Marketing Profs

Anti-spam legislation at the federal level is coming, perhaps before the next presidential election. Earlier this year, Senators Conrad Burns (Republican, MT) and Ron Wyden (Democrat, OR) introduced the CAN-SPAM Act of 2003. Thanks in part to the endorsement of the Direct Marketing Association, this bill quickly became the frontrunner and recently won approval in the Senate by a margin of 97 to 0.

Now just a House vote and a presidential signature away from becoming law, the CAN-SPAM Act merits some scrutiny by the online marketing industry to figure out where we might be headed and whether the end of spam is in sight.

Definitions: What Does It All Mean?

Definitions provide insight into the intent of the legislature, but what happens when the definitions themselves leave much to the imagination? Let's explore a few potential problem spots.

1. Affirmative Consent

Up until now, those of us in the online marketing industry have used the terms “permission” or “opt-in” to describe the process by which people join legitimate email lists.

The CAN-SPAM Act defines this process as “Affirmative Consent,” meaning that “the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative.”

Taking the latter part of this definition first, “at the recipient's own initiative” likely encompasses the way most people sign up for email newsletters—by filling out a form on the Web.

But what about those tricky forms at online stores that require you check or uncheck a box to NOT sign up for a newsletter? Does the first part of the definition—“in response to a clear and conspicuous request for such consent” cover such situations? Unless this definition becomes more specific, expect to see litigation on what constitutes affirmative consent.

An additional component of the Affirmative Consent definition requires those who wish to rent their email lists to third parties to provide “clear and conspicuous notice” to recipients at the time they consent. Companies that wish to play it safe will no longer be able to bury such information in their privacy policy. Instead, they'll have to incorporate such notice into their registration forms.