With the development of digital marketing, many commercial initiatives have adopted forms of e-mail promotion, using a mailing list, but without observing any of the restrictions imposed by anti-spam legislation.
Even though spam has already been the subject of two articles on this website concerning North American regulations (‘And speaking about spam…’ and ‘How Canada combats spam’), it is helpful to define ‘spam’ again here. Spam is an acronym derived from the English expression “Sending and Posting Advertising in Mass” (translated into Portuguese “Enviar e Postar Publicidade em Massa”), or Stupid Pointless Annoying Messages. Despite the different interpretations and explanations of the label, the most accepted version is that the term originated from the SPAM brand, a type of canned pork from Hormel Foods Corporation, and was associated with sending unsolicited messages after a skit from the group of English comedians Monty Python.
In its most popular usage, spam is synonymous with junk e-mail. It refers to unsolicited e-mail messages sent for advertising purposes, which may also be sent by other media, their fundamental characteristic being that they are unwanted and inconvenient for the recipient.
Given this definition, we will discuss the main anti-spam standards across the world:
1.1. THE UNITED STATES
In the USA, the American Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN – SPAM“) Act in 2003, establishing limitations for the adoption of spam across the country. The penalties levied under CAN-SPAM can reach up to U $ 43,792.00 and do not even exempt business-to-business e-mails. The Federal Trade Commission (FTC) summarizes the main points of the law:
1. Do not use false or misleading header information. Your “From,” “To,” “Reply to,” and routing information – including the originating domain name and e-mail address – must be accurate and identify the person or company that initiated the message.
2. Don’t use misleading subject lines. The subject line must accurately reflect the content of the message.
3. Identify the message as an advertisement. The law gives you a lot of leeway to do this, but you must make it clear and visible that your message is an advertisement.
4. Tell recipients where you are. Your message must include your valid physical postal address.
It can be your current address, a PO Box registered with the US Postal Service, or a private PO Box registered with a commercial mail receiving agency established in accordance with Postal Service regulations.
5. Tell recipients how to unsubscribe from future e-mails from you. Your message should include a clear and evident explanation of how the recipient can opt-out of receiving your e-mails in the future.
Construct the notice in a way that is easy for the average person to recognize, read and understand.
Creative use of type, size, color, and location can improve clarity.
Provide a reply e-mail address or other easy, Internet-based way to allow people to communicate their choice to you.
You can create a menu to allow a recipient to opt out of receiving specific types of messages, but it should include the option to block all of your business messages.
Make sure that your spam filter does not block these exclusion requests.
6. Respect exclusion requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after sending your message.
You must honor a recipient’s cancellation request within ten business days.
You may not charge a fee, require the recipient to provide personally identifiable information in addition to an e-mail address or have the recipient take any action other than sending a reply e-mail or visiting a single page on a website as a condition for honoring an exclusion request.
Once people say they don’t want to receive any more messages from you, you can’t sell or transfer their e-mail addresses, even in the form of a mailing list.
The only exception is that you can transfer the addresses to a company that you have hired to help you comply with the CAN-SPAM Act.
7. Monitor what others are doing on your behalf. The law makes it clear that even if you hire another company to handle your e-mail marketing, you cannot remove your legal responsibility to comply with the law.
Both the company whose product is promoted in the message and the company that actually sends the message can be held legally liable.
1.2. CANADA
Canada’s anti-spam legislation (CASL) protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats. It also aims to help companies remain competitive in a global digital market.
According to this law, spam is (i) unsolicited e-mail, (ii) software and unsolicited text messages, (iii) unauthorized alteration of transmission data, (iv) installation of computer programs without consent, ( v) false or misleading electronic representations (including websites), (vi) the collection of addresses (collection and/or use of e-mail or other electronic addresses without permission), (vii) the collection of personal information by accessing a computer system or electronic device illegally and (viii) malware, spyware and false or misleading representations involving the use of any means of telecommunications, short message services (SMS), social networks, websites, URLs and other locators, applications, blogs, Voice over Internet Protocol (VoIP) and any other current or future threats from the Internet and wireless telecommunications.
Canadian law prohibits the following practices:
1. sending commercial electronic messages without your consent, including e-mail, social media, and text messages;
2. changing the transmission data in an electronic message so that the message is sent to a different destination without your express consent;
3. installing software on your electronic devices without your permission (including, in some cases, updates and upgrades, even if you have installed the original software);
4. using false or misleading representations to promote products or services online;
5. collecting personal information by illegally accessing a computer system or electronic device; and
6. collecting addresses (collection and/or use of e-mail or other electronic addresses) without permission.
There is an online form to report spam or send information about other electronic threats, which, when collected, becomes an essential part of the intelligence that the Spam Reporting Center collects about spam and electronic threats.
1.3. EUROPEAN UNION
Upon the creation of the General Data Protection Regulation (GDPR) of the European Union (EU), on May 25, 2018, the following basic rules started to be applied in all countries of the EU:
1. Obtain the client’s explicit and informed consent before sending e-mail, especially if the purpose is promotional;
2. Do not use the e-mail address of a company or individual without this consent; and
3. Do not use pre-marked boxes on forms to obtain consent.
1.4. PORTUGAL
In Portugal, Directive No. 2002/58 / EC, of the European Parliament and the European Council, was incorporated into national law by Decree-Law No. 7/2004 of January 7, through its Chapter IV that regulates Communications network advertising and direct marketing. Article 22 stipulates that “the sending of messages for the purposes of direct marketing,” namely by electronic mail that “lacks the recipient’s prior consent.” Prior consent is only required if the recipient is not a legal person. Violation of this rule is penalized by a fine of € 2,500 to € 50,000, increased by one-third if a legal entity commits the act. Subsequently, Directive No. 2009/136 / EC was incorporated into Law 46/2012 – Personal data and privacy in electronic communications, which currently regulates the sending of unsolicited communications.
1.5. ENGLAND
In England, the Electronic Communications and Privacy Regulations (PECR) regulate electronic communications and restrict unsolicited marketing by telephone, fax, e-mail, text, or other electronic messages. There are different rules for different types of communication. The rules are generally stricter for marketing to individuals than for marketing to companies. Often, specific consent will be required to send unsolicited direct marketing. The best way to obtain valid consent is to ask customers to check the opt-in boxes. Pre-checked boxes do not give valid license.
1.6. GERMANY
In Germany, Gesetz gegen den unlauteren Wettbewerb (UWG) establishes the following premises to combat spam:
1. Have the client’s permission to send an e-mail to them;
2. DO NOT use a pre-checked box to obtain the customer’s consent to send an e-mail;
3. Respect exclusion requests within a “reasonable” period of time. There is no strict limit;
4. Include an unsubscribe link;
5. Use a precise ‘From’ line that identifies who the e-mail is from;
6. Include your postal address; and
7. Include information about how the customer can contact you.
1.7. AUSTRALIA
In Australia, the Spam Act of 2003 determines three (3) measures that are considered fundamental in the fight against spam:
1. Always obtain the client’s explicit and informed consent before sending an e-mail;
2. Do not use the e-mail address of a company or person without this consent; which implies the prohibition of not being able to use e-mails collected from a purchased list; and
3. Do not use pre-marked boxes on forms to obtain consent.