CAN-SPAM Act requirements and international email spam laws
As the problem of spam grows, governments have enacted email compliance laws to protect their citizens from unsolicited emails. Email marketers should be aware of these local laws, as failure to comply can result in damage to their reputation and costly penalties. If you are sending emails across borders, you must make sure to comply with all relevant international regulations.
If you market to people living in the US, follow the basic provisions of the CAN-SPAM Act:
- It is illegal to send commercial emails to people without their permission first.
- All commercial messages must give the recipient an easy way to unsubscribe from future messages (“opt-out”).
- The sender must act on opt-out requests promptly.
- Commercial emails must also make it clear that the message is an advertisement or solicitation.
- The sender’s identity and physical address must be included in all commercial emails.
- It is illegal to use false or misleading header information in commercial emails.
- It is illegal to use deceptive subject lines in commercial emails.
Canada has very strict anti-spam laws. These laws apply to any communication sent by a Canadian company, to another Canadian company, or any message that is routed through a Canadian server. Thus, if you send emails into or out of Canada, you must follow the requirements of Canada’s Anti-Spam Legislation.
The General Data Protection Regulation (GDPR) is a set of laws that were enacted in 2018 in order to protect the personal data of individuals in the European Union. Under the GDPR, all electronic messages sent to or received from individuals or companies in the EU must comply with the regulation. This regulation will create a standard way of handling these types of communications across all EU member states.
There are some key similarities between these three laws regulating digital marketing and communication. They all emphasize transparency and choice for consumers, require thoughtful internal processes, come with substantial fines for non-compliance, and make it clear that businesses are accountable for their conduct. Understanding these commonalities can help businesses navigate the requirements of each law and avoid hefty penalties.
To have a better understanding of these laws, see the table below:
|Field of action
||The law specifically regulates how companies can legally send out certain types of advertisements, like those that are primarily intended to advertise products or services.
||The law covers everything from spam email and text messages to phishing for sensitive information like passwords.
||The law deals with the collection, keeping and using of personal data.
||The law extends to U.S-based businesses but it is unclear as to whether businesses outside of America have the same obligations when it comes to contacting their citizens.
||The law is applicable to everyone who sends or receives emails or any other form of electronic communication in Canada.
||These regulations apply not only to those who sell goods and services within Europe, but also to any company that collects or processes personal data on behalf of commercial enterprises with offices in one of these member states (or anywhere else).
||Businesses have no legal obligation to obtain consumer consent before sending them emails, but they can opt out if desired.
||Businesses must get consumers’ permission before collecting, using, or sharing their data. Consumers can change their minds about allowing businesses to use their data at any time.
||Businesses need to get permission from consumers before using their data. This permission can be in the form of opting in or taking some other positive action.