# AI 建议初创企业无需事先同意即可向通用 'info@' 地址发送冷 B2B 邮件，因为它们是商业联系人

- **ID:** `legal/gdpr-email-marketing-prior-consent-ombudsman`
- **领域:** legal
- **类别:** data_error
- **错误码:** `GDPR-EMAIL-B2B-001`
- **验证级别:** ai_generated
- **修复率:** 75%

## 根因

根据 GDPR 第 6 条，处理个人数据（包括企业电子邮件地址）需要合法依据；合法利益并不自动涵盖未经请求的营销邮件，且许多欧盟成员国要求即使对 B2B 联系人也需事先选择同意，罚款最高可达 2000 万欧元或全球营业额的 4%。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| GDPR 2016/679 | active | — | — |
| ePrivacy Directive 2002/58/EC | active | — | — |
| PECR 2003 (UK) | active | — | — |

## 解决方案

1. ```
   Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>
   ```
2. ```
   Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.
   ```
3. ```
   Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data.
   ```

## 无效尝试

- **** — Assuming 'legitimate interest' is a blanket exemption for all B2B emails; DPAs in Germany, France, and Italy require opt-in consent for unsolicited emails to individuals, including business contacts. (70% 失败率)
- **** — Using a 'soft opt-in' exemption from UK PECR only applies if you have previously sold a product/service to the recipient, not for cold outreach to generic addresses. (60% 失败率)
- **** — Claiming that a privacy policy on the company website suffices as consent; GDPR requires explicit, freely given, specific, informed, and unambiguous consent prior to processing. (80% 失败率)