Is It Illegal to Share Someone’s Email Address?
Mar 12, 2025
Privacy laws in the UK and Germany are some of the strictest in the world. Data protection is not just a regulatory requirement—it is a legal framework that shapes how businesses operate. Yet, many companies still struggle with a critical question:
Is it illegal to share someone’s email address?
The answer depends on context, consent, and jurisdiction.
In some cases, sharing an email address can violate GDPR, resulting in substantial fines. In others, particularly in B2B settings where professional contact details are publicly available, it may be legal. The key is understanding privacy laws and how they impact business practices.
Understanding GDPR, PECR, and TTDSG
The General Data Protection Regulation (GDPR) governs how personal data—including email addresses—can be collected, stored, and shared in the EU. The UK follows similar regulations under the Privacy and Electronic Communications Regulations (PECR), while Germany has additional restrictions through the Telecommunications-Telemedia Data Protection Act (TTDSG).
The most important point? Email addresses are considered personal data.
Under GDPR:
Sharing a personal email (e.g., name@gmail.com) without consent is generally illegal.
Business emails (e.g., john.doe@company.com) are subject to fewer restrictions but must still be handled appropriately.
Internal sharing within a company is usually permitted, but disclosing an email externally could be a violation.
So, is sharing an email illegal? It depends on four key factors.
1. Personal vs. Business Email
Personal email addresses (Gmail, Yahoo, Outlook) are fully protected under GDPR. Sharing them without explicit consent is a violation.
Business emails have fewer protections. If obtained from a public source (such as a company website), sharing is typically allowed—within reason.
Key takeaway: If you collect and share personal emails without consent, it is illegal. But if an email is publicly available and business-related, it is usually acceptable.
2. How the Email Was Collected
The legality of sharing an email depends on how it was obtained:
Provided with consent – If someone voluntarily gives their email (e.g., by signing up for an event), sharing may be permitted—but only for the intended purpose.
Scraped from public sources – Emails found on websites or LinkedIn are not explicitly protected, but mass scraping is a legal gray area under GDPR.
Purchased from a third party – Buying email lists is almost always illegal unless explicit consent was given.
3. Who the Email Is Shared With
GDPR considers who the email is being shared with:
Internal sharing (within a company) is generally fine.
External sharing (with another business) can violate GDPR unless there is a valid reason.
Publishing an email online without consent is a direct GDPR violation.
4. The Purpose of Sharing
Businesses must have a lawful basis for processing or sharing personal data, such as:
Consent – The person has explicitly agreed.
Legitimate interest – The sharing serves a relevant business need (e.g., networking).
Legal obligation – Required by law (e.g., compliance with authorities).
If none of these apply, sharing the email is likely illegal.
The Risks of Mishandling Email Data
For businesses operating in Germany and the UK, misusing email addresses carries serious consequences.
1. Heavy GDPR Fines
Companies that unlawfully share or misuse email addresses can face penalties of up to €20 million or 4% of global revenue—whichever is higher. Regulators are actively enforcing these rules.
2. Reputation Damage and Loss of Trust
Customers expect their data to be handled responsibly. A single privacy breach can permanently damage trust, leading to lost business and negative press.
3. Email Blacklisting and Deliverability Issues
Even if no legal action is taken, improper email sharing can result in your domain being blacklisted. If flagged for spam, Google, Microsoft, and other providers may block your emails—making outreach ineffective.
Best Practices for Businesses
Instead of risking compliance violations, companies should adopt legal, ethical alternatives for collecting and using email data.
1. Use Opt-In Lead Generation
The safest way to collect and share email addresses is to obtain explicit consent.
Offer valuable content (e.g., reports, webinars) in exchange for email addresses.
Use clear opt-in checkboxes explaining how emails will be used.
Include an unsubscribe option in every communication.
2. Leverage Professional Networks Instead of Cold Data Sharing
Rather than blindly sharing email lists, use LinkedIn, industry forums, and direct introductions:
Introduce people via LinkedIn DMs or referral emails.
Ask permission before forwarding someone’s contact details.
Focus on warm introductions—they convert better and keep you compliant.
3. Implement a Privacy-First Cold Email Strategy
Cold outreach still works in 2025—but only when done strategically and legally.
Target only business emails (not personal ones).
Ensure relevance—cold emails should be job-related and valuable.
Always include an easy opt-out.
Warm up email domains to avoid being flagged as spam.
Final Verdict: Is Sharing an Email Address Illegal?
Yes, it can be—depending on the context.
Personal emails are protected under GDPR and cannot be shared without explicit consent.
Business emails have fewer restrictions, but outreach must have a legitimate purpose.
Buying, selling, or publishing email lists is almost always illegal in the UK and Germany.
Ignoring privacy laws can result in massive fines, reputational damage, and lost trust. But companies that adopt privacy-first strategies will outperform competitors while staying compliant.
The businesses that succeed in outbound sales in 2025 are not just compliant—they turn data privacy into a competitive advantage.
Want to execute cold email the right way—legally, effectively, and at scale? Let’s talk. We specialize in data-driven outbound campaigns that maximize results while keeping your brand compliant. The right strategy makes all the difference.