‹ Back
Building Trust 30 August 2017

CAN-SPAM – Looking Ahead & Looking Global

Craig Spiezle
By Craig SpiezleFormer Strategic Advisor

This week OTA / the Internet Society joined nearly 90 individuals and organizations submitting comments in response to the US Federal Trade Commission call for comments in regard to the CANSPAM Act.  By most accounts, the interactive marketing industry and email community have demonstrated a commitment towards compliance and the overall user experience.  Based on OTA’s own research businesses are unsubscribing to user requests well within the 10 day requirement.  Since CAN-SPAM came into effect nearly 15 years ago we have seen email and interactive marketing flourish, with increased precision and relevancy of the marketing messages being sent.  Both industry and consumers have benefited from this innovation.  At the same time we continue to see email exploited as the tactic of choice by criminals and cybercrime syndicates, underscoring the need for marketers to embrace email authentication standards and reject unauthenticated email by default.  There is room for improvement in other areas, most specifically in the discoverability, readability and transparency of the unsubscribe process and user experience.  In OTA’s comments and research we outline recommended guidance.  Read OTA’s Press Release.  Read OTA’s submission.

Looking Ahead vs the Rear View Mirror
As the internet is global and users are highly mobile, increasingly moving from one country to another, this creates challenges for businesses to comply with local jurisdictions and legal regimes.  It is important we look ahead and consider these issues and move toward enhanced opt-in and consent on data collection and specific usage.  The US is still somewhat looking in the rear view mirror versus looking ahead and should consider efforts by  Canada, Australia and the EU.  We know that the opt-in requirements in Canada’s Anti-Spam Law (CASL) and the E.U. Data Protection Directive (GDPR) have both been successfully implemented without creating a burden to business or the economy.  With the deadline to GDPR less than a year away, businesses are encouraged to move past the compliance threshold of CAN-SPAM and move toward the requirements stipulated by GDPR.  Those that fail risk being caught flatfooted and suffer distrust of their brand.

Learning From CAN-SPAM
Looking back on my involvement in the development of CAN-SPAM in 2002, it is important to reflect on where we have come from.  While the Act was originally not supported by leading trade organizations, we have found CAN-SPAM to be a very good model.  It was built on the foundation of efforts by several states including California, while preserving individual states’ rights to enforce it.  Businesses have benefited without having to navigate a patchwork of laws and regulations.  At the same time ISPs and consumers have been able to seek relief with States prosecuting some of the worst spammers.  We need a similar approach for data breach laws, which I suggest will equally benefit society.  Unfortunately once again many of the same trade groups and lobbyists continue to argue for a low bar and limit enforcement to the FTC.  Now is the time to reflect and rethink this approach and move forward and support national breach legislation.


Note: Craig Spiezle is  the managing director of AgeLight  Strategic Insights, a consultancy focused on build trust, stewardship and responsible privacy practices.  Craig is the Founder and Chairman Emeritus of the Online Trust Alliance and currently an industry advisor to the Internet Society and other organizations and government agencies.  The views represented above do not necessarily represent those of all OTA members or the Internet Society.  You may contact Craig at craigsp @ agelight.com

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...

Join the conversation with Internet Society members around the world