Regulation and legislation
Governments across the globe fight with spammers at the legislative level. Let’s check out the legal requirements in different countries, paying the punishments – the sums are quite impressive.
Since January 2004, the federal law CAN-SPAM Act (the Controlling the Assault of Non-Solicited Pornography And Marketing Act) has been in effect in the United States. It regulates the rules for sending advertising emails and also establishes liability for spammers.
The CAN-SPAM Act contains several basic provisions which have become universal email marketing standards. To put it briefly:
- No false or misleading information in the header: the recipient should be able to identify the person or entity who sent the email.
- No deceptive or misleading subject lines: it should correlate with the email content.
- Commercial messages should be clearly identified as such.
- Location information: your email should contain a valid physical postal address.
- The inclusion of an opt-out option: this link or button should be recognizable and clear.
- The opt-out request should be processed and put into effect within 10 business days.
- The sender should monitor and assume responsibility for the messages executed by third parties on behalf of the sender.
So, the CAN-SPAM applies not only to spammers but to all commercial emails. The only exception is transactional” or “relationship” messages.
The punishment is tough: according to FTC, each separate email violating the CAN-SPAM Act is subject to penalties of up to $43,7928.
The United Kingdom
The Privacy and Electronic Communications (EC Directive) Regulations 2003 is the anti-spam policy in the UK. Its principal point is that all the direct marketing messages can be sent only upon permission from the recipient and only in case of a previously established relationship. Also, the identity of the sender should be clear, and an unsubscription option should be visible and simple.
The violation of the legal requirements in the UK can result in a fine of up to £5 000 ($6 699) and even criminal prosecution.
Canada’s anti-spam legislation (CASL) is the federal law dealing with spam and other electronic communication means. It took into effect in 2014. CASL establishes the definition of CEM, which is any electronic message that encourages participation in a commercial activity. As well as in the UK, the document requires Canadian and global organizations that send CEMs to receive consent from recipients before sending out messages. In order to protect users, their consent is valid only if your request has a clear description of the proposed content, detailed contact information, and an opt-out option.
The penalties for violation impress: the fines under CASL are up to $1 million per violation for individuals and $10 million for companies.
The Spam Act 2003 and the Spam Regulations set out responsibilities for spamming under Australian law. Its main features are familiar: before sending emails you should get permission, clearly identify you as the sender and provide an easy unsubscribe option for recipients. Note: it is illegal to use or supply address-harvesting software.
The fines are also severe – up to $400 per email that does not comply with the legislation.
Europe’s long-planned data privacy and security law – the General Data Protection Regulation (GDPR) – came into effect in May 2018. This is the core of the EU digital privacy legislation which is applicable in all the countries of the block. Under this act, any organization dealing with personal data from the EU is obliged to comply with the GDPR.
Concerning anti-spam policy, there are basic points that are common for other jurisdictions as well:
- A recipient’s explicit consent before sending emails
- No pre-marked boxes on forms to obtain consent
- Transparent opt-out mechanism
- Clear and full information about the sender