Delivering localized customer experiences in terms of languages, currencies, prices and payment methods is only one challenge you need to solve. You also need to comply with local rules and offer compliant shopping experiences. If you’re not exactly sure what all that entails, ask yourself:

• Do you offer customers a separate review opportunity after they have filled out their shopping cart page? Guess what? It’s a requirement if you want to sell to EU member countries.
• Do you require a double opt-in (or confirmed opt-in, COI) process for subscribing to your email newsletter? Hint: If you want use email marketing with Canadians, you need to implement it.
• Have you obtained express consent to charge a subscriber once their free trial has expired? Newsflash: You don’t want to be on the wrong side of this issue.

Compliance Risks for Global Subscriptions

Review Page

“Before the consumer is bound by a … contract … the trader shall provide the consumer with … information in a clear and comprehensible manner …” — Council Directive 2011/83/EU aka The Directive on Consumer Rights (European Commission)

European citizens have expressed discomfort with a lack of transparency when purchasing online. In order to combat these trust issues, online sellers are legally obliged to provide EU customers with a review page or opportunity that provides specific information relevant to the sale. If your typical checkout process is a quick one-page cart where the Buy Now button leads right to a confirmation page, you’ll need to create at least one additional step before a customer submits their payment from the EU.

While shoppers in the U.S. might find this step frustrating or a barrier to purchase, omitting it for shoppers in the EU can lead to invalid purchase agreements, penalties and damage to your reputation.

Double Opt-In Signups for Email

“It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless the person to whom the message is sent has consented to receiving it.” – Canada’s Anti-Spam Law

On July 1, 2014, most of Canada’s Bill C-28, known as the “Fighting Internet and Wireless Spam Act” (FISA) or “Canada’s Anti-Spam Law” (CASL), came into effect. Consent is the operative word here, and it is used over 60 times in the text of this law. The law requires you to obtain explicit customer consent to send them commercial electronic messages through your marketing email lists. In cases of conflict, you as the merchant will have to provide evidence of customer consent. Therefore, double opt-in is generally considered a best practice.

Violating these rules while sending emails to Canada, Canadians or computers located in Canada may result in considerable fines (up to $10 million per violation for corporations).

Negative Option Billing

“It shall be unlawful for any person to charge or attempt to charge any consumer for any goods or services sold in a transaction effected on the Internet through a negative option feature” — Restore Online Shoppers’ Confidence Act (ROSCA)

In 2016, consumer rights watchdog nonprofit organization Truth in Advertising (TINA.org) alerted the Federal Trade Commission about the selling practices of a lingerie subscription company. These types of complaints from consumer rights organizations highlight the risk for companies who use confusing language about recurring charges. In this case, TINA.org complained to the trade regulators that this subscription company engaged in practices that violated ROSCA due to an unclear sign-up process that left customers on the hook for monthly charges that they didn’t expect.

This doesn’t mean you can’t offer subscriptions to online services. It just means that you have to be considerate of the customer experience. To paraphrase ROSCA:

1. Conspicuously disclose that customers are signing up for recurring charges before you obtain their billing information.
2. Get customers’ express consent before charging them.
3. Make it easy to cancel the subscription.

Keystone

Providing the best possible experience is critical to acquiring and retaining customers. When you begin expanding beyond your traditional markets, you need to not only localize, but maintain compliance with regional requirements in order to deliver the most successful customer experience.

Timm Neu contributed to this blog post

This blog post does not contain legal advice. The rights, obligations and liabilities of a business vary according to geography, industry, method of delivery, type of product, where your business is, where your customers are and all sorts of other variables that preclude us from using this blog post to tell anyone how they must act from a legal perspective.

Click here to learn more about growing your global subscriber base

The post Three Compliance Risks for Global Subscriptions appeared first on cleverbridge.

The US is widely known in the email industry as having relatively lax email regulations. In late 2011, our neighbor to the north implemented a new set of regulations on those sending commercial email. These rules are now in full swing, so if you sell software online, and you like to promote your product through email, you need to take note of Bill C-28 from the Canadian Parliament.

Violating these rules while sending email to Canada, Canadians, computers located in Canada, or hockey players may result in considerable fines (up to $10 million per violation for corporations).

C-28, known as the “Fighting Internet and Wireless Spam Act”, or FISA if you’re into the whole brevity thing, went into effect in September 2011. The Canadian online protection law is very similar to CAN-SPAM so as an email marketing specialist, I felt it was important to highlight some differences in the two laws that will make you think twice before sending out your Monthly Mountie Digest.

Express Consent

Under CAN-SPAM, a commercial email must provide a space to opt-out of receiving the message. Under FISA, opt-outs are not sufficient. That is to say, recipients must agree beforehand that they wish to receive the message. Without this prior agreement, the message violates the terms of the bill.

Two Year Limit for Implied Opt-ins

Hand in hand with the necessity of express consent comes “implied consent.” Implied consent means that you have had an existing business relationship with your subscriber. However, implied consent only applies to contacts that are less than two years old. 

Requiring express consent and narrowing the time frame of implied consent actually provides marketers a surprise benefit, as you can now be certain that your list is always healthy and active.

Primary Purpose

In the United States, compliance with anti-spamming regulations is only required for emails whose primary purpose is commercial. In C-28, the compliance to anti-spamming regulations is required to any email that contains commercial content, regardless of the primary purpose of the email.

The Canadian government posted a full summary of the bill and Silverpop posted a presentation on C-28 if you would like further information on the bill’s history and content.

Hackers, Spammers, Phishers, and Spoofers

In April 2011, Epsilon, a major marketing firm, was hacked, exposing a database worth of customer names and email addresses. The company issued a statement to warn customers of the stolen information and to be wary about spear phishing attacks in the coming months.

The value of the names and emails addresses lost in this breach is substantial; however the gold mine for spammers and hackers lies in the personal information that can be acquired by the recipients of the forged emails.

As an ecommerce and marketing specialist, the news of a breach of this size was alarming.  It is imperative to ensure that any promotional and transactional data is securely encrypted in your ecommerce and marketing platform, otherwise the backlash can be catastrophic.

If you don’t have a plan of action to mitigate the risks of a phishing attack, you will definitely want to have one ready for 2012. Here are some actionable items in case this breach occurs:

• Contact your IT staff to check your server logs for evidence of spam being sent thru your systems.
• Scan all company computers and laptops.
• Save all the data and report the attack to the FCC.

Keystone

If you play in the global software market, you need to know the rules of sending emails and that every country has their own version of them. Don’t be caught off-guard because the penalties are significant.

How do these updated regulations affect your email campaigns? Have you had to overcome challenges with foreign regulations?

As a way of helping out the entire community, we’re asking readers to share their experience and expertise in the comment section below.

The post Email Marketing Update: Anti-Spam Legislation appeared first on cleverbridge.