PrivacyForge LogoPrivacyForge
Back to Glossary

Spam

Definition

Unsolicited commercial electronic messages, typically emails, sent in bulk without recipient consent. Spam is regulated by various laws balancing commercial speech with privacy and anti-harassment concerns. The CAN-SPAM Act (U.S.) requires: accurate header information, clear identification as advertisements, valid physical addresses, functioning opt-out mechanisms honored within 10 business days, and responsibility for violations even if messages are sent by third parties. GDPR and ePrivacy Directive require prior consent for marketing emails to individuals, with limited soft opt-in exceptions for existing customer relationships. Canada's Anti-Spam Legislation (CASL) similarly requires prior consent with narrow exceptions. Key compliance requirements: obtain consent before sending marketing emails, provide clear, easy opt-out mechanisms, honor opt-outs promptly, maintain opt-out lists, avoid deceptive subject lines or sender information, and include physical addresses. Organizations should implement preference centers enabling granular control, maintain consent records, regularly clean email lists, and ensure marketing vendors comply with anti-spam requirements.

Applicable Laws & Regulations

  1. 1CAN-SPAM Act
  2. 2ePrivacy Directive Article 13
  3. 3CASL (Canada)
  4. 4GDPR Article 21

Ready to Get Compliant?

Generate legally compliant privacy documentation tailored to your business in minutes. Our AI-powered platform handles GDPR, CCPA, and more.

Get Started Now