EU on direct marketing – C-654/23 Inteligo Media

On 13 November 2025, the Court of Justice of the European Union held in C-654/23 Inteligo Media that free newsletters also fall within the rules on direct marketing under the ePrivacy Directive. The judgment provides clear guidance for Data Protection Officers and controllers across Europe – especially for organisations that communicate with users for marketing purposes without charging a fee.

A free newsletter is electronic direct marketing

The CJEU clarifies that an electronic newsletter may constitute direct marketing if it pursues a commercial aim – even where the recipient pays nothing. It is sufficient that the message seeks to drive users to content behind a paywall, or to build loyalty for future conversion.

This means that newsletters from media outlets, platforms or SaaS companies offering limited free content can also be caught by section 19 of the Swedish Marketing Act, which implements Article 13 of the ePrivacy Directive.

No dual legal basis – ePrivacy governs the send

The Court underlines that ePrivacy is lex specialis in relation to the GDPR. Accordingly, where the requirements in Article 13 ePrivacy are met – for example under the so-called soft opt-in – no separate legal basis under Article 6 GDPR is required to send the email.

This simplifies application of the rules. It is sufficient to meet the Marketing Act’s requirements at the point of sending; no separate legitimate interests assessment or consent under the GDPR is needed for the communication step itself.

Soft opt-in also applies to “free” services

A central aspect of the ruling is that the prior customer relationship exemption (soft opt-in) may also be applied where there has been no payment for the service. A user’s registration of a free account or access to limited content may suffice to establish the type of commercial relationship that the exemption presupposes. Many companies in practice have applied the exemption in this way, and it is nevertheless helpful that the CJEU confirms it.

This means that companies offering freemium services or gated content may, in some cases, reassess their application of section 19 of the Swedish Marketing Act and the possibility of direct marketing without consent.

When does the exemption in section 19 of the Marketing Act apply?

For a message to fall within the exemption from consent under section 19 of the Marketing Act (soft opt-in), all of the following conditions must be met:

• Contact details were provided in connection with a purchase: This may, for example, be a purchase in an online shop or a registration for a service.
• The marketing concerns the company’s own, similar products or services: The products must be of the same kind as those the user chose to purchase.
• The recipient has not opted out of marketing: If the recipient has opted out, no messages may be sent.
• The recipient must be able to opt out easily: Opt-out must be possible both at collection and in every message, for example via a clear unsubscribe link.

If any of these requirements are not satisfied, the exemption falls away and consent is required in line with the main rule.

But: the GDPR still applies to other processing

It is crucial to distinguish between stages of the processing. The judgment concerns only the act of sending the message. All prior processing – such as collecting email addresses, profiling and segmentation – still requires a legal basis under the GDPR. Key takeaways:

• Privacy notices still need to be updated
• Legitimate interests assessments (LIA) may still be required for underlying processing
• Controllers must be able to differentiate ePrivacy-grounded processing from GDPR-grounded processing

The Court also notes that different authorities may be competent to intervene. In Sweden, oversight of section 19 of the Marketing Act is currently not exercised by the Data Protection Agency, but by the Swedish Post and Telecom Authority (PTS) or another competent authority under Swedish law. This may affect how unlawful direct marketing cases are handled going forward.

What should Data Protection Officers do now?

The ruling offers a practical opportunity to streamline compliance for email and SMS marketing, but only under certain conditions. Controllers should therefore review the following:

• Map whether your newsletters meet the criteria for direct marketing under the ePrivacy Directive/section 19 of the Marketing Act
• Assess whether you meet the requirements for soft opt-in under section 19 of the Marketing Act
• Ensure all underlying personal data processing still has a legal basis under the GDPR
• Clarify in your policies and records of processing which legislation underpins each processing activity

This may also require adjustments to contract terms, transparency information and internal procedures governing the legal basis for marketing.

Do you need to review your marketing?

At Morling Consulting, our GDPR lawyers help companies secure legal compliance across all digital communications – from reviewing campaigns to selecting the appropriate legal basis and liaising with supervisory authorities. Contact us to understand how Inteligo Media affects your workflows.