Hi,

please provide me with an overview of what the current status of email
spam laws is in the US and in the following European states: Germany,
France, Italy, Spain, UK, Sweden, Switzerland, Austria, and Denmark. I
would like a nice summary of useful "do's and dont's" from a legal
perspective. What are the differences between the countries?

Regards, tornell

---

Clarification of Question by tornell-ga on 14 Oct 2003 13:17 PDT

A pretty good link that I found is:
http://www.spamlaws.com/eu.html

---

Request for Question Clarification by pafalafa-ga on 14 Oct 2003 17:46 PDT

Hello tornell-ga,

I'm actually finding several fairly up-to-date summaries of spam laws
in many countries, including all those you mentioned plus others in
the EU and elswhere in the world.  Since this is a very new area of
law-making, the actual implementation of the laws is in the very early
stages-- the implications of what these laws mean to mass emailers
isn't yet very clear.

The formats and level of details available vary, but a typical sort of
entry looks like this:

Spain 
Law on the Information Society and Electronic Commerce 
Opt-in 
All commercial e-mail must be labeled "publicidad" (advertisement) in
the subject line.

The do's and dont's seem to boil down to a few key practices -- more
or less a combination of common sense and common courtesy.

Would links to these existing summaries -- along with my own summation
of the do's and dont's -- suffice as an answer to your question?

If not, perhaps you can explain in a bit more detail what it is you're
after.

Thanks.

pafalafa-ga
Is that the type o

---

Clarification of Question by tornell-ga on 15 Oct 2003 01:17 PDT

Hi,

to narrow down the question a little bit I shortly explain what
problems I am currently facing.

Problem 1:
On our web site customers can register and sign up for newsletters. In
the backend system, email addresses are manually collected in customer
service. Of course the web site and the backend system are not yet
integrated, which means that if a customer calls customer service and
says that he does not want to get emails, he can still get it from the
web site (or the other way around). Of course we try to avoid this,
but it can happen.
Is this illegal, or is it "only" bad for the customer satisfaction?

Problem 2:
What happens if, by mistake, an email is sent to all registered users
- not only the ones that signed in for emails?

Problem 3:
Let's say that I buy a list from a trade organization and mail these
people. Who is responsible for this I some of the customers are suing
for spam - my company or the company that sold these addresses?

Problem 4:
Should there be certain words in the subject line to state that the
email is a promotion?

Problem 5:
How should the sign-up process work? Double opt-in?

Keep these questions in mind when answering, then your example above
for Spain is fine. Please focus on making your summary well, rather
than providing every possible link, even if it is of course valuable
to see the source of your statements.

Regards, tornell

Hello tornell,

A Supreme Court Justice once famously said that he may not be able to
define pornography, but he sure knows it when he sees it.

The same might be said about spam.  No one has yet clearly defined
what spam is...or isn't.  Yet most email recepients would probably
tell you they know when they're being spammed.

The law on spam is all very new and very much in flux.  Any specifics
I tell you today may well be out-dated tomorrow.  So take this all
with several grains of salt, please, and be sure to stay current on
new developments as they emerge.  I will give you some links, below,
to help you do that.

Perhaps the vaguest area of all is -- what happens to the well-meaning
sender of email who inadvertently sends mail to someone who doesn’t
want to receive it.  This is becoming more and more of a concern for
businesses who do not want to be seen as spammers, but certainly do
want to continue using email as a legitimate means of reaching out to
existing and potential customers.  I’ll deal with this question a bit
more below, as well.

But first, let's get some general do's and dont's listed to keep you
in pretty good graces with consumers and with the law, no matter where
in the world you send your messages to:

--Use opt-in only distribution lists for your e-mailing campaigns. 
The best lists are probably those you compile yourself.

--But just to be on the safe side, include a simple, working opt-out
process in each and every email you send.  Better yet, include two
processes, such as an automatic opt-out link to click on, and --  in
case the link doesn’t work for a given consumer -- “reply”
instructions or an email address they can send an opt-out request to.

--In addition to the opt-out process, include some sort of gracious
comment along the lines of: We never send unsolicited email, and are
sending this message only to those who have asked to receive
information from us.  If for any reason you do not wish to receive
messages from us please [describe opt-out procedures] and you will be
immediately removed from our mailing list.

--Identify yourself as clearly and completely as you can.  Include a
company name, a physical mailing address, phone number, contact
person, or any other information that you can provide about who and
where you are.  And absolutely do not use any technological tricks to
try and hide the source of the originating email.  Spammers are
notorious for hiding behind electronic veils that mask their true
identity.  The clearer you can be about who you are, the more
legitimate is your claim that you didn’t intend to spam anyone.

--In the subject heading of the email, make it very obvious what the
email is about.  If it’s an ad, say so.  If it’s notice about a
special offer or event, say so.

--Don’t make your list available to anyone else.  It can be tempting
to look for opportunities to market your distribution list, but my own
opinion here is that this is just too messy and asking for trouble. 
Keep your list to yourself.  And on the emails you send, let
recipients know that your list is 100% private, and give them a link
to your privacy policy.


In addition to the above, there are two emerging areas to be aware of:

--Many countries have already created “do not call” lists that
telemarketers are required to check before calling consumers.  The
same is beginning to happen with “do not email” lists.  Iceland
already has such a list, and other jurisdictions are considering the
same.  You will need to stay up-to-date on new developments in the law
in order to stay aware of when you will need to consult such
do-not-mail lists (however...if you mail exclusively to opt-in
consumers, then this shouldn’t be an issue for you).

--Another legal trend is that email recipients are being given
explicit rights in some areas to know where you got their address
from.  So...keep careful records in this regard, especially if you
buy/rent lists from other sources.  If a recipient asks you “How did
you get my address”, you should be prepared to fully answer this
question.

Adhering to these do’s and dont’s should offer pretty good protection
against running into problems -- complaints would hopefully be
minimal, but if someone should complain, you can make a pretty good
case for having acted responsibly.

Turning now to the specific issues you raised, let’s take them one by
one:

----------------------------------
Problem 1: On our web site customers can register and sign up for
newsletters. In the backend system, email addresses are manually
collected in customer service. Of course the web site and the backend
system are not yet integrated, which means that if a customer calls
customer service and says that he does not want to get emails, he can
still get it from the web site (or the other way around). Of course we
try to avoid this, but it can happen. Is this illegal, or is it "only"
bad for the customer satisfaction?


Fix this.

Your opt-out system needs to work well for you to have any
credibility.  Technically speaking, sending an email to someone who
has requested an opt-out is illegal in a few jurisdictions, and will
become illegal in many more as new laws begin to take effect (e.g. see
the article about California’s anti-spam law that I’ve linked to,
below).

My guess would be that the laws coming into effect will largely be
aimed at the serious spammers -- those sending out millions of
unwanted emails.  I would think it unlikely that sending an occasional
unwanted email would result in serious consequences for a business --
especially if they can demonstrate their well-intentioned efforts to
-- for the most part -- avoid spam as much as possible.

However, there will doubtless be people who will jump on any
unsolicited email as an opportunity to complain, sue, ask for
compensation...whatever.  Again, the laws are very ill-defined in this
regard, and it remains to be seen how this scenario will play out. 
But your best defense, obviously, is to not give anyone cause for
complaint by having a well-run, well-documented opt-in only system.




Problem 2: What happens if, by mistake, an email is sent to all
registered users - not only the ones that signed in for emails?

Again, appearances and intent are important.  If this happens once,
the authorities would likely be more forgiving then repeated mishaps
along this line.  The best defense in to clearly have anti-spam
policies in place (the steps I outlined above), so that -- if a
mistake is made -- you can clearly demonstrate that it *really was* a
mistake.


Problem 3: Let's say that I buy a list from a trade organization and
mail these people. Who is responsible for this if some of the
customers are suing for spam - my company or the company that sold
these addresses?

Again, there is very little case law here to offer any precedent, but
there’s certainly no reason to suppose that it’s an either-or
situation.  BOTH of you might well have some share of the liability
(for that matter, even your internet service provider might be drawn
into such a suit).  My advice above was to avoid using lists from
other sources.  But if this is not practical, then do your
homework...make sure the source of the list is well-respected and that
it follows the same type of anti-spam guidelines that I’ve outlined
above.


Problem 4: Should there be certain words in the subject line to state
that the email is a promotion?

As I said above, it’s a good idea to identify your email for what it
is.  Spain already has the “publicidad” requirement that I
mentioned...as far as I know, they are the only country to currently
require specific wording in the subject line.  The European Union has
issued a Directive that requires member countries to enact legislation
that includes some identification requirements as well, so this will
be a rapidly emerging area of new law.

Problem 5: How should the sign-up process work? Double opt-in? 

Double opt-in would seem to provide your highest degree of confidence
in the resulting list.  This could also solve your website/backend
problem...sending your phone contacts an email asking them to confirm
their opt-in would go a long way towards eliminating problems.

---------------------------------


The intent of most of the emerging anti-spam rules seems aimed at the
mega-spammers...the really bad eggs who are deluging inboxes with
zillions of unwanted messages.  It seems unlikely to me that
small-scale, well-intentioned businesses will be targeted for serious
enforcement actions, or that courts will allow successful suits
against businesses just because they were not 100% perfect in
preventing an unsolicited email from getting through.

The key will be having a clear-cut, workable anti-spam system in
place.  I have offered some guidelines here as to how to go about
this.

Having said that, I will also say that the law is often a strange
duck, and who knows how it will shape up in the long run.  Anti-spam
law is especially complicated because it can involve so many different
jurisdictions -- a sender in one country, a recipient in another, and
an email distribution service in a third...whose law does one adhere
to?  There are no clear answers to this question yet.

You would do well to stay on top of emerging issues.  Here are some
sources you can look to for this:

------------------------------------

The Direct Marketing Association in the U.S. keeps a running list of
major national and international anti-spam laws.  It is pretty
up-to-date, but when if you use it as a resource, make sure it is
being kept up-to-date.  You can find it at:

http://www.the-dma.org/antispam/spamlaws.shtml

Executive Summary of International Spam Laws

-------------------------------------

DMA also has a list of state laws in the US, but this has not been
updated since May 2003, so they are missing some key events.  You can
see the list at:

http://www.the-dma.org/antispam/statespamlaws.shtml

-------------------------------------

And finally from DMA, a list of their Anti Spam Working Strategy can
be found at:

 http://www.the-dma.org/cgi/disppressrelease?article=452

It includes the “Four Pillars” of responsible mailing, which by now,
should sound familiar:

-- An honest subject line. 

--No forging of headers or technological deceptions. 

--Identity of the sender, which includes a ““physical”” address. 

--An opt-out that works and is easy to find and easy to use. 

---------------------------------

There are two recent laws you need to know about.

California passed an anti-spam law just a few weeks ago (one of
Governor Davis’ last acts!) that is considered to be one of the
toughest laws anywhere.  It does not go into effect until 2004, so pay
careful attention to developments here.  A description of the law can
be seen here:

http://www.nwfusion.com/news/2003/0924califbans.html


And the UK imposed new regulations regarding emails.  Here’s the
official announcement from the Department of Trade and Industry:

http://www.wired-gov.net/EDP8203R7W/WGArticle.asp?WCI=htmArticleView&WCU=ARTCL%5FPKEY%3D19742

and here’s an interesting take on the laws’ likely impact:

http://www.free-press-release.com/news/200310/1065019734.html

---------------------------------

As you can see, there’s a lot happening, and a lot to keep track of. 
It might well be worth your while to post a new question here at
Google Answers in a few months time to get an update on the latest
developments in the world of anti-spam.

I’ve tried to give you a good overview of the lay of the land here,
and some clear guidelines you can use in crafting your own email
strategies.  If you would like additional information on anything
here, just let me know by posting a Request for Clarification, and
I’ll be happy to assist you further.

Best of luck...

pafalafa-ga


search strategy:  Google search on: anti-spam law (US or EU or
international)

---

Request for Answer Clarification by tornell-ga on 15 Oct 2003 12:57 PDT

Hi,

good and very well-written answer! Gives me a good starting point in
defining the policy for email marketing within the company.

It would be very helpful for me if you could also summarize the
important legal differences between the countries, that were mentioned
in the original question (US, Germany, France, Italy, Spain, UK,
Sweden, Switzerland, Austria, and Denmark).

Regards, Tornell

---

Clarification of Answer by pafalafa-ga on 15 Oct 2003 18:33 PDT

Hello again.

I guess I got so focused on the clarification you gave, I neglected to
attend to the original question, so I’m happy to remedy that here. 
Thanks for your understanding.

pafalafa-ga

-----------------------

U.S:

There is no current national legislation directly addressing spam. 
Congress is seen to be leaning towards opt-out legislation of some
kind, although their efforts may be superceded by a trend towards
opt-in legislation both internationally and in some states.  The
Federal Trade Commission has levied fines against some spammers based
on misleading content of their emails, including use of misleading
links (that is, links that offer an opt-out, but don’t really allow
the recipient to do so).  A description of the FTC’s approach can be
seen here:

-------------------------
					
http://www.ftc.gov/bcp/conline/pubs/alerts/remvalrt.htm

"Remove Me" Responses and Responsibilities:
Email Marketers Must Honor "Unsubscribe" Claims


Some marketers send email as a quick and cheap way to promote their
goods and services. Be aware that the claims that you make in any
advertisement for your products or services, including those sent by
email, must be truthful. This means that you must honor any promises
you make to remove consumers from email mailing lists.

If your email solicitations claim that consumers can opt-out of
receiving future messages by following your removal instructions, such
as "click here to unsubscribe" or "reply for removal," then the
removal options must function as you claim. That means any hyperlinks
in the email message must be active and the unsubscribe process must
work...

----------------------------


California is seen as the national leader in the US in terms of
anti-spam legislation.  Their recently passed law is scheduled to go
into effect in January 2004.  Main provisions are:

–opt-in email only to anyone in California

–fines of $1,000 or more for unsolicited email

–complaints can be filed by recipients, the State, or an ISP

–no email address “harvesting” permitted in California

–no spam should be sent from within California

More information can be found here:

http://www.nwfusion.com/news/2003/0924califbans.html

-------------------------------

European anti-spam rules are summarized below, as based on information
found at:

http://www.wired-gov.net/EDP8203R7W/WGArticle.asp?WCI=htmArticleView&WCU=ARTCL%5FPKEY%3D19742

http://www.noie.gov.au/publications/NOIE/spam/final_report/anti-spam.htm

http://www.wb.livin4.com/europespam.html


Europe:

The European Union has passed two Directives on electronic commerce
which all EU member countries are expected to adhere to by passing
their own national legislation regarding emails.  The main provisions
of the EU directives include:

–opt-in

-easy opt-out in every message.

--The ability of an email addressee to review and withdraw from any
directory of addresses before it is published or otherwise
distributed.

–Adherence to any opt-out (do not email) lists that are officially
created.


--Any terms and conditions of a commercial transaction must be easily
accessible.

--Acknowledgment of a  customer order by electronic means.  An order
is not considered placed until the recipient receives an
acknowledgment.

–Emails for sales, promotions, sweepstakes and prizes must be clearly
labeled.

--Prohibits the use of false identities or false return addresses.


Germany:

-No specific legislation yet regarding commercial emails.  However
some courts have interpreted general consumer protection laws as
extending to emails, and have ruled unsolicited emails as an
interference in business.  No clear guidelines are yet available.

You can see the specifics of some court cases here:

http://www.euro.cauce.org/en/countries/c_de.html


France:

–Opt-in only.  





Italy:

–General adherence in several laws to opt-in.


Spain:

–Opt-in only.  Commercial e-mail must be labeled "publicidad"
(advertisement) in the subject line.  Simple, no-charge opt-out
procedures must be available.


UK:

–“Spam is unsolicited commercial e-mail sent without the consent of
the addressee and without any attempt at targeting recipients who are
likely to be interested in its contents.”

–Opt-in only, to send email or to include an address in a directory.


Sweden: 

--No specific laws yet regarding email, though a general adherence to
opt-in exists in overall communications laws regarding telemarketing,
faxes, etc.


Switzerland:
–Current law mandates an opt-out system, but this is likely to change.
 Identity of email sender must be clear.


Austria:

Opt-in.


Denmark:
Opt-in, with all emails containing easy opt-out provisions.  Adherence
to official do-not-email lists if one is published Part of the law
seems to imply a right to send a one-time-only unsolicited
communication, but if recipient opts-out, that’s the end.

----------------------------

Let me know if any of this is not clear, or if you need additional
information.

And best of luck in your ventures.

pafalafa-ga

Great answer! I have gained a lot of knowledge very quickly! I'll get
back when I have additional questions! Regards, tornell

Some German e-mail Spam Laws

GERMANY E-MAIL SPAM LAWS

Unsolicited E-Mail advertisement to an enterprise is inadmissible and
will be considered interference into the company's interest.

The receipt of an unwanted E-Mail represents however no property
injury. It remains open to what extent the general personality right
is hurt.

Unsolicited E-Mail advertisement nevertheless poses a substantial
threat to the rights of the reciever but it is not considered to
impair the reciever's rights, altogether.
The reciever may be a private person, self-employed person or a
tradesman.

The prohibition of the E-Mail advertisement is not compatible with the
European Union faraway sentence guideline. Up to the conversion of the
guideline (conversion period: 4. July 2000) dispatching unsolicited
E-Mail advertisement however remains obkectionable.

The forwarding of unsolicited advertisement by means of E-Mail
represents an interference into the general personality right.

Unasked sending of E-Mail advertisement is inadmissible.

For the question of the inadmissibility it is insignificant whether
the receiver is a private person, a self-employed person or a
tradesman.

Unsolicited dispatching of advertisement to private E-Mail connections
can adversely effect a person. On the other hand, E-Mail advertisement
is considered attractive and cheap for recruiting, can fast and in
great quantities in dwellings and offices be brought and also induced
pictures, language and clay/tone to use.

Unsolicited sending of advertising material to a private E-Mail
address is in accordance with §§ 13, 24, 25, 27, 1 UWG
competition-adversely and justifies a requirement for omission.

Thanks for the kind words and your added generousity...alwasy
appreciated!

Thanks, too, for making such an effort to be a conscientious
emailer...it's something that benefits everyone, I think.

paf

Hi,

I thinks it is very fundamental - we try to keep our customers happy
in customer service and it should be the same with emailings. It is
incredible to see how some very well known and respected companies are
handling their customers when it comes to emails!

Regards, tornell

Another new spam law is in place, this time in California, with fines
of up to $1000 PER E-MAIL. It makes it illegal to market to someone
who a) you do NOT have a existing transactional relationship with, or
b) who has NOT given you direct consent to contact. This standard is
apparently similar to what the EU has adopted.

Many companies do not have a direct transactional relationship with
many of their email subscribers, and therefore the opt-out process
should be reviewed carefully.

Also, point 2 from the article linked below gives a powerful argument
for not putting in place an “e-mail to a friend” functionality on web
sites. If the recipient felt like this was an unsolicited e-mail, the
company could be fined, even though it didn’t actually target the
recipient.

http://www.marketingprofs.com/3/klais1.asp