OK, now that you comply with CAN-SPAM, you should consider the rest of the English-speaking world who might be signed up on your lists. We took a deep breath and dived into the complex world of international spam law for you. Here's a summary of what we found out, along with 21 useful links for more information...
(Note: We're not lawyers, nor did we have a lawyer review this article. So, please have your own legal department review matters too. Thanks.)Four basic rules of thumb
1. Every country is different
As you'd expect, each country has its own approach to anti-spam legislation (many have none at all). Don't expect email practices that comply with relevant legislation in one country to necessarily comply in another. This is not an area where you can make assumptions about what's right and wrong.
Yes, there are often common features in those national anti-spam laws that do exist, like a requirement to provide an opt-out mechanism in emails. But there are many differences, particularly in the nuances...such as what actually constitutes a commercial email.
2. Enforcement issues are still unclear
With most spam-related legislation relatively new, it's not clear just how legislators will go about enforcing the provisions. Anti-spam legislation is largely designed with spammers in mind, rather than legitimate businesses, but don't assume that lets you off the hook when it comes to compliance.
As yet, there are no working mechanisms in place to enforce national spam laws outside of a country's own borders. That does not, however, give you carte blanche to ignore these spam laws if you mail to a country, but don't have a presence there.
First, breaking the law isn't widely regarded as good business practice.
Second, while cross-border collaboration on enforcement issues is still in its infancy, it's growing. Just last month, for example, the USA, Australia and the UK announced a "memorandum of understanding on mutual enforcement assistance in commercial email matters." (See link below.)
3. Don't let the laws blind you
With all the focus on the regulatory side of email, don't forget that compliance and best practices are not the same thing.
Permission-based email marketing isn't defined as avoiding a court appearance. Legal requirements are exactly that - stuff you need to do to stay out of trouble with the law. They are not guidelines to marketing success.
4. What you can do...
-- bone up on local legislation
The full texts of national and state legislation relevant to email marketing are normally available online. Go through them with your legal team or advisor.
-- ditto official guides and explanatory documents
Most new legislation comes with supporting documents to help those affected understand the implications for business practices. Good sources for these are:
* Government agencies charged with monitoring or enforcing the legislation
* Government-funded enterprise and business-advisory agencies
-- contact your local trade representatives
Your government has trade representation in other countries - it's their job to make it easier for you to do business there. See what advice they can give you on email marketing practices. If you need to clarify an issue, they can help you find the answers.
-- contact local marketing associations
National marketing associations usually have commentary on existing spam legislation. In many cases, you'll find they have their own voluntary email marketing codes of conduct or guidelines. You'll want to adhere to these, especially if you have a local presence.
In the meantime, here's what we discovered about spam legislation in some major English-speaking markets.European Union & UK-specific Email Laws
The EU issued a "Privacy and Electronic Communications Directive" in 2002 which covered unsolicited commercial communications.
This obliged EU member states to transfer the provisions of the directive into national law by October 31st, 2003. In the grand tradition of EU directives, not every country did so. In fact, in April this year, the EU started legal proceedings against six countries for this very reason.
-- Provisions of the directive
* No direct emails are allowed which "conceal or disguise the identity of the sender and which do not include a valid address to which recipients can send a request to cease such messages."
* No marketing emails to natural persons (e.g. consumers) "unless the prior consent of the addressee has been obtained (opt-in system)." An exception is where the email address was obtained through a prior sales transaction with the owner, a quasi soft opt-in, in which case you can send marketing emails to that address, provided:
1. It's you sending the message ("the data may only be used by the same company that has established the relationship with the customer")
2. The products or services you're marketing are similar to those originally bought by the addressee
3. You give the recipient the opportunity to opt-out in each message
4. You "make clear from the first time of collecting the data, that they may be used for direct marketing and should offer the right to object"
As regards sending emails to "legal persons" (mainly business addresses), the directive leaves it to each member state to decide whether email marketing should be based on opt-in or opt-out.
Although the directive establishes basic legal objectives, it's up to member states to decide how to achieve these objectives through national legislation. So the directive in itself is not legally binding on individuals or businesses until transposed into national laws.
This means that each country within the EU has its own ways of interpreting, implementing and enforcing the directive, and each may be at a different stage in implementation.
In the UK, for example, the relevant legislation came into force on December 11th, 2003 in the Privacy and Electronic Communications (EC Directive) Regulations 2003. Here two examples of how the UK interpretation looks:
* The regulations only require opt-in for emails to "individual subscribers".
"Individual subscribers" means residential subscribers, sole traders or a non-limited liability partnership in England, Wales and Northern Ireland. (You can see where this starts to get messy.)
* According to the UK Government, a soft opt-in doesn't have to involve an actual transaction, as suggested in the EU directive, instead defining significant sales negotiations alone (without a purchase) as sufficient.Four useful links:
US Mission to the EU: http://www.buyusa.gov/europeanunion/
Full copy of the UK legislation: http://www.legislation.hmso.gov.uk/si/si2003/20032426.htm
Factsheet on UK email marketing law from Scottish Enterprise: http://www.scottish-enterprise.com/publications/europeanpri
Detailed guidance on the law from the UK Government's Information Commissioner (responsible for enforcement): http://www.informationcommissioner.gov.uk/cms/DocumentUploa
US Commercial Service in the UK: http://www.buyusa.gov/uk/en/Canadian Email Law
To date there is no spam-specific national legislation in Canada. However, marketers do need to be aware of the Personal Information Protection and Electronic Documents Act (PIPEDA) of January 1st, 2004, which restricts the collection and use of personal information online (see links below).
In May this year, Canada set up an anti-spam task force featuring government, consumer and business representatives. The group has one year to evaluate the spam issue and come up with appropriate recommendations (including possible new legislation).Four useful links:
Anti-spam task force action plan: http://e-com.ic.gc.ca/epic/internet/inecic-ceac.nsf/en/h_gv
Privacy commissioner of Canada: http://www.privcom.gc.ca/index_e.asp
PIPEDA E-kit for Businesses: http://www.privcom.gc.ca/ekit/ekit_e.asp
US Commercial Service in Canada: http://www.buyusa.gov/canada/en/Australian Email Laws
Australia's Spam Act became law on December 12th, 2003 with a 120 day grace period. The requirements are some of the strictest around and provide for daily fines for repeat offenders of over $750,000.
Any commercial email requires the prior consent of the recipient, although the regulations define contexts where this consent can be inferred, such as through a prior transaction (see links below for more details). A committee is currently working on an Email and Mobile Marketing Code of Practice which will complement the new legislation, and clarify some of the compliancy issues. Three useful links:
Australian Communications Authority (responsible for enforcement): http://www.aca.gov.au/
Spam information for Australian businesses: http://www.aca.gov.au/
US Commercial Service in Australia: http://www.buyusa.gov/australia/en/ Multinational email law link
Links to international and national spam laws