Legal Definitions - What can states (and state-funded organizations) regulate?

When discussing what states and state-funded organizations can regulate regarding commercial email, it's crucial to understand the role of the CAN-SPAM Act.

The CAN-SPAM Act stands for the Controlling the Assault of Non-Solicited Pornography And Marketing Act. It is a federal law in the United States that establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out tough penalties for violations. A key aspect of CAN-SPAM is its "preemption" provisions, meaning it can override or limit the ability of states to create their own laws concerning commercial email.

Generally, states and state-funded organizations can regulate commercial email in specific circumstances, primarily when their regulations do not directly conflict with or create confusion regarding the federal CAN-SPAM Act. Here are the main areas:

• As Internet Access Service Providers (ISPs): If a state entity, such as a state university or a public library system, also acts as an internet access service provider for its users, it may implement its own policies to manage its network and protect its users from unwanted email, even if those policies are stricter than CAN-SPAM's general rules. This is because they are managing their own infrastructure and user experience.
• Consumer Protection and Deception Claims: States can still pursue claims under their general consumer protection laws for deceptive content or fraudulent practices within commercial emails. The CAN-SPAM Act primarily regulates the *sending* of commercial email (e.g., requiring unsubscribe links, accurate headers), but it does not preempt state laws that address the *truthfulness* or *fairness* of the content itself.
• State Laws that Don't Conflict: States cannot enact laws that create different, conflicting rules for the *sending* of commercial email that would cause confusion about what law applies. However, state laws that address aspects not covered by CAN-SPAM, or that complement it without creating contradictory obligations, may survive preemption.

Here are some examples illustrating these points:

• Example 1: A State University's Email Policy

  A large state university provides email accounts to all its students, faculty, and staff. To protect its network and users from phishing attempts and excessive unsolicited messages, the university implements an IT policy that automatically filters and blocks emails from certain domains or those containing specific keywords, even if those emails technically include an unsubscribe link and accurate sender information as required by CAN-SPAM. This policy applies to all email traffic within the university's network.

  How it illustrates the term: In this scenario, the state university is acting as an internet access service provider for its community. Its policy is designed to manage its own network and protect its users from specific threats, which is generally permissible. This type of internal network management is typically not preempted by the CAN-SPAM Act, allowing the state-funded organization to regulate email usage within its own domain.

• Example 2: State Consumer Protection Against Deceptive Email Content

  A company sends commercial emails to residents of a particular state, advertising a "miracle cure" for a common ailment. While the emails comply with CAN-SPAM by including a clear unsubscribe option and accurate sender information, the claims made about the product's effectiveness are entirely false and misleading. The state's Attorney General files a lawsuit against the company under the state's general consumer protection act, alleging deceptive advertising practices.

  How it illustrates the term: This example shows that states retain the power to regulate the *content* of commercial emails for fraud and deception. The state's action is not challenging the company's compliance with CAN-SPAM's rules for *sending* commercial email, but rather the truthfulness of the claims made within those emails. State consumer protection laws addressing misleading advertising are generally not preempted by the CAN-SPAM Act.

• Example 3: A State Attempting to Create Stricter "Opt-In" Requirements

  A state legislature passes a new law requiring all businesses to obtain explicit "opt-in" consent from residents before sending them any commercial email. This state law also imposes significantly higher fines for violations than the federal CAN-SPAM Act. Under CAN-SPAM, commercial emails are generally allowed until a recipient "opts out" by unsubscribing.

  How it illustrates the term: This state law would likely be preempted by the CAN-SPAM Act. It directly conflicts with the federal law's "opt-out" framework for commercial email and creates a different, more stringent standard for the *sending* of such emails. Such a conflicting state law would create confusion for businesses operating across state lines and is precisely the type of regulation the CAN-SPAM Act was designed to prevent states from enacting.