What does CAN-SPAM, GDPR, and CASL define as valid consent?

CAN-SPAM allows implied consent from existing business relationships and requires working unsubscribe mechanisms, but does not require prior permission to send commercial email. It is an opt out rather than opt in framework.

GDPR requires lawful basis for processing, with consent being one option. Consent must be freely given, specific, informed, and unambiguous. Pre checked boxes and bundled consent are invalid. Explicit consent is required for certain data uses.

CASL (Canadian Anti-Spam Legislation) requires express or implied consent before sending commercial electronic messages. Express consent has no expiration; implied consent from business relationships expires after defined periods. CASL is more restrictive than CAN-SPAM.