Email marketing continues to be one of the most direct and effective ways to reach customers. However, as a company, you have to follow strict privacy rules.

On 13 November 2025, the Court of Justice of the European Union made an important judgement in this respect, which considerably relaxes the way in which companies are allowed to use direct marketing.

In this newsletter, we will look at how the Data Protection Authority (DPA) applied the regulations until now, what changes were introduced by the judgement of the Court, and, above all, what this means in concrete terms for your company.

Takeaways:

  • You can email existing customers more easily: to offer similar products or services.
  • No extra GDPR consent needed: if customers received their email in the context of a sale and can easily unsubscribe, you are safe from a legal perspective.
  • More security for your marketing strategy: this judgement ends the strict Belgian interpretation and gives companies more room to use email marketing in a correct and efficient manner.

1) Situation prior to the judgement

Since 2020, the DPA had a clear view on email marketing. According to the DPA, besides the European ePrivacy Directive, Article 6 of the General Data Protection Regulation, better known as the 'GDPR', also applied to electronic communication. In concrete terms, this means that an organisation should also be able to base itself on the consent or the legitimate interest of the data subject, i.e. an additional requirement to be able to engage in email marketing.

The principle of the ePrivacy Directive is that you need consent to approach individuals who are not customers electronically. However, an important exception is also provided: the so-called soft opt-in, a special rule for 'existing customers'. This exception only applies if:

  • the contact details are used for direct marketing for similar products or services;
  • the customer is given the opportunity, in a clear and explicit manner, to object (opt out) easily and free of charge; and
  • the contact details were obtained in the context of the sale of a product or service.

According to the interpretation of the DPA, the soft opt-in is not sufficient in itself without an additional legal basis under Article 6 GDPR, namely a legitimate interest. The result was that, even for existing customers, a time-consuming 'legitimate interest test' had to be performed. The Court recently expressed a different view on this.

2) The judgement

The case leading to the judgement revolved around Inteligo Media SA, the company behind the Romanian legal website avocatnet.ro. That website uses a freemium model: users get free limited access to articles, and automatically receive a daily newsletter, while more extensive functionalities are available at a charge.

The Court had to examine two questions: (1) was this a case of direct marketing; and (2) was consent required?

Direct marketing

In this judgement, the Court referred to the definition of direct marketing from the StWL Städtische Werke Lauf a.d. Pegnitz case (C‑102/20): there is direct marketing in case of communications for commercial purposes that are addressed directly and individually to users.

In the Inteligo Media SA judgement, the electronic communication qualified as direct marketing. By sending a weekly [O1] newsletter, users were prompted to read six free articles faster. As a result, they reached the limit of their free content sooner, which made users switch to the paid version sooner. The underlying aim was clearly commercial.

Requirement of consent

The Court opted for a broad interpretation of the terms 'in the context of' and 'sale' in the third condition of Article 13(2) of the ePrivacy Directive. According to the Court, the creation of a free account with limited access and a newsletter can be considered a sale. This means there does not need to be any direct payment. Indirect compensation suffices. In the case of Inteligo Media SA, this compensation consisted of offering free content in exchange for the promotion of paid services. The account was part of a broader commercial strategy to ultimately lead users to a premium offer. Therefore, the email address that was collected on creation of the account was obtained in the context of a sale of a service, taking into account the underlying aim to sell paid content.

Because the other two conditions of Article 13(2) were met (existing customers and possibility to opt out), the question arose how this provision relates to the GDPR. The Court ruled that Article 13(2) of the ePrivacy Directive acts as a special rule for electronic communication. This means that no additional legal basis under Article 6 GDPR, such as consent or a legitimate interest, is required for sending email marketing (and hence no substantial requirements under that Article of the GDPR apply). The soft opt-in in itself constitutes a valid legal basis. Obviously, the other obligations in the GDPR remain applicable.

This judgement contrasts with the view of the DPA, which for years did require an additional legal basis under Article 6 GDPR after meeting the conditions of Article 13(2) of the ePrivacy Directive. The DPA will therefore have to review its position.

Conclusion

The judgement of the Court of Justice constitutes an important turning point in the interpretation of the rules regarding electronic direct marketing. The Court is confirming that, as soon as the conditions of the soft opt-in exception are met, no additional legal basis under the GDPR is needed to send email marketing to existing customers. It remains to be seen how this case law will further develop.

The Technology, Digital & Data team of Monard Law is ready to advise you on direct marketing and other questions relating to innovative technologies, the EU Digital Strategy and privacy and data protection.

 [O1]‘daily’ zoals hierboven aangegeven?