The year 2020: SPAM and data privacy for all

 Approximately 10-12 minute read

  • New email and data privacy regulations in effect are giving businesses; many fear that email marketing will be severely impacted.
  • We look at how businesses are effected by email regulations currently in place, and what the world’s largest companies have done in terms of consumer data privacy.
  • Be honest with you customers about how you handle their sensitive data, and create content that is relevant to your customers so you don’t end up in SPAM boxes.


When you’ve worked hard on your email marketing campaigns, it can be extremely frustrating to know that many of them may be ending up in SPAM folders thanks to constantly changing privacy filters. As privacy regulations change, it’s vital to keep up with these changing online laws in order to remain in compliance. When you adhere to guidelines, customers will be satisfied that their privacy is protected and your well-crafted marketing emails will still make it into inboxes. Listed below are a few of the most important privacy regulations and what they mean for your business.


Table of Contents

Official privacy regulations

California Consumer Privacy Act (CCPA)CAN-SPAM | EU General Data Protection Regulation (GDPR)

Company and website privacy regulations

Facebook | Twitter | Website Cookies | Apple | Google | Amazon


What does it all mean for the marketing landscape?


Disclaimer: As much as we love to help other marketers, the information provided in this post is only to be used for reference to better understand what these laws may mean to your business. Always consult with your legal team to alter and adhere to your required laws and/or policies properly.


Official privacy regulations


California Consumer Privacy Act (CCPA)

The CCPA, which came into effect in 2018, gives California residents the following rights:

  • The right to a much more in-depth understanding of what companies use their data for.
  • Californians are able to see all the information that a company has on them, which includes a list of third parties that have access to that information.
  • If privacy guidelines are violated, citizens have the right to sue the offending company.

This law will go into effect on January 1st, 2020. If your company has at least $25 million in annual revenue and serves California residents—even if you aren’t a California-based company—you’ll need to comply with the CCPA. Companies that have personal data on at least 50,000 people, or companies that earn at least half of their revenue through the sale of personal data, are also affected by this act.

Ideally, this act means that consumers can be reassured that they know where their data is and who has access to it. What this means for companies is that all organizations affected will need to have a reliable data tracking system in place so that any collected data can be given to consumers who request it. Companies will be given 30 days to comply after being reported for a violation. If that 30 day window closes, an offending company can be fined up to $7,500 per record.



The CAN-SPAM act, which was passed in the United States in 2003, was put in place in order to give private citizens more control over the increasing amount of commercial emails they were receiving. It lays out a basic rule structure for marketers to follow, and can result in penalties of up to $42,530 if disregarded. Fortunately, it’s fairly easy to comply with CAN-SPAM’s guidelines, which include the following:

  • Header information and subject lines must accurately list who the sender is and what the email contains.
  • The message must be identified as an advertisement, although there are many different acceptable methods that can be used to convey this.
  • Provide a physical contact location for your place of business.
  • Give recipients an option to unsubscribe from future emails, and honor those requests within ten days.
  • Monitor what others are doing on your behalf, including any other companies that might be responsible for your marketing efforts.

This act essentially gave consumers more straightforward information about who was contacting them, and made it easier to opt out of emails. As a result, businesses had to drop certain marketing tactics and make a concentrated effort to be more transparent in their email campaigns. The CAN-SPAM act has disenfranchised many noncompliant marketing platforms and charged others with enormous fines, so it’s well worth your time to make sure your emails agree with CAN-SPAM.


EU General Data Protection Regulation (GDPR)

Just like any business that works with Californian citizens must adhere to the CCPA, any company with customers in the European Union must follow the GDPR. This law, which was enacted in 2018, is meant to protect EU citizens’ personal data. To adhere to this regulation, your company must provide the following to all customers:

  • The ability to consent to data processing.
  • Anonymity in regards to collected personal data.
  • Data breach notifications when applicable.
  • The services of a data protection officer to ensure GDPR compliance.

Consumers will have more control over where their data goes and who has access to it. Companies will be expected to be more forthright and transparent about their use of customer data. The GDPR has harsher penalties for non-compliance than previous data security methods. For example, GDPR enforcing agents may order data to be erased, block data transfers, and require certain changes to be made within hard deadlines. While fines will vary situationally, they may reach up to 20 million euros, or 4% of a company’s total annual turnover; whichever is greater.


Company and website privacy policies

They may not have legal consequences, but it’s also important to understand the consumer privacy data policies on popular websites. These policies are trending towards increased protection for consumer data, which may impact your ability to individually customize content in your marketing efforts.



In April of 2018, Facebook updated its privacy policy. This update included the following changes:

  • It’s now easier for Facebook users to understand how their data is being used.
  • Facebook explicitly asks users whether they want to see targeted ads, or share religious or political information.
  • Canadian and European users must choose to allow the company to use facial recognition.
  • minors using the site have increased protections, particularly against targeted ads.

Overall, Facebook’s privacy policy hasn’t changed too dramatically. However, it does mean that consumers are more likely to opt out of personalized ads, which can be a detriment to effective Facebook marketing.

Related: 3 ways to conquer your Facebook and Instagram ads; Simple social ad sync to get your data into Facebook and Instagram to capture more customers.  



With 126 million daily users, including several world leaders and leading industries, Twitter is an important tool to reaching an audience. Understanding Twitter’s privacy policy can help you have useful interactions with that audience.

  • Simple actions like looking at Tweets will share IP address and device type with the company.
  • Twitter uses shared information as well as data like past Tweets that a user has liked or shared to assume information about their users, and offer ads accordingly.
  • Twitter users can access their settings to control elements like account security and marketing preferences, and which apps have access to this information.
  • The company also makes an effort to be accessible to users, offering to answer any questions a user might have about their privacy.

Like many social media platforms, Twitter uses personal information to generate ads and other content. Simultaneously, Twitter is making it easier for the average user to understand what data is being used to provide ads for them and opt out to a certain extent if they choose to.


Website cookies

Websites that use cookies store bits of information about which pages internet users visit. They contribute heavily to a personalized web experience, which can be very helpful for marketers to reach their desired audience. However, because these cookies can develop a profile of a person, they have recently come under fire for violating privacy. In order to comply with today’s standards, websites must do the following:

  • Inform visitors if they use cookies.
  • Provide a brief explanation of what their cookies do.
  • Allow site visitors to consciously choose to continue to a page that uses cookies.

Making consumers aware of cookie usage is another effort to give web users a more private online experience. While these cookie changes and Facebook’s privacy updates can help consumers feel safer online, they do make it harder for marketers to reach individuals with customized content. Many people will likely continue to use the internet as always, but as a business, you need to be aware that people may now be more elusive online. In general, people are much more sensitive to their privacy now than in the past, and you will benefit if you’re able to market with this in mind.



Apple products are also following the trend towards increased privacy for consumers. A few of their methods are as follows:

  • Apple users Differential Privacy, which means random information is added to individuals’ data. This prevents specific data from being attributed to a certain device. Instead, Apple analyzes the average of large amounts of data set.
  • Apple Pay does not track purchases, so users can’t receive personalized ads through Apple’s purchasing app.
  • Apple also utilizes Intelligent Tracking Prevention (ITP), which cuts down on cross-site tracking and eliminates certain cookies. With ITP, personalized ads and other content are less likely to reach users.
  • Apple users can tap on ads to see why that particular ad was shown to them. They can also go into their settings to discover what data is being used to generate their ads.

As you can see, Apple is making real efforts to let users know exactly why they’re receiving certain ads, and actively cutting down on the likelihood of personalized ads reaching their target. Savvy Apple users will be able to see what data they’re sharing, and may choose to start restricting it. If Apple users aren’t receiving your marketing materials, some of Apple’s recent efforts might explain why.

Related: What Apple’s privacy strategy means for eCommerce



So many internet users are active on various Google platforms, including Gmail, Google Maps, YouTube, and the Google search engine itself, that Google’s privacy policies are extremely important to keep in mind. While Google is also providing increased transparency and privacy protections, several of their methods are more ad-friendly than other companies. For example:

  • Google doesn’t sell personal information or allow outside sources access to emails, but the company does present ads based on things like current and past search results, previous interactions with ads, types of websites visited in the past, and activities conducted on other devices.
  • Google doesn’t specifically show or hide ads based on potentially sensitive material, including race, religion, sexual orientation, etc.
  • Google connects advertisers with Google users, but only shows information that a user has specifically allowed Google to share.
  • By accessing their Google Account, Google users are able to see what information is being used to personalize their ads. They can turn off specific interests or information, or turn off personalized ads entirely.

Google is generally fairly friendly to advertisers, but still gives users the option to opt out of specific ads. If your advertisements are relatively unobtrusive, it’s unlikely that your average user will make the effort to access their Google Account to turn off these ads.



This shopping behemoth now accounts for roughly 5% of all retail spending across the entire United States, meaning there’s a lot to gain from understanding Amazon’s privacy policy.

  • Amazon uses cookies to collect information on users based on the products they’ve viewed or purchased in the past, as well as their Amazon wish lists, their physical location, and other data. This information is used to generate ads and other suggestions.
  • Amazon provides an outline on how to disable or limit cookies, although it recommends against it for a more personal Amazon experience.
  • Amazon uses third-party service providers, and these providers have access to just enough personal information to perform their services.
  • Amazon provides the option for users to adjust their advertising preferences, or to limit the amount of information Amazon has on a specific customer.
  • Amazon states that it is designed to be used by adults, and will never intentionally collect data on children under age 13.

By accessing Amazon’s advertising platform, you have the potential to reach an enormous number of clients—just do so with Amazon’s privacy policy in mind.


What does it all mean for the marketing landscape?

If your company has any online marketing presence or does anything with private data, it’s crucial that you stay on top of the rapidly changing and far-reaching data privacy requirements, in addition to email rules and regulations. As we mentioned previously, industries fear apocalyptic consequences, and that businesses will dramatically change how they operate.

Businesses should not have to worry about an email marketing meltdown. If you’re already providing a relevant experience to customers, your open and engagement rates should be keeping you on the other side of SPAM boxes already–so just keep up the good work. There are so many factors that play into beating SPAM filters, but understanding the rules and regulations is the first step. Similar to giving out personal data, consumers don’t mind receiving promotional emails if done at the right frequency and if it relates to their interests. Email has remained strong as the preferred form of communication throughout the years, and that doesn’t look like it’s changing any time soon. If you’re providing what your customers want they’ll always be a customer.

Don’t be too intimidated by the push for privacy; over half of all American internet users have stated that they are willing to share personal data if they trust the source and believe they will benefit from providing this information. Similarly, over 60% of Americans believe that sharing information online is essential for the modern economy. When you make an effort to be upfront with your customers, they will likely be willing to provide information as usual. If you can maintain a good relationship with your customers and potential customers while obeying privacy laws and keeping your marketing flexible and agile, your company will benefit.

Related: Provide a personalized experience using customer data with our data-driven marketer’s guide to email marketing.


Like what you read? Share the knowledge!

ReSci is a team of marketers and data scientists on a mission to democratize AI. We make powerful recommendations and predictions accessible to brands. Find out how we can help you connect with your customers.