By now everybody knows that business email addresses that go directly to one individual, such as jo********@ex*****.com, are considered personal data (personally identifiable information, or PII) for the purposes of GDPR and, increasingly, email privacy laws in other countries. But what about generic business email addresses, such as in**@ex*****.com, sa***@ex*****.com, or co*****@ex*****.com (also known as 'role account' email addresses)? The conventional wisdom is that those are not considered personal data, and so are fair game to add to your mailing list without prior consent. But not always, there's a catch!
Here's one way to tell transactional email vs marketing email: have a court slap you for putting what it says is advertising or marketing content in your opt-in confirmation email. This court decision happened inside the EU, however it is also a cautionary tale for anyone in the U.S., or Canada, or really anywhere that has national email marketing laws.
"Which copyright date should be on a website?" someone asked us recently. Webmasters are often confused about which date they should use as their copyright date on a website. In fact, a whole lot of sites have the wrong copyright date on their website. As an Internet policy institute, and because our CEO is an Internet policy lawyer, we often get questions unrelated to our core offering of email sender certification and deliverability services, and we are happy to answer them if we can. The answer to this one is actually really easy, and will make perfect sense to you once we explain it.
Political campaign email would get a free pass to your inbox, and not be allowed to be run through spam filters, if new legislation introduced by Republicans in both the U.S. House and Senate is passed. Named the Political BIAS Emails Act of 2022 (BIAS is short for "Bias In Algorithm Sorting"), a/k/a HR 8160 and SB 4409, the new law would require that email receiving systems such as Gmail, Outlook, Yahoo, and all the others, deliver political campaign email directly to your inbox, and they would be expressly forbidden to run it through their spam filters at all. We also include the full text of the proposed law at the end of this article.
There is a hidden legal danger in not confirming email addresses, and yes, even in the United States. We talk a lot about email deliverability (because hey, we're the original email deliverability service). And in that context we always explain how using double opt-in (i.e. confirmed opt-in) helps immensely with deliverability by reducing spam complaints and increasing interaction rates. But now we're going to talk about something that people rarely think about: not confirming someone's email address before you use it or add it to a mailing list can have serious legal consequences for you having nothing to do with CAN-SPAM, GDPR, CASL or any email-specific law. It can also have serious consequences for others, consequences that in turn can come back to you in serious, unexpected, but entirely avoidable, legal ways.
The one-click unsubscribe email law (sometimes referred to as the "one-step unsubscribe rule") is part of CAN-SPAM. The CAN-SPAM unsubscribe rules include that a recipient be able to effectuate their opt-out with a one-click unsubscribe, whether that is by replying to the email or by visiting a single web page. The one-click unsubscribe law is part of our Federal law, and so applies to any and all mailing lists and mailing list email.
With the UK adopting their own UK GDPR following Brexit, it's important to understand that you can't just block from your website people coming in from the EU or the UK. As we have mentioned in other articles on GDPR compliance, GDPR specifically prohibits the automated profiling of individuals, including of their online identifiers or locations, which means that it is a violation of GDPR to note, in an automated fashion, from what region in the world they are surfing over to your website.