By now everybody knows that business email addresses that go directly to one individual, such as jo********@ex*****.com, are considered personal data (personally identifiable information, or PII) for the purposes of GDPR and, increasingly, email privacy laws in other countries. But what about generic business email addresses, such as in**@ex*****.com, sa***@ex*****.com, or co*****@ex*****.com (also known as 'role account' email addresses)? The conventional wisdom is that those are not considered personal data, and so are fair game to add to your mailing list without prior consent. But not always, there's a catch!
As we have always predicted they would, the shortcomings of the CAN-SPAM Act have given rise to new state email opt-in laws and email consent laws, in the form of their new personal data privacy laws. The new Connecticut privacy law, along with new privacy laws in Colorado, Virginia, and Utah, all require consent before you can send targeted advertising to someone whose personal data you have acquired.
Here's one way to tell transactional email vs marketing email: have a court slap you for putting what it says is advertising or marketing content in your opt-in confirmation email. This court decision happened inside the EU, however it is also a cautionary tale for anyone in the U.S., or Canada, or really anywhere that has national email marketing laws.
"Which copyright date should be on a website?" someone asked us recently. Webmasters are often confused about which date they should use as their copyright date on a website. In fact, a whole lot of sites have the wrong copyright date on their website. As an Internet policy institute, and because our CEO is an Internet policy lawyer, we often get questions unrelated to our core offering of email sender certification and deliverability services, and we are happy to answer them if we can. The answer to this one is actually really easy, and will make perfect sense to you once we explain it.
Here are the answer to the two most common questions we get about the law which allows you stop spam text messages being sent by an SMS spammer by making the SMS spammer pay you. This is your right under Federal law, specifically the TCPA (TCPA stands for the Telephone Consumer Protection Act). SMS marketing has become the darling of the marketing community, but if you haven't consented to receive their marketing text messages, and if your mobile number is on the Federal Do Not Call list, they are violating Federal law (the TCPA).
Political campaign email would get a free pass to your inbox, and not be allowed to be run through spam filters, if new legislation introduced by Republicans in both the U.S. House and Senate is passed. Named the Political BIAS Emails Act of 2022 (BIAS is short for "Bias In Algorithm Sorting"), a/k/a HR 8160 and SB 4409, the new law would require that email receiving systems such as Gmail, Outlook, Yahoo, and all the others, deliver political campaign email directly to your inbox, and they would be expressly forbidden to run it through their spam filters at all. We also include the full text of the proposed law at the end of this article.
There is a hidden legal danger in not confirming email addresses, and yes, even in the United States. We talk a lot about email deliverability (because hey, we're the original email deliverability service). And in that context we always explain how using double opt-in (i.e. confirmed opt-in) helps immensely with deliverability by reducing spam complaints and increasing interaction rates. But now we're going to talk about something that people rarely think about: not confirming someone's email address before you use it or add it to a mailing list can have serious legal consequences for you having nothing to do with CAN-SPAM, GDPR, CASL or any email-specific law. It can also have serious consequences for others, consequences that in turn can come back to you in serious, unexpected, but entirely avoidable, legal ways.
Every business email sender knows about the CAN-SPAM Act of 2003, but did you know that CAN-SPAM compliance isn't enough? By "not enough" we mean that if you consider compliance with CAN-SPAM to be all that you have to do to also be in compliance with your email sending platform, and in compliance with the inbox providers hosting the email inboxes to which you are sending email, well, you need to keep reading.
The one-click unsubscribe email law (sometimes referred to as the "one-step unsubscribe rule") is part of CAN-SPAM. The CAN-SPAM unsubscribe rules include that a recipient be able to effectuate their opt-out with a one-click unsubscribe, whether that is by replying to the email or by visiting a single web page. The one-click unsubscribe law is part of our Federal law, and so applies to any and all mailing lists and mailing list email.
With the UK adopting their own UK GDPR following Brexit, it's important to understand that you can't just block from your website people coming in from the EU or the UK. As we have mentioned in other articles on GDPR compliance, GDPR specifically prohibits the automated profiling of individuals, including of their online identifiers or locations, which means that it is a violation of GDPR to note, in an automated fashion, from what region in the world they are surfing over to your website.
