I'm subscribed to "Visual Studio Dev Essentials" (so that I can download older versions of Visual Studio from the Microsoft website), but they are sending me unwanted marketing emails regarding both Visual Studio Dev Essentials, and other products.
In the footer of the email, it says that to unsubscribe from the emails, I must unsubscribe from the service, which I don't want to do.
Is this legal? Note that I'm based in the UK, but Microsoft (the parent company at least) is based in the US.
No, it's not legal.
The General Data Protection Regulations (GDPR) apply given that you are in the UK (regardless of where the Data Processor is based). The UK GDPR is slightly modified due to Brexit, but the same principles apply.
The only plausible legal basis for this action would be that you consent to it, and you're entitled to withdraw that consent at any time.
Some may claim that Article 6.1(b) applies, i.e. that it's necessary to send marketing email in order to fulfil the contract, but GDPR is clear that bundling such consent into a contract for service simply to permit the data processor additional actions isn't allowed, as I'll demonstrate.
UK GDPR requires that consent to use your personal information (in this case, your email address) for the stated purpose be freely given.
Consent to use your information for direct marketing is not freely given if it's inseparable from the consent to use it for some other service, as per [recital 43]:
Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
And Article 7.4 gives this legal effect:
When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
The intent of Article 6.1(b) is that only the processing required for the service you have bought is allowed (e.g. if you supply your address for delivery of stuff you've bought, the data processor can use that address to send you the stuff, but is not allowed to add a contract term that allows them to send you unwanted stuff).
Examples of emails that Article 6.1(b) would allow (in my assessment) include things such as notification of upcoming downtime, or a reminder that subscriptions are due, but not unsolicited advertisements for other products. There's a grey area that's open to interpretation, where adverts are piggybacked onto actual service messages.
Unless a stipulation in a contract is clearly illegal in the contract's stated jurisdiction, it's legal to have it in a contract, and the Terms of Service (TOS) you clicked through is a contract. If you don't like the TOS, and the fact that you agreed to receive marketing emails, you don't have to use Microsoft's service.
Edit re: comments: Yes, processing personal information in terms of emails addresses under the DPA does take place, when signing up for or closing an account. You seem to be interpreting that processing personal information takes place when Microsoft simply sends an email; I don't see that.
And, don't forget that Microsoft is a huge company with the best lawyers money can buy; they would certainly try very hard to not violate GDPR or DPA with a TOS or marketing tactics, as they have too much to lose in the international market.
Being in the UK you probably fall under the GDPR (unless the UK removed itself from that, I don't think they did).
The GDPR gives you the right to have your data removed from a database upon request, it does NOT stipulate that such removal have no consequences when it comes to receiving services and products from the entity your data was stored by. It also requires that only data required for the performance of the service be retained, meaning that the data you requested be removed is data needed to provide the service. Thus you want your email address to be removed, your email address is needed to provide you the service of attaining those downloads, thus removal of your email address makes providing you those downloads impossible.
You can of course always just create a filter in your email client that automatically deletes any and all emails you don't want to read.
According to the CAN-SPAM Act:
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
Looking at § 316.3 Primary purpose, the described messages almost certainly would not be considered transactional since 316.3(a)(3)(ii) says:
A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is the commercial advertisement or promotion of a commercial product or service. Factors illustrative of those relevant to this interpretation include the placement of content that is the commercial advertisement or promotion of a commercial product or service, in whole or in substantial part, at the beginning of the body of the message; the proportion of the message dedicated to such content; and how color, graphics, type size, and style are used to highlight commercial content.
So requiring you to login and delete your account goes beyond what is allowed for compliance with the act ("provide any information other than the recipient's mail address").
Since Microsoft is a US corporation, they would be held to the CAN-SPAM act. I don't think you can personally make an FTC complaint that they are violating the act, but anyone else in the US should be able to make a claim.
The corner point here is that the user agreement is a contract between you and Microsoft, and that contract clearly states that all along the program life, you will receive marketing emails.
If that contract is in contradiction with other general laws, what matters is the precedence rule observed in both the UK and the USA. AFAIK (but IANAL) in France and more generally in the EU, the rule is that a European law prevails over a national law which in turn prevails over a private contract. The rule is that if an article of the contract is illegal it is supposed not to exist. But I had been told that in the UK a contract could prevail over a more general law, and the UK is no longer in the EU.
