The Federal Trade Commission announced the release of a new Final Rule regarding the "Definitions and Implementation Under the CAN-SPAM Act" on May 12, 2008, which revises the Code of Federal Regulations implementing rules regarding CAN-SPAM, 16 C.F.R. Part 316. While largely reinforcing its observations in its Notice of Proposed Rulemaking, the Commission adopted a few new interpretations of defined terms, and offered some insight regarding CAN-SPAM implementation. The Commission:
1. Clarified that the definition of "person" includes organizations, commercial and non-profits alike;
2. Addressed scenarios where a single commercial e-mail contains advertisements for the products or services of multiple entities, and clarified who would be the "sender" of such an e-mail;
3. Addressed affiliate marketing schemes, and in certain situations extended CAN-SPAM liability to marketing entities and sellers whose affiliates send unsolicited commercial messages that violate CAN-SPAM.
4. Permitted the use of Post Office boxes and private mail boxes to satisfy the "valid physical postal address" requirement of CAN-SPAM, provided that the boxes are accurately registered pursuant to postal regulations;
5. Reiterated that recipients of commercial e-mail messages may not be charged a fee or any form of consideration to opt-out of future mailings, and should be required to provide no more personal information than their e-mail addresses to exercise their opt-out options.
6. Discussed "forward-to-a-friend" programs, and potential CAN-SPAM liability of a seller that includes such functionality on its Web site.
The Final Rule becomes effective 45 days after its publication in the Federal Register.
Priceline, Travelocity and Cingular Wireless each contracted with DirectRevenue LLC to deliver ads to consumers. To service its clients (including Priceline, Travelocity and Cingular Wireless), DR installed adware on millions of computers. The adware, which was undisclosed to users and difficult to remove, monitored the websites visited by the users and collected the information they typed into web forms. The NY AG filed a law suit alleging that DirectRevenue had violated New York consumer protection law, then pursued DirectRevenue's three major advertiser clients.