The Federal Trade Commission has issued a $650,000 fine to Experian Consumer Services, which offers consumers access to their Experian credit information. The company was sending marketing emails without offering a way to opt out, as required under the CAN-SPAM Act.
The Department of Justice filed a complaint on behalf of the FTC, where it was noted that users who created an account on Experian Consumer Services (ECS) to manage their Experian credit report information started receiving marketing offers disguised as emails about their accounts. Moreover, these marketing emails did not provide a clear mechanism for opting out, thus violating the CAN-SPAM Act.
“Signing up for a membership doesn’t mean you’re signing up for unwanted email,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “You always have the right to unsubscribe from marketing messages, and the FTC takes enforcing that right seriously.”
As a result, the FTC fined the company $650,000 and prohibited them from further sending marketing emails without an opt-out mechanism.
The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing) is the US email marketing regulation enacted in 2003, and it applies to any person or business that sends commercial emails for the primary purpose of “commercial advertisement or promotion of a commercial product or service”.
The CAN-SPAM Act has an opt-out approach, meaning that it does not require users to give their prior consent before receiving commercial emails, but it does require providing a clear mechanism for opting out of further contact.
Opting out can be easily achieved by including a visible and valid unsubscribe link in your marketing emails or newsletters. Users should also have the ability to manage their mail preferences from within their accounts.
The CAN-SPAM Act is just one of the many privacy laws in the US. In this last year, many new state laws have come into effect, introducing new requirements for organizations doing business in the US.
Just to mention a few: the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act. More are to follow soon!
iubenda can help you meet existing regulations and receive automatic updates to stay on top of what comes next.
Click the button to learn more
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.