1-866-357-7422724 N 1st Street, Suite 200 St. Louis, MO 63102

Top

CAN-SPAM vs CASL vs GDPR – What’s the Difference?

CAN-SPAM-vs-CASL-vs-GDPR

CAN-SPAM vs CASL vs GDPR – What’s the Difference?

There are different degrees of concern among marketers (and organizations) when it comes to email, spam and regulations that govern how and when you can send email to contacts.

But what most people don’t understand is the differences between the major governing rules for email and spam.

What is the Difference Between CAN-SPAM, CASL and GDPR?

The biggest difference between the 3 is the global geography that they affect. Each of these email policies only applies to specific countries and regions so we’ll go into each of them to explain the difference.

Of the three the least strict is the U.S. based CAN-SPAM, followed by the Canadian CASL law and lastly the most strict and comprehensive is the European GDPR.

 

What is the CAN-SPAM Act and What Can You / Can’t You Do?

CAN-SPAM actually stands for “Controlling the Assault of Non-Solicited Pornography and Marketing” and was created to protect consumers by prohibiting the use of deceptive or misleading information in commercial marketing emails (commercial emails are those intended to market a commercial product or service). This act applies only to the United States.

The running joke among email marketers (at least the ones who aren’t uptight) is that the CAN-SPAM Act allows you to do just what it’s named, that you “Can Spam” people.

The reason this is said is because this act is an Opt-Out regulation. As long as the people you are sending email to haven’t told you to stop, then you can continue to send them email. It really is that simple.

To stay compliant you have to not be egregiously attempting to deceive your intended recipient and give them the mechanism to Opt-Out which is what you’ll typically see as an unsubscribe link.

*Linked here is the full act https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/can-spam-rule

 

What is the CASL Law and What Can You / Can’t You Do?

CASL actually stands for “Canada’s Anti-Spam Legislation” and was created to regulate how organizations collect, use, and disclose personal information when conducting or operating their businesses. While this legislation is only active for recipients in Canada, enforcement agencies claim they will enforce this against anyone globally who violates their act. But as it relates to the United States following the expansion of the Safe Web Act in 2012 only 63 cases have been pursued from 9 different countries and all of these cases were large scale operations intentionally violating, exploiting and deceiving recipients.

So if you’re not a big company and you’re not intentionally trying to deceive recipients in a significant way then you really are safe.

The CASL Law is an Opt-In legislation that essentially states you cannot email someone without their prior consent (consent in this case is both explicit and implied).

*Linked here is the full law https://laws-lois.justice.gc.ca/eng/acts/E-1.6/index.html

 

What is the GDPR and What Can You / Can’t You Do?

GDPR actually stands for “General Data Protection Regulation”, was enacted by the European Union and is the most strict and comprehensive global privacy act ever put in place. Again it was created to protect consumers data and privacy like the others.

This one is also an Opt-In regulation meaning that you must give consent prior to being shown commercial marketing messages (including email). It applies to recipients of the European Union, but is intended to affect any global business that sends messages to those recipients.

The GDPR is why you know see so many “cookie” consent notifications on websites.

Again there is still leniency here because there are considerations for sending electronic commercial messages to consumers who have legitimate legal interests with you such as being an existing customer, partner, etc.

*Linked here is the full GDPR laws https://gdpr-info.eu/

 

Main Takeaways on Data Privacy, Regulations and Email Marketing.

While we only covered a small portion of each of these Acts, Laws and Regulations we can say to you that the goal for each of them is to protect the privacy and data of consumers online.

We typically focus on the Email Marketing aspect because it is the main area that an individual business has control over when it comes to potentially violating a rule within these laws.

And while a good number of marketers get bent out of shape about pixels, cookies and email and “following” the laws, the truth is that this is a tiny part of the overall protection that comes from these acts. The most egregious and damaging violations are from bad actors that are breaching databases, phishing in email and leading consumers through online targeting to steal information, steal identities and cause actual harm.

In nearly every case you as a U.S. company cannot be held responsible if someone breaches Google’s, Mailchimp’s or GoDaddy’s database. Why would that be your fault?

The governing bodies are focused on stopping “really bad” things and are less concerned with the nuisance of spam email or retargeted ads.

Email and retargeting are easy targets to get consumer buy-in because it’s so visible and in some cases a nuisance (if positioned that way), but the reality is that these are not the primary concerns for the majority of these Acts, Laws and Regulations.

While we are not attorneys (attorneys will wrap you in a bubble and tell you the world is going to end if you do anything), we can tell you that we’ve been doing this work for over 20 Years and have never met or known anyone personally who have been contacted by or penalized by any of these agencies.

Most marketers who speak about the doom and gloom you’ll face if you don’t follow everything “perfectly” are simply overreacting, costing you time & money and in many cases don’t even know what they are talking about.

 

This article is intended solely to be an informational piece for you to better understand our position on handling CAN-SPAM, CASL and GDPR.

If you want to talk to us about digital marketing then give us a call or contact us directly, but we aren’t putting a form in the body of this blog article because it get’s a lot of traffic and we’re not interested in queries about these laws from people (sorry inquiring minds).  We’re focused on growing your traffic, leads and sales!