequate transparency or documentation), fines can reach up to €10 million or 2% of global annual turnover
• Applicability: Applies to organizations processing personal data of EU/EEA residents, even if the organization is based outside the EU
• Examples of Violations:
  • Sending cold emails without prior consent or a legitimate interest.
  • Failing to provide an easy opt-out mechanism.
  • Not maintaining records of how email addresses were obtained or consent was secured.

In some cases, national data protection authorities (DPAs) can impose administrative fines or pursue criminal penalties, including imprisonment (e.g., up to 6 months in Norway for severe violations under its Marketing Control Act).

 

[Justarabbit]

Not that I heard of its mostly the guys from West who do it regularly lol

Where did you hear it's illegal?

I see ppl say it online all the time. I have friends who tell me it's illegal.

Even answers in this thread are mixed. Seems like it depends on where you live.

It is 100% illegal.

The fines are pretty harsh in Europe.

We are talking about hundreds of thousands of Euros - if I remember correctly.

Might even be worse. Arrests wouldn't surprise me, although I have never heard anyone getting busted for it.

----------------------------------------------------------

EDIT @Grok:

Maximum Fines:

• Up to €20 million or 4% of the organization’s global annual turnover (whichever is higher) for serious infringements, such as processing personal data without a lawful basis or failing to honor data subject rights (e.g., opt-out requests)
• For less severe violations (e.g., inadequate transparency or documentation), fines can reach up to €10 million or 2% of global annual turnover
• Applicability: Applies to organizations processing personal data of EU/EEA residents, even if the organization is based outside the EU
• Examples of Violations:
  • Sending cold emails without prior consent or a legitimate interest.
  • Failing to provide an easy opt-out mechanism.
  • Not maintaining records of how email addresses were obtained or consent was secured.

In some cases, national data protection authorities (DPAs) can impose administrative fines or pursue criminal penalties, including imprisonment (e.g., up to 6 months in Norway for severe violations under its Marketing Control Act).

WHOA! That is pretty crazy!

 

[t2van]

EDIT @Grok:

Maximum Fines:

• Up to €20 million or 4% of the organization’s global annual turnover (whichever is higher) for serious infringements, such as processing personal data without a lawful basis or failing to honor data subject rights (e.g., opt-out requests)
• For less severe violations (e.g., inadequate transparency or documentation), fines can reach up to €10 million or 2% of global annual turnover
• Applicability: Applies to organizations processing personal data of EU/EEA residents, even if the organization is based outside the EU
• Examples of Violations:
  • Sending cold emails without prior consent or a legitimate interest.
  • Failing to provide an easy opt-out mechanism.
  • Not maintaining records of how email addresses were obtained or consent was secured.

In some cases, national data protection authorities (DPAs) can impose administrative fines or pursue criminal penalties, including imprisonment (e.g., up to 6 months in Norway for severe violations under its Marketing Control Act).

Yeah the same fines can be applied for personal data when shipping for a 3rd party also, those rules don't just cover cold emailing / spamming.

Example.

A company sells or gives away products.

They pass customer details onto you to process.

You process the order and send to the customer.

No harm?

Well if that customer ever asks for a freedom of information request, they need to know how you handled that data, where you passed it to (couriers etc) how long the courier held that info, how you handled that info, what you done with it after and so on. Or if you ever have a data leek there is so much you need to know to protect your self it's not even funny!

Its a frigging nightmare as @INCC said EU&UK fall under same rules and it's no joke they will slap you so hard.

 

[INCC]

Its a frigging nightmare as @INCC said EU&UK fall under same rules and it's no joke they will slap you so hard.

A few years ago, when I was more active with cold outreach, there were a couple of instances where people wanted to set me up.

They started communicating with me and then pretended to be interested in my services, but were very eager about which company we represent and where we are located. I didn't give them this information, and they burst out in anger, told me I was lucky lol.

There are snakes everywhere... they wanted to snitch immediately.

 

[TheVigilante]

A few years ago, when I was more active with cold outreach, there were a couple of instances where people wanted to set me up.

They started communicating with me and then pretended to be interested in my services, but were very eager about which company we represent and where we are located. I didn't give them this information, and they burst out in anger, told me I was lucky lol.

There are snakes everywhere... they wanted to snitch immediately.

Are the laws different for people doing outreach from India to European countries or even the US?

 

[t2van]

Are the laws different for people doing outreach from India to European countries or even the US?

I doubt it

 

[INCC]

Are the laws different for people doing outreach from India to European countries or even the US?

Nope.

It states the following:

• Applicability: Applies to organizations processing personal data of EU/EEA residents, even if the organization is based outside the EU

 

[TheVigilante]

How do the guys making outreach work for them really do it?

Any video on how to do it the correct way?

 

[t2van]

How do the guys making outreach work for them really do it?

Any video on how to do it the correct way?

Well if you think the company will have a legitimate interest in your business or services, you can sort of get around it.

It becomes a bit of a no-no if you spam betting services to a cat charity.

Others get around it by using throw-away emails like gmails, outlook etc. Personally I never reach back to anyone with a false email.

If you genuinely think you can offer me something, send it from your company domain...


You can also reach out to customers who have opted out if you think there is a real reason why they need to hear from you. Say your change domain name, get bought out, sold the business etc. That sort of cold outreach is OK to a non opt-in customer base.

 

[Dopious]

Cold emailing to businesses B2B in the EU is NOT illegal, but it is regulated under the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

 

[polecat]

It's not illegal but more complex doing it.


I can't remember the guy name but their exists sort of famous Spanish man what he does is for GDPR anytime he gets email he report to the EU government .

I can't recall if he's sued anyone or not but I know he trys often.

 

[SilverClouds]

Cold emailing to businesses B2B in the EU is NOT illegal, but it is regulated under the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

Yeppp, couldn't even do a dumb cold dm campaign in LinkedIn Ads (they have something like this) for my client because of that GDPR shit. It just won't let you target prospects in the EU.

 

[Dopious]

Yeppp, couldn't even do a dumb cold dm campaign in LinkedIn Ads (they have something like this) for my client because of that GDPR shit. It just won't let you target prospects in the EU.

That might be LinkedIn`s rules, as long as it was aimed at B2B and to employees in the relevant positions in the company it is ok by EU regulations.

 

[t2van]

Yeppp, couldn't even do a dumb cold dm campaign in LinkedIn Ads (they have something like this) for my client because of that GDPR shit. It just won't let you target prospects in the EU.

What was you targeting?

Only ask as I get hit up all the time with DM ads like writing, agency staff, whiskey barrel investing etc

So would have though it would be OK unless it was something LinkedIn just wouldn't like as a whole!?

Only asking, not having a go!

 

[SilverClouds]

That might be LinkedIn`s rules, as long as it was aimed at B2B and to employees in the relevant positions in the company it is ok by EU regulations.

Yeah, I think so too... B2B is fine, you can't do B2C cold email. So no idea why LinkedIn was so annoying about this.

 

[polecat]

That might be LinkedIn`s rules, as long as it was aimed at B2B and to employees in the relevant positions in the company it is ok by EU regulations.

You are right .

 

[Dopious]

You are right .

Always