The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) aims to prohibit the transmission of commercial messages to any address referencing an Internet domain name associated with a wireless subscriber messaging service, unless the individual addressee has given the sender express prior authorisation to assist senders of commercial messages in identifying the addresses that belong to wireless subscribers, the Act required that wireless service providers supply the Federal Communication Commission (FCC) with the names of the relevant domain names. The object of the Act is to cut down on unwanted spam to wireless phones and other devices without the express consent of the consumer.
The FCC’s Telephone Consumer Protection Act (TCPA) prohibits marketers from using automatic dialling systems to make calls to wireless parties, unless it is an emergency situation or the marketers have express prior consent. Wireless devices may include cell-phones, pagers, etc.
A ‘mobile service commercial message’ (MSCM) is an e-mail message that is sent to an e-mail address on an Internet domain of a wireless carrier. Most wireless carriers maintain an Internet domain name that can be used to send MSCMs to the wireless devices of users on their network.
In 2004 the FCC announced that carriers could begin to submit their wireless domain names to the FCC for inclusion in a wireless domain names database. This list is updated regularly as the Commission receives additional submissions. Under the regulations, carriers must:
- File any future updates to listings with the Commission not less than 30 days before issuing subscribers any new or modified domain names.
- Remove any domain name that has not been issued to subscribers or is no longer in use within 6 months of placing it on the list or last date of use.
The wireless domain list was made available in 2005 and marketers are required to adjust any e-mail campaign lists accordingly. Unless a recipient has given express prior authorisation, a person must not initiate marketing via e-mail to any address with a domain name that has been on the list for at least 30 days before the message is sent or otherwise knowingly initiate a mobile service commercial message.
If prior authorisation is given, the rules provide that senders of commercial e-mails must comply with the following:
- Stop sending MSCMs within 10 days of receiving an opt-out request from a commercial wireless service provider.
- Place a ‘conspicuously marked opt-out mechanism’ in the MSCM so that consumers can request that they no longer be sent additional MSCMs.
- Provide the customers with the opportunity to opt-out via the same electronic method by which they initially provided their consent.
- Have at least one opt-out mechanism that is free of charge.
- Clearly identify to consumers who the sender is. For example, if a third party sends commercial e-mails on a company’s behalf, the e-mails must have the latter’s name clearly marked as the sender of the e-mail.
- Keep operational the opt-out mechanism identified in the MSCM for at least 30 days following the transmission of an MSCM.
The FCC list is provided by wireless carriers as opposed to individual customers. The Federal Trade Commission (FTC) has previously rejected a national do-not-spam registry due to fears that spammers would obtain the list and, as a list of working e-mail addresses, spam them.
The FTC is the primary enforcer of the CAN-SPAM Act but federal, state and private parties can also bring claims for violation. Penalties for non-compliance vary on the party bringing the claim and on whether the violation was ‘wilful, knowing of aggravated.’ Penalties may be up to $11,000 per violation.
As part of the federal CAN-SPAM Act, the FCC must require cell providers (i.e. commercial mobile radio services) to turn over the names of the internet domains on which they provide service. This article explores the so-called “wireless domain registry.”
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:
- Wireless Domain Registry (II.E.d.)