The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy in the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and simplifies the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of individuals (also referred to as data subjects) inside the European Economic Area (EEA).

The California Consumer Privacy Act (CCPA), enacted in 2018, is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The CCPA grants consumers new rights, including the right to know about the personal data a business collects about them and its use, the right to delete personal data collected from them (with some exceptions), the right to opt-out of the sale of their personal data, and the right to non-discrimination for exercising these rights. It applies to businesses that do business in California and meet certain thresholds related to annual revenue, the amount of personal information they process, or derive a substantial portion of their revenue from selling personal information.

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 establishes rules for commercial email and messages, requires recipients be given the right to opt-out, and penalties for violations. It is a U.S. law passed in 2003 that sets the rules for commercial email and requires marketers to provide an opt-out method for recipients to unsubscribe from future emails.