I just got an email from
Anne P. Mitchell, Esq.,
President/CEO of the
Institute for Spam and Internet Public Policy and
Professor of Law, Lincoln Law School of San Jose. She informs me of a new law that I had never heard of, and maybe you haven't either. It is a kind of "do not call" registry, but for children. The law goes into effect July 1st in Utah and Michigan.
Ms. Mitchell was kind enough to let me share with you her email:
I wanted to let you know about a legal quandry in which every sender of commercial email is about to find themselves.
Last year, both the states of Michigan and Utah passed laws that mandated that they each create a "child protection registry" -- a list on which can be placed email addresses either 'belonging' to children, or to which children have access.
Under these laws, which are taking effect next week, if an email sender sends commercial email to any email address on the child protection registry, and if a primary purpose of that email is to advertise, or to link to an advertisement for, any product or service which is otherwise off limits to children (such as alcohol, tobacco, gambling, illegal or prescription drugs, or adult-themed content), that email sender faces strict liability which can include up to 3 years in prison, and fines of $30,000 or more. In addition, ISPs and the individuals whose email addresses are on the registry have a right of action against the sender, as does the state attorney general.
In order to avoid running afoul of the registry laws, emailers must either:
1. Ensure that they never send any email containing unpermitted materials, links to unpermitted materials, or even links to sites which have information about the unpermitted materials; or
2. Match their mailing lists against the email registries maintained by Michigan and Utah, on a monthly basis. There is a per-email-address fee associated with this list matching. Email lists are provided to the state in an encrypted fashion, and the email address registry is also encrypted.
Obviously these new laws raise some large legal and practical issues, not the least of which is that very few email senders have any idea that this is coming down the pike, even though the registries are mandated to be up and running no later than next Friday, July 1st, and compliance and enforcement to begin within thirty days following.
More to the point, however, even the most conscientious of emailers runs the risk of running afoul of these laws if they don't run their mailing list against the registries every month, for which they must pay. Consider what happens if I sign up for a Groklaw mailing list, and I also put my email address on one of the registries because my 16-year old sometimes has access to my email account. Now imagine that you send out a mailing to the mailing list which talks about the Internet wine sales case, and in that story is a link to one of the online wineries' sales sites. If that mailing goes to my registry-listed email address, you've just broken the law. The only way to ensure that this doesn't happen is to have scrubbed your mailing list against the Michigan or Utah registry, at which point my email address will be removed from your list (and then I will complain when I don't get your mailings for which I signed up).
We have more information up at our site at http://www.isipp.com, and hopefully there will be more sites with more information up within the next few weeks.
Anne P. Mitchell, Esq.
Institute for Spam and Internet Public Policy
Professor of Law, Lincoln Law School of SJ
Advisor, Kinar Secure Email
Advisor, Relemail Email Privacy Certification
Advisor, Virus Bulletin
The only safe thing is to never include links to any site that has such ads. Considering how ads come and go by the minute on some sites, it's a daunting task. Now, Groklaw doesn't send out a newsletter, and we're not a commercial site and her example was as if we were, but we used it for illustrative purposes. I know many of our readers do have businesses that send out newsletters, and for that reason, I thought it was important to mention these new registries.
Details here and some highlights from that page:
The laws to which Mitchell refers are the new Michigan and Utah "Child Protection Registry" laws. Under the laws both states must, no later than July 1st, create and operate email address registries similar to currently-existing "do not call" lists. Individuals may place on the registries any email address "to which a minor may have access". Schools and other child-focused organizations may also register entire Internet domains.
Once an email address is on the registry, commercial emailers are prohibited from sending it anything containing advertising, or even just linking to advertising, for a product or service that a minor is otherwise legally prohibited from accessing, such as alcohol, tobacco, gambling, prescription drugs, or adult-rated material. This is the case even if the mailing was requested. In order to ensure that they don't send unpermitted material to any email address on the registry, email senders are required to match their mailing lists against the registries on a monthly basis, for which they must pay both Michigan and Utah a per-email-address fee. . . .
Failure to comply with the new laws can lead to state-imposed penalties including "imprisonment for not more than 3 years or a fine of not more than $30,000.00, or both," and Internet service providers and individuals may also sue under the new laws.
Said Tom Kulzer, CEO of AWeber Communications, a leading commercial email auto-responder service, "Businesses should recognize that, right or wrong, these laws affect both solicited and unsolicited email." . . .
"It's immaterial whether one agrees with these new laws or not," advises Mitchell, who teaches Internet Law to upper-division law students at Lincoln. "Unless and until these laws are ruled invalid by a court, an emailer has only two choices to avoid getting into legal trouble: scrub their mailing lists against these registries once a month, or be sure that every single piece of email they send contains not even a hint of a link which someone could follow and find any of these forbidden products or services."
"It doesn't matter that these laws are coming out of left field for most emailers, or whether or not they are fair or make sense. They're here, compliance is required, and failure to comply can result in criminal and civil penalties," Mitchell added.
I asked her if being a noncommercial site makes any difference, in case I ever decided to send out a newsletter. The answer:
What matters is whether a) that email address is on the registry, and b) you send forbidden content. I actually think that you are *fine* - my example was assuming a commercial mailing list. But there will *always* be someone who wants to take it to the extreme, and I always try to advise people to take reasonable precautions to protect against that.
Here's some news coverage about the Utah bill, HB 165. Here's Michigan's, on page 21 [PDF]. Lawmakers in Illinois and South Carolina are considering similar legislation.