{"id":10377,"date":"2020-01-09T16:06:19","date_gmt":"2020-01-09T21:06:19","guid":{"rendered":"https:\/\/blog.brainstation.io\/?p=10377"},"modified":"2021-01-28T16:05:24","modified_gmt":"2021-01-28T21:05:24","slug":"a-comparison-of-can-spam-casl-and-gdpr","status":"publish","type":"post","link":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr","title":{"rendered":"A Comparison of CAN-SPAM, CASL, and GDPR"},"content":{"rendered":"\n

Sparking and nurturing a relationship with your customers online can be tricky enough when you have to navigate your country\u2019s digital communication laws. But as you look to expand your business beyond your own borders, it can be an even more delicate balancing act to align your internal marketing processes to adhere to multiple laws. <\/span><\/p>\n\n\n\n

This article will attempt to ease some of the anxiety around digital marketing by highlighting the critical differences between three prevalent laws: CAN-SPAM, CASL, and GDPR. <\/span><\/p>\n\n\n\n

A Quick Rundown of the Three Laws <\/b><\/h2>\n\n\n\n

The <\/span>CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act <\/span><\/a>is the first U.S. law to establish guidelines for commercial email communication. It was introduced in 2003 and is enforced by the Federal Trade Commission (FTC).<\/span><\/p>\n\n\n\n

CASL (Canada\u2019s Anti-Spam Legislation)<\/span><\/a> is a federal law introduced in 2014 that is meant to protect the inboxes of Canadians by setting strict rules around commercial electronic messages. It was enacted in response to a rise in phishing, identity theft, and malware in the country.<\/span><\/p>\n\n\n\n

The youngest of the three, the <\/span>GDPR (General Data Protection Regulation) <\/span><\/a>is a law covering all European Union (EU) member states. It was introduced in 2016 and enforced as recently as May 2018. The purpose of the GDPR is to put some of the power back into the hands of the consumer when it comes to protecting and processing personal data. <\/span><\/p>\n\n\n\n

What Makes Them Similar <\/b><\/h2>\n\n\n\n

Each of these laws presents a different way to approach digital marketing and communication in the 21st century. For all of their differences, there are some similarities on a rudimentary level. <\/span><\/p>\n\n\n\n

  1. They all promote transparency and choice.<\/b> <\/span><\/li><\/ol>\n\n\n\n

    All three of these laws are meant to ensure that businesses are playing fair with consumers. Whether it\u2019s knowing how data is being used or choosing to unsubscribe, the goal of these laws is to create an informed and consensual relationships between those procuring products and services and those offering them.  <\/span><\/p>\n\n\n\n

    1. They all require thoughtful internal processes<\/b>. <\/span><\/li><\/ol>\n\n\n\n

      Because these laws give consumers more choice, you need to have the mechanisms in place for them to exercise that choice and the internal processes to action them quickly. For example, CASL stipulates that businesses give consumers the opportunity to unsubscribe at any time with a simple click and ask that you remove them from your mailing list within 10 working days. This might mean creating new channels of communication between departments or automating processes to expedite the request. <\/span><\/p>\n\n\n\n

      1. They all come with substantial fines.<\/b> <\/span><\/li><\/ol>\n\n\n\n

        If the thought of investing time and money into compliance measures makes you roll your eyes, consider the potential it can have on your bottom line. You can be charged up to $42,530 for <\/span>every email<\/span><\/i> that doesn\u2019t comply with the CAN-SPAM Act. Under CASL, Rogers Media was fined $200,000 because they didn\u2019t have a functioning unsubscribe mechanism. Fines for not complying with the GDPR can reach up to \u20ac20 million or 4% of your global revenue, whichever is higher.<\/span><\/p>\n\n\n\n

        Not to mention, as consumers become more informed, they have little to no tolerance for unsolicited communication and data breaches.  <\/span><\/p>\n\n\n\n

        1. They\u2019re all clear on who\u2019s accountable.<\/b> <\/span><\/li><\/ol>\n\n\n\n

          There\u2019s no room for the-dog-ate-my-homework excuses here. Even if you\u2019re outsourcing your digital marketing or data processing, ultimately, you\u2019re responsible for how you conduct business. This brings to light the importance of having a good working relationship with third-party vendors and iron-clad contracts to boot.  <\/span><\/p>\n\n\n\n

          What Makes Them Different <\/b><\/h2>\n\n\n\n

          When it comes to how \u201cstrict\u201d and far-reaching each of these laws are, it seems we\u2019re getting wiser with age. <\/span><\/p>\n\n\n\n

          The most recently enforced regulation, the GDPR, is in some ways the most pervasive. It doesn\u2019t cover just one country, but provides a uniform standard for all of the EU\u2019s 28 member states, meaning it has a greater potential to impact global businesses. <\/span><\/p>\n\n\n\n

          CAN-SPAM (also affectionately called \u201cYou-Can-Spam\u201d) has been criticized for not doing enough to prohibit outright spam. It also doesn\u2019t specify whether businesses outside the U.S. are held to the same standards as those within.<\/span><\/p>\n\n\n\n

          CASL has been labeled the toughest law of its kind and goes a step beyond CAN-SPAM to include all forms of electronic communication and cyber threats like phishing and malware. <\/span><\/p>\n\n\n\n

          While CAN-SPAM and CASL focus more specifically on transparency and choice around unwanted electronic communication, GDPR is tackling the even more prevalent global issue of data protection and privacy. <\/span><\/p>\n\n\n\n

          When it comes to the letter(s) of the law, CAN-SPAM and CASL are more prescriptive than the GDPR. For example, CAN-SPAM and CASL outline clear dos and don\u2019ts such as including the physical location of the business in the email body or having a descriptive subject line. GDPR focuses more on principles and the rights of the individual (who they call \u201cdata subjects\u201d) which, in some ways, can leave it open to interpretation and harder to follow.  <\/span><\/p>\n\n\n\n

          The GDPR does, however, give data subjects more rights than the other two. Under the GDPR, individuals can request a copy of all of the personal data you have of theirs, which you need to send in a common, readable format within a month. You can see how this requires a more complicated business infrastructure than keeping mailing lists up-to-date. <\/span><\/p>\n\n\n\n

          But perhaps the biggest difference between the three is how they deal with consent. CAN-SPAM doesn\u2019t require businesses to seek permission before contacting individuals, instead businesses need to make it very easy for them to quickly stop hearing from them. <\/span><\/p>\n\n\n\n

          CASL, on the other hand, employs the opt-in method which requires businesses to explicitly ask permission before contacting potential or existing customers with marketing content. Individuals need to be able to opt-out easily and without any cost to them. Business are also responsible for showing proof of consent (electronic forms, audio recordings, email correspondence).<\/span><\/p>\n\n\n\n

          The GDPR includes the same opt-in approach as CASL, but gets even stickier. Individuals must make an affirmative action like typing in their email address or ticking a box to prove consent. Individuals also have \u201cthe right to be forgotten\u201d or have their data expunged from your records. <\/span><\/p>\n\n\n\n

          Under the GDPR, if you want to process someone\u2019s personal data, you need to obtain consent for a specific purpose. If you want to process that same data for another purpose, you\u2019ll have to go through the process of seeking consent again. Yikes.
          <\/span><\/p>\n\n\n\n

           <\/td>CAN-SPAM<\/b>\n

           <\/p>\n

          (moderate)<\/span><\/p>\n<\/td>

          		CASL<\/b>\n

           <\/p>\n

          (strong)<\/span><\/p>\n<\/td>

          		GDPR<\/b>\n

           <\/p>\n

          (strongest)<\/span><\/p>\n<\/td><\/tr>

          Scope<\/b><\/td>Establishes national standards for sending out electronic messages where the primary purpose is commercial  advertising. <\/span><\/td>Not only covers unsolicited commercial advertising by email and text, but also phishing and unwanted software installation. <\/span><\/td>Regulates the collection, storage, usage and management of personal data. <\/span><\/td><\/tr>
          Application<\/b><\/td>Applies to U.S. businesses, but doesn\u2019t explicitly specify whether it applies to businesses outside of the U.S. contacting U.S. citizens.<\/span><\/td>Applies to anyone who is sending or receiving commercial electronic messages in Canada. <\/span><\/td>Applies to anyone who\u2019s selling goods or services in any of the EU\u2019s 28 member states or is collecting or processing the personal data of its citizens for commercial purposes.<\/span><\/td><\/tr>
          Consent<\/b><\/td>Businesses don\u2019t have to obtain consent before email consumers, however consumers have the right to opt-out. <\/span><\/td>Businesses must obtain explicit consent through an affirmative action like opting in. Consumers have the right to revoke consent at any time. <\/span><\/td>Businesses must obtain explicit consent through an affirmative action like opting in. Consumers have the right to revoke consent at any time. If the consumer gives you consent to process their data for a specific purpose, you can only process their data in relation to that purpose. You\u2019ll have to seek consent again for other purposes. <\/span><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n


          Ensuring Your Business is Compliant<\/b><\/h2>\n\n\n\n

          At this point, you might be tempted to keep your business contained within your home borders. But as technology evolves and digital literacy continues to rise, all of these laws will inevitably take on new forms. So, it\u2019s best to start with the long game in mind. <\/span><\/p>\n\n\n\n

          Whether you\u2019re being proactive or reactive with your compliance measures, consider developing your digital communication and data strategy in a way that you would any other business strategy – with an eye on growth. <\/span><\/p>\n\n\n\n

          Want to learn more? Read our series of more in-depth articles about <\/span><\/i>CAN-SPAM<\/span><\/i><\/a>, <\/span><\/i>CASL<\/span><\/i><\/a>, and the <\/span><\/i>GDPR<\/span><\/i><\/a>. <\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"

          Sparking and nurturing a relationship with your customers online can be tricky enough when you have to navigate […]<\/p>\n","protected":false},"author":7,"featured_media":10380,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[169],"tags":[1157,1124,655,136,520,1147],"yoast_head":"\nA Comparison of CAN-SPAM, CASL, and GDPR | BrainStation\u00ae Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Comparison of CAN-SPAM, CASL, and GDPR | BrainStation\u00ae Blog\" \/>\n<meta property=\"og:description\" content=\"Sparking and nurturing a relationship with your customers online can be tricky enough when you have to navigate […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr\" \/>\n<meta property=\"og:site_name\" content=\"BrainStation\u00ae Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-09T21:06:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-28T21:05:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d2re7sjnpekmig.cloudfront.net\/prod\/wp-content\/uploads\/2020\/01\/GettyImages-1025157898.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2121\" \/>\n\t<meta property=\"og:image:height\" content=\"1414\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BrainStation\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/brainstation.io\/blog\/#website\",\"url\":\"https:\/\/brainstation.io\/blog\/\",\"name\":\"BrainStation\u00ae Blog\",\"description\":\"The Digital Learning Company\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/brainstation.io\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#primaryimage\",\"url\":\"https:\/\/d2re7sjnpekmig.cloudfront.net\/prod\/wp-content\/uploads\/2020\/01\/GettyImages-1025157898.jpg\",\"contentUrl\":\"https:\/\/d2re7sjnpekmig.cloudfront.net\/prod\/wp-content\/uploads\/2020\/01\/GettyImages-1025157898.jpg\",\"width\":2121,\"height\":1414,\"caption\":\"Email marketing regulations\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#webpage\",\"url\":\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr\",\"name\":\"A Comparison of CAN-SPAM, CASL, and GDPR | BrainStation\u00ae Blog\",\"isPartOf\":{\"@id\":\"https:\/\/brainstation.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#primaryimage\"},\"datePublished\":\"2020-01-09T21:06:19+00:00\",\"dateModified\":\"2021-01-28T21:05:24+00:00\",\"author\":{\"@id\":\"https:\/\/brainstation.io\/blog\/#\/schema\/person\/9f37983a6c4da6cf5dd422481ac8cf11\"},\"breadcrumb\":{\"@id\":\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/brainstation.io\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Comparison of CAN-SPAM, CASL, and GDPR\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/brainstation.io\/blog\/#\/schema\/person\/9f37983a6c4da6cf5dd422481ac8cf11\",\"name\":\"BrainStation\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brainstation.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/80c14b8388838ae1453aec36606b232d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/80c14b8388838ae1453aec36606b232d?s=96&d=mm&r=g\",\"caption\":\"BrainStation\"},\"description\":\"BrainStation is a global leader in digital skills training, empowering businesses and brands to succeed in the digital age. Established in 2012, BrainStation has worked with over 250 instructors from the most innovative companies, developing cutting-edge, real-world digital education that has empowered more than 50,000 professionals and some of the largest corporations in the world.\",\"url\":\"https:\/\/brainstation.io\/blog\/author\/brainstation\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Comparison of CAN-SPAM, CASL, and GDPR | BrainStation\u00ae Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr","og_locale":"en_US","og_type":"article","og_title":"A Comparison of CAN-SPAM, CASL, and GDPR | BrainStation\u00ae Blog","og_description":"Sparking and nurturing a relationship with your customers online can be tricky enough when you have to navigate […]","og_url":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr","og_site_name":"BrainStation\u00ae Blog","article_published_time":"2020-01-09T21:06:19+00:00","article_modified_time":"2021-01-28T21:05:24+00:00","og_image":[{"width":2121,"height":1414,"url":"https:\/\/d2re7sjnpekmig.cloudfront.net\/prod\/wp-content\/uploads\/2020\/01\/GettyImages-1025157898.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"BrainStation","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/brainstation.io\/blog\/#website","url":"https:\/\/brainstation.io\/blog\/","name":"BrainStation\u00ae Blog","description":"The Digital Learning Company","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/brainstation.io\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#primaryimage","url":"https:\/\/d2re7sjnpekmig.cloudfront.net\/prod\/wp-content\/uploads\/2020\/01\/GettyImages-1025157898.jpg","contentUrl":"https:\/\/d2re7sjnpekmig.cloudfront.net\/prod\/wp-content\/uploads\/2020\/01\/GettyImages-1025157898.jpg","width":2121,"height":1414,"caption":"Email marketing regulations"},{"@type":"WebPage","@id":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#webpage","url":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr","name":"A Comparison of CAN-SPAM, CASL, and GDPR | BrainStation\u00ae Blog","isPartOf":{"@id":"https:\/\/brainstation.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#primaryimage"},"datePublished":"2020-01-09T21:06:19+00:00","dateModified":"2021-01-28T21:05:24+00:00","author":{"@id":"https:\/\/brainstation.io\/blog\/#\/schema\/person\/9f37983a6c4da6cf5dd422481ac8cf11"},"breadcrumb":{"@id":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/brainstation.io\/blog\/a-comparison-of-can-spam-casl-and-gdpr#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/brainstation.io\/blog"},{"@type":"ListItem","position":2,"name":"A Comparison of CAN-SPAM, CASL, and GDPR"}]},{"@type":"Person","@id":"https:\/\/brainstation.io\/blog\/#\/schema\/person\/9f37983a6c4da6cf5dd422481ac8cf11","name":"BrainStation","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brainstation.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/80c14b8388838ae1453aec36606b232d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/80c14b8388838ae1453aec36606b232d?s=96&d=mm&r=g","caption":"BrainStation"},"description":"BrainStation is a global leader in digital skills training, empowering businesses and brands to succeed in the digital age. Established in 2012, BrainStation has worked with over 250 instructors from the most innovative companies, developing cutting-edge, real-world digital education that has empowered more than 50,000 professionals and some of the largest corporations in the world.","url":"https:\/\/brainstation.io\/blog\/author\/brainstation"}]}},"_links":{"self":[{"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/posts\/10377"}],"collection":[{"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/comments?post=10377"}],"version-history":[{"count":6,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/posts\/10377\/revisions"}],"predecessor-version":[{"id":12593,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/posts\/10377\/revisions\/12593"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/media\/10380"}],"wp:attachment":[{"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/media?parent=10377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/categories?post=10377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brainstation.io\/blog\/wp-json\/wp\/v2\/tags?post=10377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}