Plus, the law has ended up looking fairly weak compared to newer regulations like GDPR. The Coalition Against Unsolicited Commercial Email (CAUCE) says one of the biggest shortfalls is the lack of a requirement to opt-in to an email list. Yes, CAN-SPAM requires an easy way to opt out, but companies can add anyone to their email lists without violating this law.
Find out more about CASL
When it passed in 2014, CASL – – took the fight against spam much further than CAN-SPAM.
Some people initially assume that, if it’s a Canadian law, it doesn’t matter to the rest of the world. However, it does because the law can apply to any company sending emails to someone living in Canada, not just Canadian companies.
CASL quickly set a new standard and advanced far beyond CAN-SPAM. That law set requirements that gave consumers a trustworthy way to opt out of an email list. But CASL set requirements regarding the opt-in process.
With CASL, you must acquire consent from the subscriber Uzbekistan Business Email List before adding them to your email list. You cannot presume it with a pre-checked box. And, CASL applies to other types of communications from companies, such as text messaging, social media, and instant messaging.
CASL’s biggest achievement was to solidify the consumer’s ability to choose to be added to an email list.
Learn more about , and see examples of how to get express consent.
The(GDPR), which was passed in 2018, is a European law that applies to every member nation of the EU. Like CASL, the GDPR affects companies from around the world if they have email subscribers who live in EU nations.
GDPR took data privacy far beyond CASL and CAN-SPAM. It has become the standard to which other data privacy laws are compared.
These are the seven key principles of GDPR:
- Lawfulness, fairness, and transparency: Have a legitimate reason for collecting personal data and be clear and honest about how it’s used.
- Purpose limitation: Set boundaries around how and why you’ll use personal data.
- Data minimization: Only collect the personal data you actually need.
- Accuracy: Make sure the data is clean and up-to-date.
- Storage limitation: Justify the length of time you store personal data.
- Integrity and confidentiality: Secure the data and protect it from internal or external threats.
- Accountability: Keep records that prove you are following GDPR guidelines instead of just saying you are in compliance.
GDPR also addresses the larger question of what comprises “personal data.” Is it just information like name, email, phone number, and numerical identification? Or is it also photos, health records, social posts, and purchase history?
With regard to email privacy and spam, GDPR elaborated on the concept of consent. This law prohibits even asking for consent for an email address unless it’s necessary for the service being provided. In other words, you may need their email address to send transactional emails like receipts and shipping notices, but you cannot just add that address to your marketing email list without their permission.
Recordkeeping is important for GDPR compliance. You must keep documentation of consent history for each subscriber, and have a way to provide all the PII upon request. That’s UAE Cell Number because consumers can make Data Subject Access Requests (DSARs), which require companies to produce all of the data collected on an individual and provide it to the subject.