Affiliate marketing is one of the most effective ways to share your brand and grow your business. But when it comes to affiliate marketing, you need to make sure your brand stays compliant with legal rules. There are a number of different steps you can take and approaches you can use, to maintain this compliance.

This article will cover the different types of affiliate marketing, the legal rules that apply to them, and the requirements for different affiliate marketing platforms.

Let's get started.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



What is Affiliate Marketing?

Affiliate marketing is when your brand or business partners with other people (called "affiliates") who promote your brand. These affiliates receive compensation for this promotion.

One of the most common examples of affiliate marketing is when you see links to products on a website, where the website owner receives commission when you click on the product link and purchase it.

On the flipside, your website or brand might be an affiliate for another company, where you're the one doing the promoting. If this is the case, you need to be careful that you disclose the relationship between you and the business you are promoting.

We'll cover key legal requirements shortly. First, let's take a look at a few different types of affiliate marketing.

What is Affiliate Email Marketing?

Affiliate email marketing is a marketing and advertising strategy in which you promote another business's product or service through emails you send to your customers. In exchange for this promotion, you get a commission on any sales that are made.

Here are a couple of examples of affiliate links included in emails. The first one is an email from Amber Petty:

amber-petty-newsletter-signup-affiliate-disclosure

In this example it's clear that affiliate links are being used in the email, but it's not clear which links. Here's another example from Justin Cox that improves on this:

Amber Petty affiliate disclosure section in newsletter example

In this example you can see the affiliate link is clearly labelled so that the reader knows which one it is.

Email marketing is usually about connecting with your existing customers, while affiliate email marketing relates more to building strategic business-to-business partnerships.

What is SaaS Affiliate Marketing?

For SaaS brands, partnering up with other brands through affiliate marketing is one way that leads and conversions can be generated. Products can be jointly promoted through SaaS partnerships in a few different ways.

For example, one type of affiliate marketing is through reseller partnerships. This is where a reseller purchases a SaaS product at a discounted rate, and then resells it to its customers at a higher price. Affiliates work with resellers to promote the product.

Another type, similar to email marketing, is through referrals. Customers are referred to the SaaS company or its product through a referral link. The affiliate company then earns commission on the sales or leads that result.

What is SMS Marketing?

SMS affiliate marketing is done through text messages, rather than through websites, products or emails, like the other types. Brands and companies use SMS messages (text messages) to send marketing links to customers.

SMS messages have a high open rate of 98% which is much higher than emails or other marketing approaches. This is part of what makes this approach so appealing. However, with SMS affiliate marketing there are special legal rules that apply.

Let's take a look at the legal rules applying to affiliate marketing now.

Affiliate marketing is intended to promote and strengthen your brand, so flouting legal rules is the last thing you want to do. Keeping your marketing approach compliant is also a great way that you can build trust, transparency, and a strong brand reputation.

A number of different rules apply to affiliate marketing both in the EU and in the US.

Some of these include:

  • Federal Trade Commission (FTC) Rules
  • The General Data Protection Regulation (GDPR)
  • The California Privacy Rights Act (CPRA)
  • The California Consumer Privacy Act (CCPA)
  • Telephone Consumer Protection Act (TCPA) and Cellular Telecommunications Industry Association (CTIA) rules for SMS marketing

Let's take a look at each of these in more detail.

FTC Rules

The Federal Trade Commission has put out a number of rules, as well as guidelines and materials to help businesses understand their obligations for affiliate marketing. First, consumers must be able to opt out of being marketed to.

The rule states if information is received from an affiliate, your business "may not use that information to make solicitations to the consumer about its products or services, unless the consumer is given notice and an opportunity (via a simple method) to opt out of such use of the information, and the consumer does not opt out."

Another important rule comes from the FTC's Guides Concerning the Use of Endorsements and Testimonials in Advertising. The key section for affiliate marketing relates to "Disclosure of material connections". This means that you need to disclose when there is a business or financial relationship between your company, and the company whose product you are promoting.

You can see this in the text from the FTC below:

FTC Guides: Use of Endorsements and Testimonials in Advertising

So, when you are using affiliate marketing, and have connections with other brands in promotional content or otherwise, you must disclose this.

Your disclosure should also be clear, conspicuous, and unavoidable.

This means that you cannot use vague wording. Instead, you should say "This post contains affiliate links. If you make a purchase using one of my links, I will receive a commission," or something similar.

Here's an example of what the disclosure should look like from Blake Hill House:

Blake Hill House affiliate disclosure

The disclosure should also be conspicuous and unavoidable. This means that your users should be able to see it. You can't hide them in the footer or a place where they are unlikely to be seen. The Blake Hill House affiliate disclosure link is in the footer, like this:

Blake Hill House footer link to Affiliate Disclosure

This would not be sufficient as a disclosure. However, the website also specifies in the blog posts, if a post itself has affiliate links:

Blake Hill House blog post affiliate disclosure example

This would be a sufficient disclosure, as it is clear, conspicuous, and unavoidable to see when reading the blog post.

Here's another example from the Sweet Beast Blog:

Sweet Beast Blog: Affiliate Links disclosure

This is at the top of the blog post, and is clearly positioned so that readers will see it. Now let's take a look at other legal rules that apply.

GDPR

Another key law that applies to affiliate marketing, particularly if you are operating in the EU or have EU customers, is the GDPR. The GDPR requires that if you collect the personal information of EU residents, you need to get their consent.

When you are carrying out affiliate marketing, you would need to collect personal information to do this, such as a user's name, email address, address, phone number, and more.

To comply with the GDPR, you need a Privacy Policy for your website. You need to make sure you get clear, unambiguous, active consent to your Privacy Policy.

You need to outline what data you will collect, how you will use the data, and make sure that you inform the data subject of their rights. This includes the right to withdraw their consent, as well as the right for their data to be deleted.

Here's an example from Affelios explaining what data is collected from users:

Affelios affiliate disclosure banner on website homepage

Here's an example from Custom Interactions that also discloses it participates in an affiliate marketing program:

Custom Interactions privacy policy section mentioning affiliates

Now let's take a look at more rules in the US.

CPRA and CCPA

Other important laws that you need to keep in mind include the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Both of these laws require you to let users know what data you are collecting about them. You also need to disclose that users have the right to opt out of the sale of their data, and the right to have their data deleted.

Here's an example from Apple of its California Consumer Privacy Act disclosures, which also refer to its Privacy Policy.

Apple affiliate marketing page disclosure example

In this disclosure you can see Apple acknowledges and explains the rights of California consumers. There is also more detailed information on Apple's California Privacy Disclosures page.

You can see another example in the Fortune California Notice at Collection and Privacy Notice:

Fortune California Notice and Privacy Notice: Affiliate providers category highlighted

Here, it is clearly disclosed that information is shared with marketing firms, affiliate marketing networks, and other advertising services.

If your affiliate marketing practices target, or could target California consumers, you need to comply with these two laws and inform users of their rights.

TCPA and CTIA Rules

Alongside these laws, there are special rules that apply to SMS marketing. SMS marketing uses what are called "short codes". These codes are used by businesses, and the use of such short codes is regulated.

One of the laws that applies is the Telephone Consumer Protection Act (TCPA). This is a U.S. law that regulates how companies and organisations can contact customers by SMS or phone.

The TCPA contains rules relating to telemarketing, text messaging, and Do-Not-Call lists. For the purposes of the TCPA, SMS contact is treated as a "phone call", which means you cannot message people with unsolicited SMS marketing.

Another important body to note is the Cellular Telecommunications Industry Association (CTIA). The CTIA is a trade organisation for wireless carriers in the U.S., and makes a number of guidelines for how short codes can be used.

The CTIA has set out rules that add to the TCPA. This includes guidelines for SMS marketing, called the Short Code Monitoring Handbook.

It states:

"Unsolicited messages should not be transmitted using Short Codes. Unsolicited messages include, but are not limited to, messages delivered without a Consumer's consent and messages sent after a Consumer has opted out. Sending the Consumer a single opt-out message acknowledging the opt-out request is the only exception."

The handbook also contains a number of principles for getting consent from consumers for SMS contact:

CTIA Shortcode SMS Marketing Monitoring Handbook: Promotional Message definition

You can see that for promotional messages it states "Before a business sends promotional messages, the Consumer should agree in writing to receive promotional texts."

Make sure you comply with these rules and guidelines, depending on which jurisdictions apply to your business, which types of information you collect, and what types of affiliate marketing you do.

Importantly, if you breach the TCPA, you can be subject to legal penalties. If you breach CTIA guidelines, consumers can't sue you but you could get your SMS short code suspended by the CTIA.

Now let's take a look at affiliate marketing platforms.

What Affiliate Marketing Platforms Are There and What Are Their Requirements?

A number of businesses and brands use affiliate marketing platforms to help with affiliate marketing.

These platforms can help you to monitor the performance of your links, track whether disclosures are being made, and help you to maintain compliance.

Here's a brief look at leading affiliate marketing platforms and their requirements.

Rakuten Advertising

Rakuten Advertising is a digital advertising platform that helps brands to connect with customers, including through affiliate marketing.

Rakuten provides guidance and requirements for its customers for complying with GDPR and privacy rules.

You can see Rakuten requires customers to list Rakuten as a third-party company using cookies, in the website's Privacy Policy:

Rakuten affiliate marketing platform disclosure requirements

It also notes that if a business does not have an appropriate GDPR solution, Rakuten can provide one:

Rakuten partner compliance: GDPR solution

This helps to ensure compliance with obligations through the affiliate marketing process.

CJ Affiliate

CJ Affiliate is another affiliate marketing platform. It provides short information for businesses who want to know what disclosures they need to make, or how to comply with GDPR rules.

For example, on the topic of disclosures, CJ Affiliate provides a list of helpful information for advertisers and publishers (businesses who use affiliate programs).

CJ Affiliate disclosure and compliance instructions example

Note that CJ Affiliate recommends looking directly at FTC guidelines and recommendations, to make sure that you are compliant with your disclosures.

It also notes that clients and partners should review their GDPR obligations themselves, and that GDPR best practices should be carried out.

CJ Affiliate partner marketing guidelines on GDPR

Finally, CJ Affiliate also provides "free options for gathering unambiguous consent":

CJ Affiliate partner: free options for collecting consent

This is most likely similar to Rakuten's provision of GDPR consent pop-ups and similar approaches, to make sure its clients have the tools they need to comply.

Awin

Another example is Awin. On its website, Awin has published a GDPR and ePrivacy Whitepaper, explaining how to conduct business in a compliant way when working with affiliate marketing, publishers, and advertisers.

One section provides a brief summary for customers, so they know what needs to be done:

Awin affiliate compliance and disclosure example

This guide is a useful resource if you are working with an affiliate marketing platform and want to know how the process of GDPR compliance works when shared across multiple businesses.

Summary

Affiliate marketing is a useful way that you can get word out about your brand. You can also benefit from partnering with other companies and doing affiliate marketing to earn commission from sharing their brand.

However, regardless of whether you are marketing to your customers or whether you are having your business marketed by others, you need to comply with the relevant legal rules.

First, make sure you have a clear, conspicuous affiliate marketing disclosure. In addition, set up a clear, easy to read Privacy Policy that covers both GDPR and CPRA/CCPA rules (where relevant).

If you use an affiliate marketing platform, make sure you also comply with whatever rules they have about privacy and compliance.

By taking these steps and continually checking for legal updates, you'll be in a good position to maintain your compliance obligations for affiliate marketing.

Privacy Policy Generator
The first step to compliance: A Privacy Policy.

Stay compliant with our agreements, policies, and consent banners — everything you need, all in one place.

Generate Privacy Policy