On March 28, 2011, the U.S. District Court for the Northern District of California held in Facebook, Inc. v. MaxBounty, Inc. that messages sent by Facebook users to their Facebook friends’ walls, news feeds or home pages are “electronic mail messages” under the CAN-SPAM Act. The court, in denying MaxBounty’s motion to dismiss, rejected the argument that CAN-SPAM applies only to traditional e-mail messages. The ruling is the most expansive judicial interpretation to date of the types of messages falling within the purview of the CAN-SPAM Act. While the court did not address the underlying merits of the CAN-SPAM claims, companies using social media in marketing should verify that they (and any marketing services they engage) comply with CAN-SPAM’s requirements for commercial messages sent via social media platforms.
However, the broad interpretation of the applicability of the CAN-SPAM Act could have far-reaching consequences for companies that use social media platforms for marketing. It is unlikely that more mainstream companies would adopt the aggressive tactics allegedly taken by MaxBounty, or that most social media platforms would take action against companies or users who were not abusing the system. Nevertheless, the CAN-SPAM Act requires that all commercial “electronic mail messages” comply with the following:
- The header information for the message (including the “From,” “To,” “Reply-To,” and routing information including the originating domain name and email address) must be accurate and identify the person or business who initiated the message;
- The subject line must accurately reflect the content of the message;
- The message must disclose clearly and conspicuously that it is an advertisement;
- The message must include a valid physical postal address for the person or business who initiated the message;
- The message must include a clear and conspicuous explanation of how the recipient can opt out of getting email in the future from the person or business who initiated the message;
- Any opt-out mechanism must be able to process opt-out requests for at least 30 days after the message is sent. A recipient’s opt-out request must be implemented within 10 business days.
The CAN-SPAM Act makes it clear that companies cannot contract away their legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible for compliance.
The FTC has been aggressive in pursuing violators of the CAN-SPAM Act’s requirements, and those who use social media to send what have now been defined as “electronic mail messages” ignore the act’s requirements at their peril.