This document provides an overview of Canada's Anti-spam Legislation (CASL) which comes into full effect in July 2014. It outlines the key aspects of CASL including what constitutes a Commercial Electronic Message (CEM), the requirements for express and implied consent when sending CEMs, and the identification and unsubscribe rules for messages. It also discusses CASL enforcement by the Canadian Radio-television and Telecommunications Commission and the potential liability for organizations and individuals. The document concludes by recommending essential tasks for organizations to prepare for CASL compliance such as reviewing consent practices and sign-up processes.
3. Where is CASL?
Dec. 2010:
Royal Assent
Mar. 2012: Final
CRTC Regs
Oct. 2012: CRTC
Guidelines
Dec. 2013: IC
Regs Final
Jul. 2014: CASL
(mostly) in force
Jan. 2015: Rules re:
Computer Programs in force
Jul. 2017: Private Right
of Action in force
3
4. Application
• CASL applies to messages that are
– “Commercial”: reasonable to conclude that one of its purposes is to
encourage participation in commercial activity
– “Electronic”: sent to an electronic address (email, IM, Telephone, or
other “account”)
• Exception: voice and fax messages excluded
– Sent to or from a computer system located in Canada
• Exception: does not apply to message sent to foreign jurisdiction
with anti-spam legislation
• Message sent to request consent is deemed to be a CEM
• Includes both newsletter-type communications (e.g., one-to-
many) and one-to-one communications
• Social media - Direct messaging: yes; Posts/tweets at large:
generally no
4
6. Express consent
• You ask for consent and recipient provides explicit response
• It is not express if someone simply provides their electronic
address
• Specific requirements when requesting consent:
– Clear purpose statement
– Identification information (name, physical address and one of email
address, web address or telephone number)
– Must inform recipient that they can unsubscribe
– Consent must be “opt-in” – no assumed consent by default
• Can be requested/provided electronically (e.g., web), on a paper
form, and verbally (either in-person or over the phone)
• Sender bears burden of proving consent: you must retain records
of consent provided (e.g., date, time and method stored in a
database)
6
7. Implied (deemed) consent
1. Existing business rel’p (e.g., purchase)
– Time limited (2 yrs for purchase, 6 months for inquiry)
2. Existing non-business rel’p
– Less relevant for business
3. Conspicuous publication
– More relevant to B2B; conditions attached
4. Electronic address provided to sender by recipient
– More relevant to B2B; conditions attached
7
8. Exclusions
1. Personal/family rel’p
2. Inquiry or application
3. Within organizations
4. Between orgs. with a
rel’p
5. In response to inquiry or
request
6. To satisfy legal
obligation
7. To provide notice of
legal rights
8. Certain messaging
platforms and accounts
9. To foreign states with anti-
spam legislation
10. Fundraising by
charities/political
parties/candidates
8
9. Sending requirements
• ID person sending or person whose behalf message is sent
• Prescribed identifying/contact information
• Unsubscribe mechanism
• Avoid false or misleading representations in message,
subject line, sender information, etc.
9
10. Enforcement
• Canadian Radio-television Telecommunications Commission
(CRTC)
• Role as enforcement agency is relatively new (began with
Unsolicited Telecommunications Rules)
• Broad investigatory powers
• Ability to impose administrative monetary penalties (AMPs);
up to $10 million/violation
• Private right of action available to anyone affected by a
violation (in force July 1, 2017)
10
12. Transitioning existing databases
• Transitional provision for existing business relationships
• “Grandfathering” consent under PIPEDA (nNovation LLP e-
Marketing law blog)
– some questions about exact meaning of express consent under
PIPEDA
12
13. Getting prepared: essential tasks
• Inventory (campaigns, databases): do you have consent for
existing subscribers? Records?
• Review data sources and sign-up processes: will you have
consent for new subscribers?
• Use an email service provider for email marketing! (e.g.,
Constant Contact, Mailchimp)
• Establish a Corporate Compliance Program: See CRTC Bulletin
(http://crtc.gc.ca/eng/archive/2014/2014-326.htm)
• Consider liability arising out of relationships: Be careful about list
rentals (and avoid list purchases)
• Download Campaign and Database checklists at
http://bit.ly/NNOVATIONCASL
13
14. Resources
• nNovation LLP e-Marketing Law blog: http://nnovation.com/blog
• nNovation LLP CASL Information Page: http://bit.ly/NNOVATIONCASL
• Canada’s Anti-Spam Legislation, http://www.canlii.org/en/ca/laws/stat/sc-
2010-c-23/latest/sc-2010-c-23.html
• Electronic Commerce Protection Regulations (Industry Canada)
http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00211.html
• Electronic Commerce Protection Regulations (CRTC),
http://www.crtc.gc.ca/eng/archive/2012/2012-183.htm
• CRTC Guidelines on the interpretation of the Electronic Commerce
Protection Regulations (CRTC) (CRTC 2012-548),
http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm
• CRTC Guidelines on the use of toggling as a means of obtaining express
consent under Canada’s anti-spam legislation (CRTC 2012-549),
http://www.crtc.gc.ca/eng/archive/2012/2012-549.htm
14