Does 'Can Spam' Travel?
• bans false or misleading header information.
• prohibits deceptive subject lines.
• requires that e-mail give recipients an opt-out method.
• requires commercial e-mail be identified as an advertisement and include the sender's valid physical postal address
On the other hand, the European e-communications privacy legislative framework is based on:
• the twin pillars of Notification and Fair Processing.
• the 8 principles of the Data Protection Directive
• Consent is key
• Unless you have an existing two-way relationship with a customer or a prospective customer, you must have explicit prior permission to communicate with all consumers via e-mail (with the exception of France and UK this includes business-to-business communication).
E-mail headers are commonly used in the United States to show that the e-mail is from the data supplier, even though it includes third-party content. In Europe, specific consent must be obtained at point of collection for third-party use. It is preferable to show that the e-mail is from a third-party, but with a privacy link that explains the source of the data.
However, US companies sometimes insist on the data owner using a branded header of the data owner. This is no good for Europeans, because if people then opt out, they are in effect opting out of receiving e-mails from the data owner, even if they have a business relationship with the data owner. Therefore, in insisting on this, US companies are trying to bring CAN SPAM specifics into the mix, rather than paying heed to the European principles, and he need to gain consent upfront for every type of use.
The Impact of the Data Protection Directive
It's hard on the face of it to imagine how the eight principles of The 1998 Data Protection Directive can make a difference when embedded into corporate privacy policies.