If your company sends emails to your customers, you’ve most likely heard of the CAN-SPAM Act. It’s something that is ingrained into every email marketer’s strategy, and it’s not something you want to mess around with.

But the CAN-SPAM Act, established in 2003, was just the beginning of regulations on email marketing. 

Why are these standards important? Think of the number of spam emails you receive every single day. To help protect email users, these practices and regulations have been put in place to lessen the number of spam emails and ultimately fraud from email. It doesn’t just come from one easy to sell category, spam is present in nearly all email categories out there.

When it comes to the different rules and regulations that apply outside of the U.S., there’s often the question of “does it apply to my company?” It’s important to understand the different regulations and how you should proceed when contacting and collecting data on your customer base.  Crossing international boundaries with email is easy, however, other nations have different – and often stricter – laws.

While not all standards and regulations may apply, they are something you want to keep a close eye on, because it’s very likely that one-day these regulations may be adopted on a much wider spectrum. 

Canadian Anti-SPAM Legislation (CASL)

In 2014, Canada began enforcing CASL, which established  rules for sending commercial electronic messages (CEMs) and prohibits the unauthorized alteration of data during transmission.

Most importantly, the legislation required that consent is obtained before sending a commercial email. Something that is now an everyday practice in the world of email marketing. 

CASL applies to every CEM sent from or accessed by a computer located in Canada, so compliance could be problematic for senders who don’t have an opt-in audit trail.

CASL and the CAN-SPAM Act differ in several key areas:

  • CAN-SPAM is “opt-out”; CASL is “opt-in”
  • Implied consent under CASL expires in two years; CAN-SPAM has no consent expirations
  • When obtaining consent under CASL, the specific purpose must be provided upfront
  • To be CASL-compliant, in addition to a working unsubscribe mechanism, messages must include a statement that the recipient can withdraw consent at any time
  • An unsubscribe link under the CAN-SPAM Act must function for 30 days after the sending of the message and for 60 days under CASL
  • Under CASL, transactional messages must also include a working unsubscribe mechanism

And these are just a few things to be aware of. CASL has been called the “world’s toughest anti-SPAM law” both for its scope and associated penalties, so if doing business in Canada, make sure you develop a compliance strategy.

General Data Protection Regulation (GDPR)

GDPR is the newest and strictest of the email marketing regulations to date. This regulation was established by the European Union (EU) to broaden the rules on how companies handle and store data. It is designed to add additional protection and transparency levels for residents within the EU. But don’t let that fool you, GDPR still applies to companies stationed outside of the EU who do business with customers in the EU.

GDPR is a very complex regulation that has strict penalties in the form of hefty fines for companies that do not comply. Here are a few best practices to keep your business compliant and avoid costly setbacks. 

  • Make sure you have a privacy policy in place and in an easy to access location. Always make sure to keep the policy updated when any changes occur.
  • Keep records of customer consent and include an opt-out option so subscribers can leave your list if they choose to.
  • You must know what information you are storing along with where and how it was collected. Not knowing this information may result in penalties. 

If your business employs over 250 people, you’ll want to hire a data protection officer to manage your data. Although these are only a few tips to keep you compliant with GDPR, it will help you get started in the process of staying compliant with any customers you have in the EU. Keep in mind that the GDPR has gone after many major companies such as Marriott and Google, meaning no one is exempt from their rules.


When talking about penalties and fines from ignoring GDPR regulations, it’s a serious business. With over 200,000 investigations and millions of fines applied, you’ll want to make sure you know the proper steps to be taking to stay compliant.  

Other International Considerations

In addition to GDPR, anti-SPAM laws in Europe fall under one European Union directive, which in theory, would make email marketers in all EU countries subject to the same expectations. In practice, however, the 2002 EU Directive set guidelines, but each member state has had to enact its own unique laws for electronic communications.

Taking an opt-in stance on commercial email communications, the Directive stipulates that prior explicit consent is required before sending a commercial electronic message (including email, SMS, voice, fax and other electronic forms of messaging) and that an opt-out option must be clear and conspicuous.

While not an all-inclusive list, here are some other key notable items for sending commercial email campaigns to global recipients:

  • Opt-in is required for remarketing (shopping cart abandonment) messages sent to the EU. Again, the Directive is implemented by each member state independently, so you’ll want to check individual country laws for details.
  • The “Send-To-A-Friend” function is not legal in Germany.
  • In Russia, there are federal laws pertaining to advertising and to personal data, both to protect Internet users from SPAM. Both clearly indicate that sending bulk mail is only allowed with the recipient’s consent, adhering to the opt-in principle.
  • Private rights of action are available in a number of jurisdictions, including the UK, South Korea, Singapore, Mexico, Germany, and France. Starting in 2017, in Canada CASL will permit any private party to bring an action not only for compensation for losses suffered and expenses incurred but also for statutory penalties of up to $1 million per day.
  • When sending to recipients in China, either the word “AD” for English language emails or the Chinese word for “advertisement” is required in the subject line.
  • Australia’s 2003 Spam Act not only applies to email, but also to SMS and MMS messages of a commercial nature. There are three basic steps to follow to ensure compliance  with the act – Consent, Identification, and Unsubscribe.

Don’t Risk it, Stay Complaint

Compliance with email marketing laws ensures that your emails are welcome and legal, but also provides a host of other benefits, including higher open and other engagement rates. If you make unsubscribing easy, the recipients that remain are those who really enjoy reading your emails and engaging with your brand and who have a positive sentiment towards your brand, which ultimately leads to more sales and referrals.

If your company sends emails to your customers, you’ve most likely heard of the CAN-SPAM Act. It’s something that is ingrained into every email marketer’s strategy, and it’s not something you want to mess around with.