Back

Email disclaimer laws in the EU

As you read this, you still might be thinking that email disclaimers seem a bit pointless. There are still many schools of thought that believe email disclaimers are a holdover from the early days of email, so are not needed in the 21st century. However, no matter what your opinion is, legislation is in place that forces companies to have a compliant email disclaimer to protect their clients’ privacy.

With this in mind, lets take a look at email disclaimer laws in the European Union.

EU Directive 2003/58/EC

Introduced in 2007, the EU Directive 2003/58/EC concerns emails sent by companies as part of their business operations. Previous regulations applying to written correspondence by letter or fax were extended to emails and other forms of electronic communication.

  • All business emails must include the company’s registration number, the place of registration and the registered office address.
  • Each member of the EU had to enforce this law before 31 December 2006.

To this end, several key members adopted the directive in a number of ways:

United Kingdom
The Companies Act 1985 was already in place, applying to private and public limited companies or a Limited Liability Partnership. All business emails, letterheads, order forms and corporate websites must include:

  • The company’s registered name (e.g. ABC Ltd).
  • Registration number (listed on Companies House).
  • Place of registration (e.g. England).

N.B. You cannot just provide a link to information on your email disclaimer.

This is enforced by Trading Standards with fines for non-compliance starting at £1,000 with an additional fine of £300 per day if the breach continues. If the disclosure of the content of an email leads to a dispute, it can be argued in court that the recipient should have known to not disclose the information.

Ireland
The EU Directive was implemented by the Minister for Enterprise, Trade & Employment on 1st April 2007. Company’s email communications have to include:

  • The name of the company.
  • Place of registration.
  • Registered number.
  • Registered office.
  • Whether the company is a limited company.
  • If it is exempt from the obligation to include Limited in its name.
  • If it is being wound up, in liquidation etc.
  • Any reference to share capital must be paid-up share capital.

Germany
Implemented on 1st January 2007, all corporate electronic communication must include:

  • The company’s registered name.
  • The office location.
  • Court register.
  • Registration number.
  • The name of the managing director and the board of directors.

Failure to comply with this comes with a maximum fine of €5,000. On another note, privacy statements intended to act unilaterally, confidentiality disclaimers and liability disclaimers have no legal standing under German law.

Failure to display this information constitutes a criminal offense that is subject to a maximum fine of €2,000.

France 
Enacted on 9th May 2007,  companies in France must include the following in all electronic communications:

  • Company name.
  • Registration number.
  • Registry location.
  • Registered office.
  • If they are in the process of insolvency proceedings.

If the body corporate is a commercial company having its registered office overseas, then these have to be included:

  • Its name.
  • Legal form.
  • Address of its registered office.
  • Registration number of relevant country.
  • If it is subject to insolvency proceedings if it is appropriate.
  • If it is run by a lease manager or an authorized management agent.

Any infringement of any of these points is subject to a fine of €750 per infringement.

Italy
All Italian companies’ electronic communications must include:

  • Company registered name.
  • Registration number.
  • Place of registration.
  • Registered office address.

If applicable, whether the company is going into liquidation or being wound up.

The Netherlands
There is a Dutch law that requires every company to display their CoC number on all outgoing written communications including email. Failure to follow this law can result in a fine of up to €16,750 or up to six months imprisonment as it constitutes an economic crime.

Denmark
From 4th May 2006, all Danish companies were required to include their name, location and Central Business Register (CVR) number.

The need for Email Disclaimers

With all the regulations that are out there and the stiff penalties that can be applied to a company, it is better to prepare for all eventualities than to do nothing. The EU Directive 2003/58/EC forces companies to be more transparent so it is best practice to create a disclaimer that is specific to your organization and the country you are based in, which is then strictly enforced as company policy. This means that you are less likely to run into any legal complications in the future.

Further information

EU Data Protection Directive 95/46/EC

The European Union adopted Directive 95/46/EC to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially relating to processing, using, or exchanging such data.

A key objective of the data protection Directive is to allow the free flow of personal data between Member States by harmonizing the level of adequate protection granted to individuals. It encompasses all key elements from article 8 of the European Convention on Human Rights, which states its intention to respect the rights of privacy in personal and family life, as well as in the home and in personal correspondence.

The need for an Archiver
The need for a comprehensive email archiving solution is clear. IT administrators must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. These elements cannot be provided by generic mail servers as already indicated by compliance with the UK Data Protection Act.

Further information

Markets in Financial Instruments Directive (MiFID) 2004/39/EC

The Markets in Financial Instruments Directive 2004/39/EC came into effect on 1 November 2007, when it replaced the Investment Services Directive (ISD), which directly affects EU financial markets.

MiFID extended the coverage of ISD and introduced new and more extensive requirements that firms have to adapt to, in particular for their conduct of business and internal organization. The European Commission (EC) revised the Directive, known as MiFID II, which was adopted by the European Parliament on 15 April 2014. EU Member States are required to implement the MiFID II Directive by June 2016 and the package of measures by January 2017. This is designed to make financial markets more efficient and improve investor protection, which is of particular relevance in the aftermath of the 2008 recession.

The need for an Archiver
Email is a prime medium for exchange and storage of company records. Storage in the mail-server does not protect against falsification, nor does it protect against accidental loss or malicious removal. A purpose built email archive system will ensure that relevant data can be maintained for the desired retention period and maintain integrity of the records through tamper-proof mechanisms. Furthermore, the system will provide easy search access to recover data if required by an external auditor.

Further information

After reading this, the best advice we can give you is that you need to know what to include in your corporate email disclaimer. Also, ensure that you have an email archiver in place so that you can retain all records for compliance purposes. You never know when an eDiscovery request might come in that could cost your company millions if you can’t find that all important email.