Do Abandoned Cart Emails Violate CAN-SPAM / GDPR?

Do Abandoned Cart Emails Violate CAN-SPAM / GDPR?

Written by: Hayley Bonnett

Published: 14 March, 2023


Abandoned cart emails are a common marketing strategy for e-commerce businesses to recover lost sales. However, with the introduction of data privacy laws like GDPR and CAN-SPAM, there is confusion about whether these emails violate opt-in requirements. Let’s examine the issue and determine whether abandoned cart emails are worth the risk.

What is the EU’s GDPR?

General Data Protection Regulation (GDPR), is a regulation in the European Union (EU) that governs the way businesses collect, process, store, and share personal data of EU citizens. This includes businesses that offer goods or services to EU citizens, monitor the behaviour of EU citizens, or process the personal data of EU citizens in any way.

Under GDPR, businesses are required to obtain explicit consent from customers before sending them marketing communications. This means that customers must opt-in to receive marketing emails and have the option to opt-out at any time. However, GDPR does allow for the use of legitimate interest as a legal basis for processing personal data, including sending abandoned cart emails. Legitimate interest means that the processing of personal data is necessary for the legitimate interests of the business, but it must be balanced against the individual's rights and freedoms.

What is the US’s CAN-SPAM Act?

Similarly, the CAN-SPAM Act in the US requires businesses to obtain consent from customers before sending marketing emails. However, the act does allow for transactional emails, which include messages that facilitate a transaction or provide information related to a customer's account. Abandoned cart emails can be considered transactional if they meet certain criteria, such as including information about the customer's abandoned cart and not including any promotional content.

Do Abandoned Cart Emails Violate GDPR or CAN-SPAM?

The answer is no, as long as businesses follow the guidelines and obtain consent from customers or have a legitimate interest in sending emails. However, businesses should still be transparent about their email marketing practices and provide customers with the option to opt-out at any time.

Collecting Contact Information

There are a few ways that you could have the contact’s information so that you can send them an abandoned cart email (if you haven’t collected their email, you can’t email them!). 

  • They are an existing subscriber or customer and are cookied
  • You captured their email address when they started the checkout process before they left the site

Existing Customers and Contacts

Most customers opt-in when making their purchase or signing up as a subscriber. In this case, you’ve likely got permission to email them about their abandoned cart content - unless they’ve explicitly asked to be unsubscribed from communications. Then you don’t have permission to email them with your marketing emails, including abandoned cart emails. 

Form Listeners and Half-Completed Transactions

This one is a bit trickier because the contact may not have intended to give you their email address if they stopped filling out their checkout partway or didn’t realize they were creating an account. They may not realize that when you ‘check out as a guest’ you are indeed sharing your information with the retailer who can then email you. 

Because you don’t have explicit consent, you could get a complaint or two on this one. However, because the contact was legitimately engaged in a transaction with you, you may have implied consent to email them about this transaction. Just watch that you don’t start spamming them with all your marketing emails if they haven’t signed up for those. 

What's the Risk & is it Worth it?

What's the risk of being non-compliant with GDPR & CAN-SPAM rules? CRTC states the penalty for violation in Canada:

If you commit a violation under CASL, you may be required to pay an administrative monetary penalty (AMP). The maximum amount of an AMP, per violation, for an individual is $1 million. For a business, it is $10 million. CASL sets out a list of factors considered in determining the AMP’s amount.

Is it worth the risk to send abandoned cart emails? The answer depends on the specific business and its customers. For many e-commerce businesses, abandoned cart emails have proven to be an effective way to recover lost sales and increase revenue. However, businesses should weigh the potential benefits against the risks of violating data privacy laws and damaging their reputation particularly if you're collecting this info in a way that might catch your contacts by surprise.

If you're an e-commerce business owner who's considering implementing abandoned cart emails, make sure you follow GDPR and CAN-SPAM guidelines and obtain consent or have a legitimate interest in sending the emails. And don't forget to give your customers the option to opt-out at any time. With these considerations in mind, abandoned cart emails can be a powerful tool to recover lost sales and increase revenue.

Email Marketing
Do Abandoned Cart Emails Violate CAN-SPAM / GDPR?

Written by: Hayley Bonnett

Hayley Bonnett is one of our Canadians working from Calgary, Alberta, a great location for her due to her love of the mountains. She recently graduated with a BBA majoring in marketing and is excited to continue learning and further her education even more.

Let's Get to Work!

We’d love to chat about how we can help you with your next project.

Get started

Let's Get to Work!

We’d love to chat about how we can help you with your next project.

Get started