Summary
The legality of reusing an email list after a company acquisition is complex and depends on various factors. Generally, acquired assets include customer data, and some ESPs may permit continued mailing, especially under the original brand, provided it aligns with subscriber expectations. However, stringent data privacy regulations, such as GDPR, CCPA, CASL, and CAN-SPAM, impose specific requirements. GDPR necessitates explicit consent that covers the new entity and communication purposes. CCPA mandates notification of data transfers and privacy policy changes. CASL requires consent for commercial electronic messages, and CAN-SPAM necessitates honoring opt-out requests. Using purchased lists can negatively impact sender reputation and deliverability, potentially leading to blacklisting. Experts emphasize the importance of transparency, data portability, and subscriber expectations, recommending a cautious approach with re-permissioning and compliance with applicable laws.
Key findings
- Acquired Assets May Include Customer Data: Generally, customer data, including email lists, are included as acquired assets during a company acquisition.
- Data Privacy Laws Impose Requirements: GDPR, CCPA, CASL, and CAN-SPAM impose stringent requirements on reusing email lists after acquisitions, focusing on consent, notification, and opt-out adherence.
- Transparency is Critical: Transparency, including notifying subscribers about the change in ownership and communication practices, is essential for legal compliance and maintaining subscriber trust.
- Purchased Lists Have Negative Impact: Using purchased or acquired email lists can negatively impact sender reputation and deliverability, potentially leading to blacklisting and non-compliance.
- Data Portability is Key: The legality depends on meeting data portability requirements, focusing on reasonable subscriber expectations.
Key considerations
- Assess Original Consent: Assess whether the original consent covers the new entity, communication types, and purposes, requiring fresh consent if needed.
- Adhere to Opt-Outs: Comply with CAN-SPAM by promptly honoring opt-out requests and removing those users from the list.
- Notification of Transfer: Notify subscribers about the company acquisition, changes in data usage, and any material changes to the privacy policy, as mandated by CCPA and GDPR.
- Re-Permissioning Strategies: Implement re-permissioning strategies to validate subscriber consent and ensure continued compliance with regulations, aligning with best practices for email marketing.
- Compliance with Laws: Confirm compliance with all applicable laws and regulations, including GDPR, CCPA, CASL, and CAN-SPAM, ensuring adherence to legal standards.
- Monitor Engagement: Closely monitor engagement metrics post-acquisition to identify and remove unengaged subscribers to maintain sender reputation.
What email marketers say
14 marketer opinions
Reusing email lists after a company acquisition involves legal and ethical considerations. Generally, it's permissible if the original terms and conditions stipulated the transfer of the list. Under GDPR (EU) and CASL (Canada), explicit consent is crucial; re-permissioning is necessary if the original consent doesn't cover the new entity or purpose. Transparency is key, requiring notification to subscribers about the change and offering options to adjust preferences. Ignoring opt-out requests and emailing unsubscribed users violates CAN-SPAM and other laws. Acquiring lists can negatively impact sender reputation and deliverability, potentially leading to blacklisting. Organic list growth is generally recommended.
Key opinions
- Legality Depends on Initial Terms: Reusing a list is more likely to be legal if the initial subscription terms covered the possibility of a list transfer during an acquisition.
- GDPR/CASL Requires Explicit Consent: GDPR and CASL mandate explicit consent for continued emailing; re-permissioning is necessary if consent wasn't obtained for the new entity or purpose.
- CAN-SPAM Protects Opt-Outs: Emailing users who have previously unsubscribed violates CAN-SPAM, regardless of a company acquisition.
- Negative Impact on Reputation: Acquiring and using purchased email lists can significantly harm sender reputation and email deliverability.
Key considerations
- Transparency is Crucial: Notify subscribers about the company acquisition and their options regarding email preferences; maintain transparency throughout the process.
- Subscriber Expectations: Consider the subscriber's original expectations for email communication; acquired entities should align with those expectations.
- Review Privacy Policies: Review both the original and new company's privacy policies to ensure compliance with data protection regulations.
- Re-Permissioning Strategy: Implement a re-permissioning strategy to validate subscriber consent under the new ownership.
- Monitor Engagement: Closely monitor engagement metrics post-acquisition to identify and remove unengaged subscribers.
Marketer view
Email marketer from ActiveCampaign shares that while acquiring a list might seem like a quick way to grow your audience, it often leads to low engagement and deliverability issues. Additionally, it might violate anti-spam laws and harm your sender reputation.
11 Feb 2022 - ActiveCampaign
Marketer view
Email marketer from Campaign Monitor explains that using purchased email lists is unethical, harms deliverability, and can result in being blacklisted by ISPs. It also undermines trust with your audience.
15 May 2025 - Campaign Monitor
What the experts say
3 expert opinions
The legality of reusing an email list after a company acquisition hinges on several factors. Generally, acquired assets include customer data, and ESPs may permit continued mailing, especially under the original brand, provided it doesn't cause complaints. However, this depends on data portability and subscriber expectations. GDPR's stringent consent requirements add complexity, necessitating explicit consent covering the new entity and communication purposes. Notifying subscribers about the change is vital for transparency.
Key opinions
- Acquired Assets Include Customer Data: Generally, when a company is acquired, the assets, including customer goodwill and permission, are included in the transfer.
- ESPs Tolerance of Mailing: Many Email Service Providers (ESPs) will permit continued mailing to the existing customer base of an acquired company.
- Data Portability is Important: The legality depends on whether data portability requirements are met, especially regarding subscriber expectations.
- GDPR Consent Requirements: GDPR's stringent consent requirements complicate list usage; explicit consent must cover the new entity and purposes.
Key considerations
- Subscriber Expectations: Assess subscribers' reasonable expectations of continued communication.
- Transparency of Transfer: Ensure transparency in the data transfer process.
- Notify Subscribers: Notify subscribers about the acquisition and any changes to communication practices.
- Legal Compliance: Confirm that the original consent covers the new entity or purposes as required by data protection regulations.
Expert view
Expert from Word to the Wise explains that the legality of using an acquired email list depends on whether data portability requirements are met, specifically the subscriber’s reasonable expectation of continued communication and the transparency of the transfer.
2 Feb 2023 - Word to the Wise
Expert view
Expert from Email Geeks explains that generally, when a company is bought, the assets, including customer goodwill and permission, are included. Most ESPs will allow this as long as it doesn't cause complaints, especially if the mailing is under the old brand to the customers of the old brand. It's common practice for purchasers to continue mailing existing customers.
16 Oct 2023 - Email Geeks
What the documentation says
4 technical articles
Various data privacy regulations govern the reuse of email lists after a company acquisition. The CAN-SPAM Act mandates honoring opt-out requests. GDPR requires specific, informed consent, necessitating fresh consent if the original doesn't cover the new entity/purpose. CCPA allows data transfer during acquisitions but mandates notification of the transfer and any privacy policy changes. CASL requires consent for commercial electronic messages; using lists without proper consent is illegal.
Key findings
- CAN-SPAM and Opt-Outs: The CAN-SPAM Act necessitates honoring opt-out requests; emailing those who opted out violates the Act.
- GDPR's Consent Requirements: GDPR mandates specific, informed, and unambiguous consent; new consent may be needed post-acquisition.
- CCPA's Notification Rule: CCPA permits data transfer but mandates notification of the transfer and privacy policy changes.
- CASL's Strict Consent: CASL requires consent for commercial electronic messages; using lists without it is illegal.
Key considerations
- Review and Adhere to Opt-Outs: Carefully review the acquired list and remove individuals who have previously opted out.
- Assess Original Consent: Assess whether the original consent covers the new entity, communication types, and purposes.
- Provide Adequate Notification: Notify consumers of the transfer and any material changes to the privacy policy, in compliance with regulations.
- Obtain Fresh Consent: Consider obtaining fresh consent from individuals on the list to ensure compliance with current regulations.
Technical article
Documentation from the Federal Trade Commission states that the CAN-SPAM Act requires senders to honor opt-out requests promptly. If the acquired company's list contains individuals who opted out, the acquiring company must not email them, as reusing such a list would violate the act.
4 Oct 2021 - Federal Trade Commission
Technical article
Documentation from Canadian Anti-Spam Legislation (CASL) emphasizes that consent is required to send commercial electronic messages. The law is very strict and purchasing or using lists without proper consent is illegal. Must provide proof of consent if you want to contact someone.
19 Dec 2021 - Government of Canada
Are email list cleaning services useful for improving email deliverability, and how do they work?
Can I email a competitor's customer list if they went out of business and gave it to me?
How can I improve email deliverability for a client with a poor sender reputation and questionable email acquisition practices?
How can I safely message inactive email addresses without damaging my sender reputation?
How should I validate my email list hygiene and what factors should I consider when choosing a list cleaning service?
Is purchasing email lists a good strategy for local business?
