International Email Marketing Spam Laws Explained
It’s often easy to neglect the legal aspects of email marketing while striving for higher engagement rates, more attractive creative, and a more stable revenue flow. After all, it’s just a bunch of email addresses, what can go wrong, right?
Well, according to worldwide legislators – plenty! The never-ending quest for tighter privacy control, coupled with consumers’ aversion to aggressive marketing, resulted in strict laws against spam messages, unsolicited marketing, and other shady practices.
This article aims to help you stay on the good side of email marketing laws and regulations.
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 – CAN-SPAM (US)
The American CAN-SPAM Act of 2003 avoids defining spam, with the rationale being that “commercial electronic mail message” and “transactional or relationship message” represent a structure protected by the Act, so it is implied that anything going against that structure can be considered spam. This also helped solve an earlier problem, where individual states defined spam by number (“bulk”), content (“commercial”), or using the term “unsolicited”, which left much of the attacks unpunished.
The CAN-SPAM Act defines commercial electronic mail messages as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).”
Without going into too many details around the mechanisms behind each of the demands the CAN-SPAM Act puts before email marketers, what follows are the basic principles that need to be upheld to avoid having your emails marked as spam:
• Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
This example shows what an appropriate header might look like.
• Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
This example shows that the subject line reflects the content of the message.
• Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
This example shows a clear advertising message (as opposed to fake news or friendly greetings).
• Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
This is a two-in-one example, showing a clearly stated business address, as well as clear instructions on how to opt-out.
• Tell recipients how to opt-out of receiving future emails from you. Your message must include a clear and conspicuous explanation of how the recipient can opt-out of getting emails from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you.
• Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
• Monitor what others are doing on your behalf. The law makes it clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Penalties: Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $42,530, so non-compliance can be costly. Make sure you follow these basic guidelines to avoid problems with U.S. authorities!
Fighting Internet and Wireless Spam Act aka Canada’s Anti-Spam Law (CASL)
This relatively new (2014 is new as laws go) Canadian law defines a Commercial Electronic Message (CEM) as “any electronic message that encourages participation in a commercial activity, such as an email that contains a coupon or tells customers about a promotion or sale.” In terms of applicability, this law is applicable to “all communications sent by Canadian companies, to Canadian companies or messages simply routed through Canadian servers.”
A CEM is any message that:
• is in an electronic format, and includes emails, instant messages, text messages, and some type of social media communication
• is sent to an electronic address, including email addresses, instant message accounts, phone accounts, and social media accounts
• contains a message encouraging recipients to take part in some type of commercial activity, including the promotion of products, services, people/personas, companies, or organizations.
The conditions this law imposes on email marketers are, for the most part, similar to those that exist in the CAN-SPAM Act, so we won’t cover them in great detail here. Suffice it to say that, just like the CAN-SPAM Act, this law requires either implicit or explicit consent by the recipient before sending them any commercial emails. Implicit consent, however, can be as vague as having your phone number or email available in a public registry!
Penalties: The CASL threatens punishment of up to $10 million for companies and officers found guilty of being negligent towards its provisions.
More on Canada’s Anti-Spam Law.
The General Data Protection Regulation (GDPR) — EU
This regulation brought in significant changes in the way companies can market to Europeans, and it made email marketers dedicate specific attention to the way they’ve been processing personal information belonging to their European subscribers.
Besides making some of the previously mentioned demands more strict, the biggest change GDPR brought to the table concerns consent. Following the law’s entry into force a year ago, the consent is no longer viewed as implied or explicit. Instead, the GDPR defines consent required for legal data processing as “freely given, specific, informed, and unambiguous”, proceeding to define what each of the adjectives would mean in practice.
For email marketing, this meant that soft opt-ins and opt-outs are no longer an option for European contacts, which lead to most marketers establishing a strong double opt-in mechanism, where site visitors are first asked if they want to subscribe to receive emails, and then asked again to confirm their decision in more clear terms.
Here are the basic principles about how personal data should be kept, to avoid any risk from GDPR laws:
• Accurate and up to date
• Transparent about how it’s going to be used
• Restricted to the minimum needed to do the job.
Penalties: As with other regulations, a big part of the GDPR is dedicated to sanctions, with fines of up to $20 million or 4% of yearly revenue, whichever is greater.
For more information, visit the EU GDPR website.
The Spam Act 2003 (Australia)
This piece of legislation presents a continuation of the worldwide turn-of-the-millennium trend to protect email address owners from unsolicited email (and various other categories of) marketing messages.
An interesting distinction between the previously showcased CAN-SPAM, CASL, and GDPR and the Spam Act is that the Spam Act establishes its jurisdiction whenever a “commercial electronic message” is sent to an “electronic address”, which eventually panned out to include email, SMS, MMS, and instant messages.
Additionally, the Spam Act includes the designation “low or no-cost” for the unsubscribe options (i.e. the subscribers need to be able to opt-out at low or no cost), which distinguishes it from other legislation, which dictates a compulsory free opt-out. Requests to unsubscribe must be actioned within 5 business days.
Finally, a peculiar decision by the ACMA (Australian Communications and Media Authority) was to disallow sending commercial emails to generic email addresses that are publicly available (such as [email protected]), insisting that all commercial messages need to be directed to an individualized address (e.g. [email protected]).
While all this can sound intimidating and confusing at times, if you’re a legitimate business using a proper Email Service Provider (ESP), you are likely already complying with the rules.
These laws are largely targeted at spammers and are designed to prevent them from acquiring people’s email addresses without their permission and spamming them with unsolicited emails.
However, there are a few nuances in the laws that even marketers with the best intentions can accidentally violate, so it’s important to know how to stay compliant. We hope we have helped you to avoid the “I fought the law, and the law won” scenario.
If you are not sure about putting this into practice, get in touch with us to learn how we can help your business stay on the safe side of the laws.