Ask the Compliance Experts: Where do you predict Email Compliance at a legal and technical level going in the next 5-10 years?


In 2021, Webbula launched a video series, 'Ask the Email Experts' where we sat down with email industry experts to discuss various topics within the email marketing world. 

Webbula would like to introduce our new series. 'Ask the Compliance Experts'. A series that brings awareness to compliance and security within the email industry utilizing top deliverability and compliance experts.

Subscribe to our newsletter to keep up with new each month.  

Are you a compliance expert and want your voice to be heard in the series? Let us know! 

Yanna-Torry Aspraki
Dennis Dayman
Tawab Safi 
Tom Wozniak




Yanna-Torry Aspraki

Deliverability Specialist and CRO of EmailConsul



I strongly believe that senders will not be able to ignore or hide from various email compliance regulations on both a legal and technical level in the next 5-10 years. Senders are already feeling the changes in spam filters. We are already seeing changes in the industry as ISPs are starting to be “strongly pushed” into looking at and enforcing and accepting emails that are properly authenticated. We can also see how different compliance laws are popping up all over the world, and have quite a lot of similarities. Of course in all of them there is quite a big grey area; Different industries, different thresholds, different rules. But all in all, just as Radek Kaczyński states Email Deliverability is achieved as a result of Love & Respect. And that is want the various regulations (and spam filters and ISPs) expect and enforce from us senders!


First and foremost, we need to accept that legally and technically if we do not abide by them we will be penalized. We can push and complain and argue, but one day, we will have run out of time, and it will be too late to easily fix our sender reputation and to pivot into finally being compliant. More often than not, we don’t even realize we have issues. Email data isn’t as precise as we would like or need it to be. Let’s not make it more complicated than needed.

There is a big divide happening. Senders with great budgets for specialists who know what is happening before it even happens in the world of emails and tools to simplify and reduce resources needed for example will be at the front, confident their emails are landing in the inbox  while remaining compliant (even if it is in the grey area), especially when they are following best practices. Smaller senders who are unaware or just find every excuse to continue buying lists, not taking the time to find help authenticating their sender domains, or completely unaware of how email statistics are calculated and work, will have a hard time inboxing.





Dennis Dayman

Resident Chief Information Security Officer of Proofpoint



Well, if you had asked me this a few years back, I would have said we would be seeing much less spam and or issues and confusion around opt-in and best common practices within email marketing, but still today we see so much of what was mid 2000’s still occurring. It’s still shocking to me as well how many companies still don’t still take email compliance serious after all the years. I stopped doing multiyear predictions mostly because predications don’t take a lot into account including all the geopolitical issues occurring that puts so many other things like regulatory compliance issues in the back seat. We just don’t

know what over the next two (2) years will happen to us a world, yes that was a Covid-19 thought. Things change too quickly for us to properly predict things. 

What I can say is what I want to see happen and that is simple, I want to see more companies stop looking at their process and programs in relation to what has to be done because the law says so. I want to see companies put people and their information protection practices first. To think about what you are about to do by using this data for a specific purpose. Data protection requirements will not hurt your business metrics. On the contrary, they will protect your brand’s reputation and build relationships of trust with your consumers. With the right technology in place, your company can turn a compliance obstacle into a business opportunity. What if we told you that privacy regulations are an opportunity to build customer loyalty? Inform your customers about how their data is collected and used, the length of time it is kept, the purpose for which it is collected, and the people who have access to it, and they will be grateful. There is only one key to success here: transparency.

After all, transparency always comes first if you want to create a relationship that is based on trust. It will come as no surprise to you to learn that users are increasingly looking for companies with privacy practices that are above board, while they pay more and more attention to those with rogue privacy practices.

All companies should be concerned about how they collect, store and use user data. Good data management ensures user engagement with your company and a better reputation for your brand. Better privacy practices also allow to avoid high fines from data privacy regulations.


Is your Data Quality failing you?

Does your data look like this? 

Data Quality-02

But you want it to look like this?

Data Quality-03

Learn how Webbula can help improve your data quality today.




Tawab Safi

CEO of InnSolu



In the times to come, leading marketers will be those who would respect their subscribers’ privacy and give them complete control over the information they receive. Privacy laws such as GDPR or CCPA will only help them do that. The focus would shift from growing email lists to retaining subscribers as the email list acquisition tactics such as email list building tools would become non-compliant and outdated. This will allow marketers to focus on hyper-personalized and targeted campaigns while providing value to their subscribers.

Before the European Union’s General Data Protection Regulation (GDPR) went into effect in May 2018, there were predictions that these new strict laws would reduce email lists, stamp out new opt-ins, and damage marketers’ use of email to achieve their business goals.

However, the UK DMA’s 2019 Marketer Email Tracker Report proved otherwise. 60% of brands who complied fully or in part with GDPR saw either no effect on list size or a loss of less than 10%, and 56% of UK email marketers believed there was a positive impact of GDPR on their operations. Among the responses, 41% said opt-out rates decreased, 55% said spam complaints were down, and 55% said email deliverability had improved.

So, even though email compliance might impact the overall number of people you reach out to, that number is insignificant as you’re focusing your resources more on communicating with people who want to hear from you while encouraging others with similar intent to sign up as well- thus improving the overall quality of engagement.

Most importantly, it’s not even as technical as it seems. Email compliance can be as simple as stating that your emails adhere to Payment Card Industry (PCI) compliance and GDPR standards while sending out emails to subscribers, informing them whenever you update your privacy terms, and enabling email opt-out features.

The California Consumer Privacy Act (CCPA), also referred to as AB 375 and introduced in January 2020, is already a precursor to a national standard. It follows the guidelines of GDPR while broadening the definition of what constitutes private data.

AB 375 may only protect consumers residing in California, but more states are following suit and passing their privacy regulations. With consumer privacy now being protected for California residents, businesses are learning that their email marketing strategies – in-house and by third parties – need to change.

In the next 5-10 years, email compliance will become paramount, and marketers will have no choice but to embrace the data privacy regulations. If they won’t, they will not only risk a hefty fine (already up to $16,000 per non-compliant email sent) but also become out of touch with the ever-changing customer needs and wants. Many data privacy regulations will be revised, raising the bar for consumer protection worldwide and giving consumers more control over the kind of emails they receive.






Tom Wozniak

Executive of Marketing at Optizmo



Technology and the law are always evolving and that won’t stop in the next 5-10 years. In fact, both are more likely to change more rapidly, with technology leading the way and regulation changing to adapt to new marketing technology.  

From a legal perspective, we’ve already seen numerous U.S. states pass their own data privacy laws in recent years. The challenge for marketers in every channel is the fact that these state laws are not aligned with each other and in some instances may even contradict one another. That creates an extremely challenging environment for marketers who try to comply. With this being the case, it is likely just a matter of time before we have a federal data privacy law in the U.S. and, as it happens, a data privacy bill was recently introduced in Congress. 

While these data privacy laws (the new bill in Congress included) don’t typically focus on email marketing specifically, they all have the potential to impact how companies collect, store, and use email address data for marketing purposes. Currently, none of these laws are likely to supersede The CAN-SPAM Act of 2003, but nevertheless, email marketers need to pay attention to these developments over the upcoming years.

On the technical side, we’ve already seen recent developments like Apple’s Mail Privacy Protection Program have a growing impact on how marketers can track the performance of their email campaigns. Similarly, the slow but steady end of the third-party cookie impacts marketers’ ability to connect a sale or conversion back to the channel that drove the action. Additional changes from email service providers like Yahoo! and Gmail will impact email deliverability and how easily marketers can actually get their campaigns delivered to consumer inboxes.

It wouldn’t be surprising to see other device manufacturers or software companies develop their own types of email privacy features that could have a significant impact on how email marketers can measure a wide variety of KPIs (open rate, click rate, conversion rate, etc.). 

All that said, email as a communications and marketing channel isn’t going anywhere. The email address remains arguably the most valuable piece of personally identifiable data for consumers and marketers alike. It provides the means to communicate with the companies consumers do business with, as well as being central to virtually every website or app login that people use on a regular basis. While you may use FaceID or TouchID to log into a variety of apps on your phone, it’s easy to forget that you likely needed an email address to sign up for them in the first place. 

So, looking ahead in general, I would predict that there will be more laws that impact email marketers in the U.S. but that CAN-SPAM will continue to provide the overarching rules for the foreseeable future. On the technical side, privacy features created by hardware and software companies will make tracking email performance more challenging. Similarly, developments from inbox providers will continue to make deliverability a key element to success in email marketing.







If you enjoyed this post, be sure to look for future posts in this video series by signing up for our weekly newsletter!

Check back next month to listen to our next round of email experts' answers to, "What to do if someone threatens to sue you due to data compliance and processing issues."


Verify, Protect and Grow Your Database