By: Emily Rumball

When email engagement drops or deliverability weakens, regulation is often blamed. CASL, Law 25, and Privacy rules. The argument is familiar: Compliance made email harder.

Geoffrey Blanc, General Manager at Cyberimpact, a Canadian email marketing platform recognized by The Globe and Mail as one of Canada’s fastest-growing companies of 2025, hears this explanation constantly. He also hears it directly from students, faculty, and administrators when he speaks at colleges and universities across the country about the future of email, data governance, and digital trust.

In those rooms, the pattern is consistent: The problem is rarely the law.

That explanation no longer holds.

Recent Canadian reporting on “Buy Canadian” technology policies shows how often local presence is confused with local control. Foreign-owned platforms can still qualify as Canadian, even when governance, data access, and legal authority sit elsewhere. The same misunderstanding appears in inboxes every day.

Email marketing did not start failing when privacy laws arrived. It started failing earlier, driven by volume-first habits that trained audiences to ignore messages.

What Privacy Laws Actually Changed

“Compliance didn’t change how email works,” Blanc says. “It changed what gets exposed. If your program relied on questionable consent or mass sending, privacy laws didn’t break it. They revealed it.”

Blanc’s perspective comes from experience across both the private and public sectors. He works closely with municipalities, universities, healthcare systems, nonprofits, and regulated businesses that use email to deliver critical information. Before leading Cyberimpact, he spent years building and operating digital platforms, giving him a practical view of how technology, governance, and trust intersect in real organizations.

Many of these conversations now start with the same realization: Trust comes from alignment with law and accountability, not shortcuts.

For years, scale passed as strategy. Lists were uploaded without proof of opt-in. Messages went out to anyone who had not unsubscribed. Engagement looked acceptable because volume hid irrelevance. Trust eroded quietly.

When CASL, PIPEDA, and Quebec’s Law 25 enforced clearer rules around consent and transparency, many organizations felt restricted. In practice, the tactics that disappeared were already underperforming.

Why This Shift Matters in Canada

This change extends beyond marketing teams.

Public institutions, universities, healthcare systems, and municipalities rely on email to deliver essential information. For them, trust directly impacts operations. Messages that reach people who never asked to receive them create risk, not efficiency.

“Email today is filtered by trust, not frequency,” Blanc explains. “Inbox providers reward signals that show respect. Clean consent. Clear purpose. Consistent behavior. That applies whether you are a business or a public institution.”

The Canadian context sharpens this reality.

As debates continue over what it means to support domestic technology, organizations are questioning assumptions about data residency. Hosting data in Canada does not guarantee Canadian governance. Ownership, legal jurisdiction, and control determine accountability. These questions now surface in procurement discussions, classrooms, and boardrooms alike.

Blanc sees this shift firsthand in his academic talks and executive briefings. Organizations assume compliance because data appears local, without examining who governs the platform and which laws apply when access is challenged.

Why Trust Defines Modern Email Performance

Cyberimpact was built with that governance structure in place from the start. Canadian-owned and governed under Canadian law, it was inherently designed to manage consent and data handling by default. Its growth, including national recognition from The Globe and Mail, reflects rising demand for platforms aligned with Canadian legal and trust expectations.

In this way, trust cannot be added after the fact.

“When people understand where their data lives and who is accountable for it, engagement improves,” Blanc says. “Privacy becomes part of the relationship.”

Organizations that rebuild email programs around permission and relevance see consistent results. Lists become smaller, performance improves, deliverability stabilizes, and audiences respond.

Privacy laws did not end effective email marketing. They forced a reckoning with habits that no longer worked.

Email now functions as infrastructure. Infrastructure only performs when people trust it.