Global Compliance Updates from around the world

In an ever changing marketing world, it can be hard to keep up with all that is going on.  Today I wanted to let you in on a few updates to some privacy laws that are coming and also give an update on the Canadian Anti-Spam law. 

CCPA

While the Can Spam Act was created way back in 2003 for the United States, states are starting to begin to create their own laws and protections. The biggest one on the horizon is the California Consumer Privacy Act of 2018.   It places restrictions on data monetization business models, provides accommodations rights to access, deleting and porting of personal data, requires updating of privacy policies and will impose new penalties and liquidated damages.  This will apply to businesses but exempts non-profits.  It’s planned to go in to  effect in January 1^st 2020.  If you want to continue to monitor the progress and get more information, I recommend going here.

GDPR vs CCPA

A lot of people are wondering  how the CCPA differs from GDPR.  The EEC (Email Experience Council) Thought Leader of the Year  , Matthew Vernhout, wrote a great article comparing the differences between the two. While they may seem similar, the two are vastly different in their scope of responsibilities of businesses and consumers, according to Matthew.   

CASL (Canadian Anti-Spam Law)

If you are sending to contacts in Canada, CASL covers more than just email, targeting the most damaging and deceptive activities:  Fraud, Hacking, Harvesting, Malware, Privacy Invasion and spam.  The three key elements to CASL compliance are 1) Requesting Consent, 2) CEM requirements, and 3) Data and Documentation.  You will want to make sure that you have gotten consent to send customers CEMs (Commercial Electronic Messages) and have documented it   in case you need it. There are two types of consent: Explicit and Implied.  For implied consent, make sure you understand the expiration dates and work to get explicit consent or renewal of implied consent.   An important note:  A customer can unsubscribe from receiving CEMs, however, you can continue to send transactional messages under CASL.  You will need to be able to prove compliance if challenged so make sure to document as much as you can.  The burden of proof is on the sender.

Brazil General Data Protection Law

The Brazil Data Protection law was created in 2018 and goes into effect in 2020. If you work with customers in Brazil, there is a great site that did a detailed analysis of the law and what to expect.  You can find it here.

Check back to this Communities  space for more updates like this!