North Carolina Attorney General Roy Cooper answered a constituent’s question about spam by stating that CAN-SPAM gives individuals a private right of action against spammers in federal court.1 It does not, and the error is worth correcting on the record because it is still widely repeated.
Section 7706 of the Act sets out who may bring an action under CAN-SPAM. The list is specific: the Federal Trade Commission, other designated federal agencies, state attorneys general acting on behalf of state residents, and internet access service providers.2 Individual consumers are not on that list. A private citizen who receives unwanted commercial email cannot sue the sender under CAN-SPAM, regardless of how many violations the message contains.
This is not some obscure technical point. It is the standing provision of the statute. That’s the part that decides who gets to walk into court in the first place. An attorney general is precisely the official the Act empowers to bring suit on behalf of consumers who cannot bring it themselves. Getting that wrong in a public Q&A should be embarrassing.
The absence of a consumer private right of action does not mean consumers are without recourse — just that it’s harder to come by. State attorneys general can and do bring CAN-SPAM enforcement actions. The FTC pursues enforcement independently. The federal statute’s standing limitation is a jurisdictional boundary that determines who may file the case, not whether a case may be filed.
Footnotes
- Ask Anything: 10 Questions with N.C. Attorney General Roy Cooper, WRAL (May 12, 2009), https://www.wral.com/news/local/story/5127876/. ↩︎
- 15 U.S.C. § 7706 (2003), https://www.law.cornell.edu/uscode/text/15/7706. ↩︎
About the Author
Mickey Chandler is a Consultant & Attorney with over 28 years of experience in Email Deliverability & Privacy Law. He has a strong background in email authentication infrastructure (SPF, DKIM, DMARC), ISP and mailbox provider relations, anti-spam policy and compliance, CAN-SPAM and state anti-spam law gained through overseeing the Abuse & Compliance team at Salesforce Marketing Cloud, originating the ISP relations role at Informz (now part of Higher Logic), and working in the fight against spam since 1997. He holds a B.A. in Government, a B.S. in Computer Information Systems, and a J.D. from the University of Houston Law Center. He is a certified CIPP/US professional and a certified CIPM professional.
