The New Canadian Anti-Spam Law and What This Means for You and Your Business
By Farah F. Cook, Patrick Law Group
The legislation that was touted as one of the toughest and most aggressive pieces of anti-spam law is finally here and is changing the way people and businesses in the United States and Canada market and communicate with each other. If you’re sending commercial email messages to people in Canada, there are new rules and you’ll need to ensure you have your recipient’s express permission to do so. Otherwise, under the new legislation you or your business will likely face stiff penalties.
The Canadian Anti-Spam Legislation and Controlling the Assault of Non-Solicited Pornography and Marketing Act
Following a long legislative history, Canada passed the Canadian Anti-Spam Legislation (“CASL”) in December 2010, which became effective on July 1, 2014. Although CASL’s effective date is July 1, 2014; from July 1, 2014 through July 1, 2017, only three Canadian regulating bodies may investigate and litigate against entities or individuals who do not adhere to CASL. However, after July 1, 2017, any individual will also be able to sue any entity or individual they believe is sending messages in violation of the Canadian legislation. Liability under CASL will range from fines of up to $1 million Canadian dollars for individuals, and up to $10 million Canadian dollars for companies.
CASL is similar to the United States’ legislation entitled, Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the “CAN-SPAM” Act) in that the goal for both pieces of legislation is to: (i) establish rules for commercial e-mail; (ii) establish requirements for commercial messages; (iii) give recipients of such messages the right to require commercial entities (in the case of the United States) to stop e-mailing them; and (iv) articulate strict penalties for these violations.
While CASL and the CAN-SPAM Act goals may be similar, there still exists three main differences. First, CASL will be regulated and enforced by three agencies, the Canadian Radio-Television and Telecommunications Commission (“CRTC”), the Competition Bureau, and the Office of the Privacy Commissioner of Canada, while the CAN-SPAM Act is regulated by one agency, the Federal Trade Commission. Second, CASL applies to both individuals and businesses who send commercial electronic messages (defined below) and in the U.S., the CAN-SPAM Act only applies to businesses. Finally, as further described below, the method by which a sender may seek consent is different under CASL.
What’s Covered and Exempted Under CASL
CASL regulations apply to Commercial Electronic Messages (“CEM(s)”) sent from or to Canadian computers and devices in Canada, as well as the unauthorized alteration of transmission data, and the installation of computer programs without consent and false or misleading electronic representations. CASL states that a CEM is any message that:
(i) is in an electronic format, including emails, instant messages, text messages, and some social media communications; (ii) is sent to an electronic address, including email addresses, instant message accounts, phone accounts and social media accounts; and (iii) contains a message encouraging recipients to take part in some type of commercial activity, including the promotion of products, services, people/personas, companies, or organizations.
While this is a broad list of what encompasses a CEM, fax messages and fax numbers are not considered electronic formats or addresses under CASL. In addition, the following types of electronic messages are exempted from CASL:
(1) Messages to family or a person with an established personal relationship.
(2) Messages to an employee, consultant, or person associated with your business.
(3) Responses to a current customer, or someone who has made an inquiry in the last six months.
(4) Messages that will be opened or accessed in a foreign country, including the U.S., China and many parts of Europe.
(5) Messages sent on behalf of a charity or political organization for the purposes of raising funds or soliciting contributions.
(6) Messages attempting to enforce a legal right or court order.
(7) Messages that provide warranty, recall, safety, or security information about a product or service purchased by the recipient.
(8) Messages that provide information about a purchase, subscription, membership, account, loan, or other ongoing relationship, including delivery of product updates or upgrades.
(9) A single message to a recipient without an existing relationship on the basis of a referral. The full name of the referring person must be disclosed in the message. The referrer may be family or have another relationship with the person to whom you’re sending.
Consent – Express and Implied
If a person or an entities’ CEM does not fall within one of the nine aforementioned criteria, then consent is required under CASL. During the transition period from July 1, 2014 through July 1, 2017, an individual or business may continue to send messages to recipients from whom they have implied consent, unless they unsubscribe. Implied consent under CASL can for example, be inferred when a recipient of a message has recently made a donation or gift to a charity, and the charity begins sending the recipient CEM. Consent in this instance is implied because the recipient previously established a relationship by making a donation and consequently would likely consent to being a recipient of future CEM. Generally, implied consent is a fairly loose interpretation of consent.
After the 2017 cut-off date, one may only send CEM to recipients with express consent or those whose implied consent is currently valid under CASL.
Express consent requires that the individual or entity sending a CEM specifically request permission, either orally or by written agreement to send the CEM. The following information must be included for express consent to be valid:
(1) A clear and concise description of your purpose in obtaining consent.
(2) A description of the message you’ll be sending.
(3) Requestor’s name and contact information (physical mailing address and telephone number, email address or website URL)
(4) A statement that the recipient may unsubscribe at any time.
Summary and CASL’s Impact
To summarize this information, there are essentially three requirements that one will need to meet in order to send CEMs. One must have: (1) consent (opt-in); (2) identification information; and (3) a mechanism to unsubscribe.
The impact of CASL is that it is forcing senders, especially Americans, to document and gain proper consent from their recipients, because under the CAN-SPAM Act consent is viewed differently. A sender may send messages to their intended recipients as noted above, but they must include a way for the recipient to opt-out. Conversely, under CASL, a sender must effectively seek permission through an opt-in mechanism prior to sending a CEM.
Over the last few months your business may have received e-mail messages seeking your consent to continue receiving commercial e-mail messages. CASL’s “opt-in” requirements likely fueled these requests and could explain why your firm or business may have received such a message. Even though your firm or business may not currently do business in Canada, perhaps your clients have an international presence, work in the area of software technology internationally, or engage in electronic commerce. CASL will directly affect how they do business. This may not be as significant for large companies, who can send automated opt-in messages to their clients and customers, but can potentially pose logistical challenges for smaller companies that do not have these types of resources.
Should your firm or business intend to send CEMs to Canadians, then your entity will need to follow the steps outlined above to ensure that you are seeking consent from your intended recipients to ensure compliance with CASL.
Over the next several years, it will be incumbent upon us to follow this legislation and to continue to become knowledgeable in this area so that we will have a greater understanding of CASL and its longer term effects on individuals and companies who transact business in Canada.
Farah F. Cook is Senior Counsel at Patrick Law Group, based in Atlanta, GA. She may be reached at fcook@patricklawgroup.com.