Skip to main content

You might not have heard of the ESPC – the Email Sender and Provider Coalition – but it’s an important organization that’s working hard to have an impact on the issues that affect email and other digital communication channels.

I’m a little biased about this, but that’s because I am Adestra’s representative on the ESPC’s board. This nonprofit organization, formed in 2002, gathers together the smartest technology people in the email industry, including companies that provide email services as well as most of the associated technologies that deal with email, deliverability and privacy .

If you or your company aren’t members yet, your assignment today is to check it out and join so that you can add your voice to the discussions and help set priorities.

3 hot topics on the agenda now

The ESPC’s work is more important than ever today because we have seen a global increase in legislation and privacy discussions over the last six to seven years.

Standing in the middle of these conversations and proactively tracking developments, the ESPC works to either object or to support legislation globally that affects our ability to operate and to market to our customers.

We just had our Spring meeting at the law offices of WilmerHale in Palo Alto, Calif. Here are some of the things we covered:

  1. Artificial intelligence and machine learning.

Why would an organization focused on privacy and legislation talk about AI and machine learning? As we get smarter in our technology, and as that technology enables us to do more, it will need vast amounts of information to run processes. That information includes personally identifiable information (PII).

The ESPC and organizations like it want to stay ahead of these innovations and their functionality to be sure people’s privacy is protected. Even the smartest AI models are built by humans, and there’s an inherent bias around these models because they’re based on the information humans have given it.

AI and machine learning have already begun to make inroads into the way email marketers work, with even more significant roles in the offing. So, it’s essential that we understand what is happening and know what we’re talking about.

  1. GDPR – Yes, it probably applies to your company, too

With GDPR (that’s the General Data Protection Regulation) having just taken effect last week, we devoted plenty of time to it in our discussions. We certainly haven’t been the only ones assessing the potential impact.

Have you discussed it with your team, even if you don’t live in an EU country? The law applies to you if you have customers, subscribers, or anyone you collect data on, who lives in EU countries and you should be talking about it.

If you’re not sure how to find out whether the law applies to you, here’s the advice I gave a marketer who buttonholed me after a recent get-together:

Look at your database to see if you hold data on anyone living in the UK, France, Germany or any other EU nations. If you find anything in either search, you must comply with the law even though you live in the U.S. or another non-EU nation.

Even though we in the ESPC know quite a bit about GDPR, we learned a lot during a fast-paced quiz that threw dozens of scenarios involving unsubscribing, the “right to be forgotten” and timing. It’s an issue that affects not just email marketers but also data providers and email service providers.

  1. AB 2546 – email legislation that goes beyond CAN-SPAM

The ESPC has been tracking AB 2546, a bill now before the California State Legislature that we are alarmed about because it would directly regulate commercial email advertisements.

What concerns us and other industry groups such as the DMA and CalChamber, the California Chamber of Commerce, is that sections of this bill preempt CAN-SPAM, the U.S. law regulating email.

We were briefed by D. Reed Freeman, ESPC’s managing director and outside counsel. He’s an expert on privacy law, co-chairs WilmerHale’s Cybersecurity, Privacy and Communications Practice and formerly was staff attorney at the FTC’s Bureau of Consumer Protection back when Congress voted in CAN-SPAM.

(That’s another benefit of joining ESPC – you get trusted, first-hand information.)

It has harsh penalties for unsolicited email and allows penalties of up to $1 million per incident. Further, in its scope, it would apply to any email address “ordinarily accessed from a computer located in this state.”

Essentially, that means the bill applies anywhere in the U.S. because it’s nearly impossible to figure out whether a or email address belongs to someone living in San Francisco, California, or in San Francisco, Texas.

This is a bill we all need to escalate to our company legal counsel because it stands in the way of our ability to contact our customers via email – the people who have specifically asked us to send them messages.

It also allows private right of action, which allows individuals to file complaints against companies. Under CAN-SPAM, only government agents, such as state attorneys general, can file a complaint. The Canadian government suspended the private right of action in CASL (Canada’s Anti-Spam Legislation) last year. GDPR also allows private right of action.

Why marketers must understand privacy

Whenever I talk to marketers these days, I emphasize that they need to study privacy legislation and understand what’s going on in governments at home and around the world. They need to become responsible stewards of the data their customers have entrusted to them.

Marketers are the soldiers on the front lines of privacy and email regulation. You must be the point person in your company – not just on your marketing team – on what’s legal, what isn’t, and what’s coming down the pike.

You – not just your legal counsel, who probably isn’t a privacy-law expert anyway – are the person in your company who knows what not to do so that your company is not at risk for violating the law.

Organizations like the ESPC and the EEC can help you synthesize information into usable pieces so you can do what’s best for your company.

I’m proud that Adestra is a corporate member of the ESPC and on its board of directors. Our next meeting is in Washington, D.C., in October. If you’re interested in attending, let me know. We’d love to have you there!