Today the FTC announced that it is undertaking a review of its CAN-SPAM Rule, which sets out the requirements for sending commercial e-mail messages.  Among other things, the CAN-SPAM Rule requires that senders of commercial e-mails provide recipients a mechanism to opt out of receiving commercial e-mails, honor opt-out requests within 10 business days, and include specific disclosures in the body of the commercial messages.

The review is part of the FTC’s standard process of reviewing its rules and industry guides on a 10-year schedule to ensure that they remain relevant and are not unduly burdensome.  The goal of these reviews typically is to determine whether rule modifications are needed to address public concerns or changed conditions, or to reduce undue regulatory burden.

Consistent with these goals, the FTC specifically is asking for comments on the following topics:

  • The economic impact and benefits of the CAN-SPAM Rule;
  • Possible conflict between the CAN-SPAM Rule and state, local, or other federal laws or regulations (note that the CAN-SPAM statute preempts state commercial e-mail laws, except to the extent they prohibit “falsity or deception”); and
  • The effect any technological, economic, or other industry changes have had on the CAN-SPAM Rule.

Unlike some other FTC rules and guides that are grounded in the FTC’s general authority to prohibit unfair and deceptive practices under Section 5 of the FTC Act, the CAN-SPAM Rule implements requirements contained in the CAN-SPAM statute.  Consequently, while there are certain aspects of the CAN-SPAM Rule that the FTC can modify, the statutory requirements cannot be changed without congressional amendment.

Written comments are due on August 31, 2017.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.