[16632]
October 8, 2003
TO: COMPLIANCE ADVISORY COMMITTEE No. 81-03
PRIVACY ISSUES WORKING GROUP No. 7-03
SEC RULES MEMBERS No. 134-03
SMALL FUNDS MEMBERS No. 56-03
TECHNOLOGY ADVISORY COMMITTEE No. 14-03
RE: CALIFORNIA ENACTS LEGISLATION REGULATING UNSOLICITED COMMERCIAL
E-MAIL
Former California Governor Davis recently signed into law broad legislation that
substantially revises current provisions governing the sending of unsolicited commercial e-
mail.1 In particular, this new law prohibits any person from sending into or from California an
unsolicited commercial e-mail advertisement unless the recipient of the e-mail (1) has provided
direct consent to receive the e-mail from the advertiser or (2) the recipient has a preexisting or
current business relationship with the advertiser. The provisions of this new law, which takes
effect January 1, 2004, are discussed in detail below.
PROHIBITIONS; DEFINITIONS
As mentioned above, California’s new law prohibits any person from initiating, or
advertising in, an unsolicited commercial e-mail advertisement that is sent to a California e-mail
address2 or from California. (See Section 17529.2) The following definitions in Section 17529.1
of the new law are necessary to fully understand this prohibition:
1 A copy of this new law, Senate Bill 186, is available through the website of the California General Assembly at:
http://www.assembly.ca.gov/acs/acsframeset2text.htm. Under current California law, a person is prohibited from
sending an unsolicited commercial e-mail unless the sender includes on the e-mail a toll-free phone number or valid
sender-operated return e-mail address that a recipient can use to opt-out of any future unsolicited e-mail. In
addition, certain unsolicited e-mail must include the designation “ADV” or “ADV:ADLT” in the heading. See Section
17538.4 of the California Business and Professions Code.
2 The law defines “California e-mail address” to mean an e-mail address furnished by an e-mail service provider that
sends bills for furnishing and maintaining that e-mail address to a mailing address in California or an e-mail address
ordinarily accessed from a computer located in California.
2
“Commercial e-mail advertisement” means any e-mail message initiated for the purpose of
advertising or promoting the lease, sale, rental, gift offer, or other disposition of any
property, goods, services, or extensions of credit. (Emphasis added.)
“Unsolicited commercial e-mail advertisement” means a commercial e-mail advertisement sent
to a recipient who meets both of the following criteria: (1) the recipient has not provided
direct consent to receive advertisements from the advertiser; and (2) the recipient does
not have a preexisting or current business relationship with the advertiser.
“Direct consent” means that the recipient has expressly consented to receive e-mail
advertisements from the advertiser either in response to a clear and conspicuous request
for the consent or at the recipient’s own initiative. (Emphasis added.)
“Preexisting or current business relationship” means that the recipient has made an inquiry and
has provided an e-mail address, or has made an application, purchase, or transaction,
with or without consideration, regarding products or services offered by the advertiser.3
However, this definition further requires e-mail sent pursuant to this exemption to
“provide the recipient of the commercial e-mail advertisement with the ability to ‘opt-
out’ from receiving further commercial e-mail advertisements by calling a toll-free
telephone number or by sending an ‘unsubscribe’ e-mail to the advertiser . . .”
In addition to the above discussed prohibition, the new law also includes provisions
prohibiting other conduct relating to e-mail such as: collecting e-mail addresses posted on the
Internet if collected in order to send unsolicited commercial e-mails; using an e-mail address
obtained by using automated means based on a combination of names, letters, or numbers to
send unsolicited commercial e-mail; using “scripts or other automated means” to register for
multiple e-mail accounts from which to send unsolicited commercial e-mail; sending
commercial e-mail to or from California that contains or is accompanied by either a third party’s
domain name without such party’s permission or by falsified, misrepresented, obscured, or
forged header information4; or sending or receiving commercial e-mail that has a subject line
that a person knows would be likely to mislead a recipient about a material fact regarding the
contents or subject matter of the e-mail message.
The law also prohibits a registered user of an e-mail service provider, or an individual,
corporation, or other entity from using or causing to be used that e-mail service provider’s
equipment located in California in violation of the service provider’s policy prohibiting or
restricting the use of its service or equipment for the initiation of unsolicited commercial e-mail.5
3 Note that the law does not include a time limit on this “preexisting” business relationship.
4 This provision expressly authorizes the sending of “truthful information used by a third party who has been
lawfully authorized by the advertiser to use that information.”
5 The law clarifies that an e-mail service provider is not required to create a policy prohibiting or restricting the use of
its equipment for the initiation or delivery of unsolicited e-mail advertisements.
3
SANCTIONS FOR VIOLATIONS
Section 17529.8 of the new law subjects violators to civil penalties, including actual
damages and/or liquidated damages of $1000 for each unsolicited commercial e-mail
advertisement, up to one million dollars ($1,000,000) per incident.6 A prevailing party may also
recover reasonable attorney’s fees and costs. The law authorizes the e-mail recipient, an e-mail
service provider, or the Attorney General to bring an action against a person violating the law.
Tamara K. Salmon
Senior Associate Counsel
6 In addition to these civil remedies, Section 17538.45(f) of the new law permits an e-mail service provider, “in
addition to any other action available under law,” to bring a civil action against any person who has violated the
service provider’s policy on unsolicited e-mail. (However, if the service provider brought an action under Section
17529.8 of the new law, it may not also bring an action under Section 17538.45(f).) In such action, the service provider
may recover the actual monetary loss suffered by the provider from the violation or liquidated damages of $50 for
each e-mail message initiated or delivered in violation of the policy, up to a maximum of $25,000 per day, whichever
is greater. In any such action, the service provider must establish that the violator had actual notice of the service
provider’s policy and the violation involved the provider’s equipment in California.