Laws & Regulations
Email is subject to laws and regulations; it is your responsibility as a sender to know which ones apply to you, what is covered, and what the penalties are. This page contains a few of the more common regulations, as well as links to official texts and breakdowns.
The content on this page is NOT legal advice.
Please refer directly to the official documentation for each regulation, and ensure that you look up any additional laws and regulations for your location and the location of your contacts.
CAN-SPAM
Controlling the Assault of Non-Solicited Pornography and Marketing Act
2003
Applies to contacts in the United States of America
Donโt use false or misleading header information.
Donโt use deceptive subject lines.
Identify the message as an ad.
Tell recipients where youโre located.
Tell recipients how to opt out of receiving future marketing email from you.
Remember that subscribers and members can opt out of marketing emails, too.
Honor opt-out requests promptly.
Monitor what others are doing on your behalf.
Breakdown:
โฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆ
CCPA
California Consumer Privacy Act
2018
Applies to residents of California in the United States of America
The right to know about the personal information a business collects about them and how it is used and shared
The right to delete personal information collected from them (with some exceptions)
The right to opt-out of the sale or sharing of their personal information including via the GPC
The right to non-discrimination for exercising their CCPA rights.
Breakdown:
The right to correct inaccurate personal information that a business has about them; and
The right to limit the use and disclosure of sensitive personal information collected about them.
Additional rights added by CPRA as of 2023:
โฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆ
CASL
Canada's Anti-Spam Legislation
2014
Applies to contacts in Canada
sending you commercial electronic messages without your consent, including email, social media and text messages
altering the transmission data in an electronic message so the message is sent to a different destination without your express consent
installing software on your electronic devices without your consent (including, in some cases, updates and upgrades, even if you were the one who installed the original software)
using false or misleading representations to promote products or services online
collecting personal information by accessing a computer system or electronic device illegally
harvesting addresses (collecting and/or using email or other electronic addresses without permission)
Prohibits senders from:
โฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆ
GDPR
General Data Protection Regulation
2016
Applies to contacts in the European Union or European Economic Area
Lawfulness, fairness and transparency โ Processing must be lawful, fair, and transparent to the data subject.
Purpose limitation โ You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
Data minimization โ You should collect and process only as much data as absolutely necessary for the purposes specified.
Accuracy โ You must keep personal data accurate and up to date.
Storage limitation โ You may only store personally identifying data for as long as necessary for the specified purpose.
Integrity and confidentiality โ Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
Accountability โ The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
Breakdown:
โฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆ
Other Regulations
PECR
(Privacy and Electronic Communications (EC Directive) Regulations) [2003]
United Kingdom
๐ Official Text | Plain Language BreakdownSpam Act; Spam Regulations
2003; 2021
Australia
๐ Official Text | Plain Language Breakdown
This section is not all-encompassing. Let me know of other regulations to include via the form in the footer below.
โฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆโขยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทโขโฆ
Have questions, comments, concerns, suggestions, or corrections?
Leave me a message!
a250ok is a personal project, created and maintained by Amy Watkins. The goal of this website is to provide a hub of resources for email marketers and anyone looking to send bulk email.
Most of the resources on this website are third-party and not affiliated with a250ok. This website is intended as a guide and not official advice, especially legal advice.