What’s the difference between legal compliance and ethical practice?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You can be completely legal and still be the sender everyone hates. That's the gap between legal compliance and ethical practice, and it's wider than most email marketers realize.

Legal compliance means you're following the rules that can get you fined or sued. CAN-SPAM says you can send unsolicited commercial email as long as you include a physical address and an opt-out link. GDPR says you need a lawful basis for processing personal data. Those are the floors. The law tells you what you must do (and what you can't do without consequences). It doesn't tell you what you should do.

Ethical practice is everything above that floor. It's asking whether the person actually wants this email, not just whether they technically opted in two years ago via a pre-ticked checkbox buried in a checkout flow. It's honoring the intent behind a subscription, not just the letter of it.

Here's a concrete example. Under CAN-SPAM, you can add someone to a list after they buy from you and keep emailing them until they opt out. Perfectly legal. But if they signed up for a one-time discount and you're now sending three promotional emails a week about products they've never looked at, that's not what they expected. It's legal. It's also the kind of thing that kills trust and feeds your spam complaint rate over time.

Another one: GDPR allows legitimate interest as a lawful basis for certain emails. Some brands use that as a loophole to justify cold outreach they'd never get explicit consent for. The ICO won't necessarily come knocking. But the recipient still didn't ask for that email. Ethical practice means you'd ask yourself "would this person want to hear from me?" before sending, not just "can I technically justify it?"

The practical difference shows up in your sender reputation. Legal compliance doesn't protect your deliverability. Mailbox providers like Gmail and Outlook don't care if you followed CAN-SPAM. They care whether recipients are clicking "spam" on your emails. Ethical sending, the kind where people actually want what you're sending, is what keeps your reputation intact.

If you're looking to audit where your program sits on that spectrum, the questions in the ethical boundaries of email marketing section are a good place to start. Or if something feels off and you want a real set of eyes on it, our SOS hotline is free.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Find where your program crosses the line

I send [describe your email program: e.g. weekly newsletter, post-purchase sequences, cold outreach] and I want to check whether it's ethical, not just legally compliant. Based on my setup, can you give me a ranked list of the practices most likely to feel intrusive or unwanted to recipients, even if they're technically allowed?

Edit the yellow boxes, then send to the AI of your choice.