What’s the outlook for global harmonization (EU vs US vs LATAM)?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Email standards are actually more harmonized than most people realize, and less harmonized than they probably should be. The split depends on what kind of standard you're talking about.
Technical standards (SPF, DKIM, DMARC, bounce handling, TLS) are essentially global. Mail servers around the world speak the same protocols. A message from São Paulo to Stockholm goes through the same authentication checks as one from Seattle to Singapore. This is genuinely harmonized and has been for years.
Behavioral and consent standards are a different story. GDPR requires opt-in consent and gives subscribers rights (access, deletion, portability). CAN-SPAM only requires opt-out and doesn't mandate opt-in. CASL in Canada sits between them. Brazil's LGPD closely mirrors GDPR. These are genuinely different legal frameworks with real consequences if you apply the wrong one.
The trend, though, is toward GDPR's higher standard spreading globally. California's CCPA, Brazil's LGPD, India's PDPB (still being finalized) all borrowed from GDPR's consent-first philosophy. Countries without their own privacy laws are watching what enforcement looks like under GDPR and calibrating. Whether you see this as good (better protection for subscribers) or challenging (more compliance work) probably depends on where you're sitting.
For senders who operate globally, the practical approach is to apply your highest-applicable standard everywhere. It's simpler operationally and positions you well as regulations converge. If EU subscribers need opt-in consent, giving all subscribers opt-in consent is less complicated than maintaining jurisdiction-specific flows.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.