{
  "id": "legal/gdpr-email-marketing-prior-consent-ombudsman",
  "signature": "AI advises a startup that sending cold B2B emails to generic 'info@' addresses is GDPR-compliant without prior consent because they are business contacts",
  "signature_zh": "AI 建议初创企业无需事先同意即可向通用 'info@' 地址发送冷 B2B 邮件，因为它们是商业联系人",
  "regex": "cold (email|outreach) (to )?generic (info@|contact@) address(es)? is (GDPR-)?compliant without (prior )?consent",
  "domain": "legal",
  "category": "data_error",
  "subcategory": null,
  "root_cause": "Under GDPR Article 6, processing personal data (including business email addresses) requires a lawful basis; legitimate interest does not automatically cover unsolicited marketing emails, and many EU member states require prior opt-in consent even for B2B contacts, with fines up to €20M or 4% of global turnover.",
  "root_cause_type": "generic",
  "root_cause_zh": "根据 GDPR 第 6 条，处理个人数据（包括企业电子邮件地址）需要合法依据；合法利益并不自动涵盖未经请求的营销邮件，且许多欧盟成员国要求即使对 B2B 联系人也需事先选择同意，罚款最高可达 2000 万欧元或全球营业额的 4%。",
  "versions": [
    {
      "version": "GDPR 2016/679",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "ePrivacy Directive 2002/58/EC",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PECR 2003 (UK)",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Assuming 'legitimate interest' is a blanket exemption for all B2B emails; DPAs in Germany, France, and Italy require opt-in consent for unsolicited emails to individuals, including business contacts.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Using a 'soft opt-in' exemption from UK PECR only applies if you have previously sold a product/service to the recipient, not for cold outreach to generic addresses.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Claiming that a privacy policy on the company website suffices as consent; GDPR requires explicit, freely given, specific, informed, and unambiguous consent prior to processing.",
      "fail_rate": 0.8,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>",
      "success_rate": 0.85,
      "how": "Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>",
      "condition": "",
      "sources": []
    },
    {
      "action": "Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.",
      "success_rate": 0.7,
      "how": "Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data.",
      "success_rate": 0.8,
      "how": "Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>",
    "Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.",
    "Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://gdpr-info.eu/art-6-gdpr/",
  "official_doc_section": null,
  "error_code": "GDPR-EMAIL-B2B-001",
  "verification_tier": "ai_generated",
  "confidence": 0.85,
  "fix_success_rate": 0.75,
  "resolvable": "partial",
  "first_seen": "2024-03-15",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}