Sapna has completed a Bachelor of Arts/Laws. Since graduating, she's worked primarily in the field of legal research and writing, and she now writes for Sprintlaw.
Contents
Email marketing can be one of the most cost-effective ways to grow your business in New Zealand.
But it’s also one of the easiest places to accidentally breach the law - especially if you’re using purchased lists, running fast-paced promotions, or relying on third-party tools that handle subscribers for you.
This guide is updated for current expectations and enforcement focus, and it walks you through the key legal rules you need to follow so your campaigns are compliant (and your brand reputation stays intact).
What Email Marketing Laws Apply In New Zealand?
In New Zealand, email marketing is mainly governed by a mix of “anti-spam” rules, privacy rules and fair trading rules.
In practice, you should assume you need to comply with all of the following whenever you send a marketing email (or SMS) to someone in NZ:
Unsolicited Electronic Messages Act 2007 (The “Spam Act”)
This is the core law for email marketing. It sets the rules for when you can send commercial electronic messages, and what those messages must contain.
The Spam Act focuses on three big ideas:
- Consent - you generally need permission (express or inferred) before you send marketing messages.
- Identification - the recipient must be able to clearly identify who is sending the message.
- Unsubscribe - you must include a functional unsubscribe option and honour it.
Privacy Act 2020
If you’re collecting, storing, using, or sharing email addresses (and you are), you’re dealing with personal information in many cases.
That means your email list practices should line up with the Privacy Act - including transparency about what you’re collecting and why, keeping it secure, and not using it in ways that would surprise people.
This is where a properly drafted Privacy Policy can make a real difference, because it helps you explain your list practices clearly from day one.
Fair Trading Act 1986
The Fair Trading Act is relevant whenever you’re advertising or promoting products/services - including via email.
In simple terms: don’t mislead people. That applies to:
- subject lines (no “Re: invoice overdue” style tricks if it’s actually a promotion)
- discount claims (“50% off” needs to be genuine and correctly calculated)
- “limited time” offers (they need to truly be limited)
- testimonials and reviews (they must be real and not misleading)
Other Laws That Can Be Relevant
Depending on what you’re marketing and how you run campaigns, you might also need to consider:
- Consumer law (e.g. refund, repair and replacement expectations when selling to consumers)
- Industry-specific rules (for regulated products and services)
- Terms of use on marketing platforms (like Mailchimp, Klaviyo, HubSpot, Shopify Email) - these don’t replace NZ law, but they can create extra compliance obligations
What Counts As “Email Marketing” Under NZ Spam Rules?
The Spam Act doesn’t just target obvious newsletters.
It applies to commercial electronic messages, which can include emails, SMS, and DMs in some contexts, if the message is marketing or promotional in nature.
Common Examples Of Commercial Messages
- promotional newsletters
- product launch announcements
- abandoned cart reminders (often considered marketing if they encourage a purchase)
- discount codes and limited-time offers
- “refer a friend” invites
- upsells and cross-sells after a purchase
- messages encouraging reviews, referrals or repeat purchases (depending on content)
What About Transactional Emails?
Some emails are genuinely “service” emails rather than marketing - for example, order confirmations, shipping updates, invoices, password resets, or critical service notices.
However, be careful: if you add promotional material into a service email (like “10% off your next order” or “check out our new range”), it can start to look like a commercial message and should meet the consent and unsubscribe expectations.
One practical way to manage expectations is to align your website legal documents - for example, your Website Terms and Conditions and checkout disclosures - with how you communicate with customers.
Do I Need Consent To Send Marketing Emails In New Zealand?
In most cases, yes. Consent is the heart of compliant email marketing in New Zealand.
The Spam Act recognises different types of consent, and understanding them helps you build your list the right way (and avoid the headache of complaints later).
Express Consent (The Safest Option)
Express consent is when someone actively agrees to receive marketing messages from you.
Common examples include:
- they tick a box saying they want marketing emails
- they enter their email in a “subscribe” form and confirm
- they sign up at an event and clearly agree to receive your emails
Best practice: use a clear opt-in statement and consider double opt-in (where they confirm by clicking a link). It’s not strictly required by NZ law, but it’s excellent evidence if your list practices are ever questioned.
Inferred Consent (Useful, But Riskier)
Inferred consent can apply where there is an existing relationship and it would be reasonable to think the person expects to receive certain marketing messages.
For example, if someone buys from you and gives you their email during the purchase process, you may be able to send them marketing about similar products - but only if it’s within reasonable expectations.
Inferred consent is where many businesses slip up, because it’s easy to assume “they’re a customer, so we can email them anything.” That’s not how it works.
To keep it reasonable:
- keep the marketing related to what they engaged with
- don’t email them forever with no limits
- make sure they can opt out easily
- don’t surprise them (surprise is usually what triggers complaints)
Buying Lists: Why It’s Usually A Bad Idea
Purchased lists are one of the fastest ways to attract spam complaints.
Even if the list seller claims the contacts “consented,” the real question is whether they consented to receive your marketing messages specifically (not just “marketing from partners”).
In many cases, purchased lists are either:
- non-compliant,
- poor quality (leading to bounces and reputation damage), or
- consent is impossible to prove if someone complains.
If you’re working with a marketer, lead generator, or agency who provides you contacts, it’s worth documenting consent responsibilities in a proper Marketing Service Agreement so it’s clear who is responsible for compliant collection practices and what evidence must be kept.
What About B2B Email Marketing?
B2B marketing isn’t a “free pass” in New Zealand.
You may be able to rely on inferred consent more often in a business context (for example, contacting someone about products relevant to their role), but you still need to ensure the message is commercial, reasonable, properly identified, and includes an unsubscribe function.
What Must My Marketing Emails Include To Be Compliant?
Even with consent, you still need to structure the email correctly.
Under the Spam Act, compliant commercial messages must include clear sender identification and a working unsubscribe facility. These are non-negotiables.
1. Clear Sender Identification
Your recipients should be able to quickly tell:
- who is sending the email (your business name)
- how to contact you (a way to reach you, commonly an email address and/or physical address)
Using a “no-reply” address can create practical issues (people can’t easily contact you), and it can make complaints more likely.
2. A Functional Unsubscribe Option
You need to include an unsubscribe facility that is:
- clear (easy to find and understand)
- functional (it actually works)
- low-friction (ideally one click, not a login and five steps)
- honoured promptly (don’t keep emailing someone after they opt out)
Most reputable email marketing platforms handle unsubscribe links automatically - but you still need to check your templates and workflows (especially if you run multiple lists or segments).
3. No Misleading Content Or “Tricks”
Even if your email meets the Spam Act’s core requirements, misleading marketing can still breach the Fair Trading Act.
Common risky areas include:
- subject lines that imply a personal relationship or an urgent account issue when it’s really a promotion
- false scarcity (“last chance” when the offer keeps being extended)
- inflated discounts (comparing against prices you never genuinely charged)
- hidden conditions (like minimum spend, exclusions, or limited stock) that aren’t disclosed clearly
4. Promotions, Giveaways And Competitions
If your email campaign includes a giveaway or competition, make sure you have clear terms (entry criteria, closing date, how winners are chosen, any restrictions).
This is also where your privacy disclosures matter, because people need to know how you’ll use entrant data (including whether they’re being added to a marketing list).
How Should I Manage My Email List Under The Privacy Act?
Email marketing compliance isn’t only about the emails you send - it’s also about how you collect and manage data behind the scenes.
Under the Privacy Act 2020, you should take reasonable steps to protect personal information and use it in ways people would expect.
Collect Email Addresses Fairly And Transparently
When you collect an email address, you should be upfront about:
- who is collecting it (your business)
- why you’re collecting it (e.g. newsletters, promotions, product updates)
- who you might share it with (e.g. your email marketing provider)
- how people can opt out later
This is why your subscription forms, checkout pages and pop-ups should match what you say in your Privacy Collection Notice.
Keep Your List Secure
Email lists are valuable - and that makes them a target. “Security” doesn’t have to be overly technical, but it should be real.
Practical steps include:
- use strong passwords and enable multi-factor authentication on marketing accounts
- limit staff access to “need to know”
- avoid exporting lists to spreadsheets unless necessary (and store them securely)
- review app integrations (some apps gain access to your subscriber data)
- have a process for deleting or deactivating unsubscribed contacts
If something goes wrong - for example, your customer list is accessed or leaked - having a Data Breach Response Plan in place can save you time, stress, and confusion when you need to act quickly.
Be Careful With Tracking Pixels And Cookies
Many email marketing tools use tracking (like open tracking pixels and click tracking) and your website might use cookies to retarget visitors after they click from an email.
This isn’t automatically “illegal,” but it does increase your privacy compliance responsibilities - especially around transparency and consent expectations.
If you’re using tracking technologies on your site, a Cookie Policy can help you explain what’s happening in plain language, which is exactly what customers expect.
Outsourcing Email Marketing Or Using Overseas Platforms
Most NZ businesses use overseas email marketing platforms (and that’s common). But it means your subscriber data may be stored or processed offshore.
From a practical standpoint, you should:
- know which platform you’re using and where data is stored
- check whether the platform uses subcontractors (common in cloud services)
- make sure your customer-facing privacy disclosures align with reality
- be careful if you’re giving an agency direct access to your account
If you’re engaging contractors to manage campaigns and they’re overseas, it’s also worth getting the arrangement documented clearly, especially around data access, confidentiality, and deliverables.
Key Takeaways
- Email marketing in New Zealand is mainly regulated by the Unsolicited Electronic Messages Act 2007 (Spam Act), and you also need to consider the Privacy Act 2020 and Fair Trading Act 1986.
- You generally need consent to send marketing emails, and express consent is the safest and easiest to prove if a complaint is made.
- Every commercial email should clearly identify your business and include a functional unsubscribe option that is easy to use and honoured promptly.
- Avoid misleading subject lines, discount claims, or “urgent” messaging tactics, because marketing emails are still advertising and must comply with fair trading rules.
- How you collect, store and protect your email list matters - you should be transparent with subscribers and take reasonable steps to keep personal information secure.
- If you use tracking, integrations, agencies, or offshore email platforms, your privacy disclosures and internal processes should match what’s really happening behind the scenes.
If you’d like help setting up compliant email marketing practices, privacy documentation, or reviewing your campaigns, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.
Sapna GoundanMarketing Coordinator
