CANADIAN CASL (ANTI-SPAM LAW) PRECEDENTS
Do you need a precedent or checklist
to comply with CASL (Canadian anti-spam law)?
We offer Canadian anti-spam law (CASL) precedents and checklists to help electronic marketers comply with CASL. These include checklists and precedents for express consent requests (including on behalf of third parties), sender identification information, unsubscribe mechanisms, business related exemptions and types of implied consent and documenting consent and scrubbing distribution lists. We also offer a CASL corporate compliance program. For more information or to order, see: Anti-Spam (CASL) Precedents/Forms. If you would like to discuss CASL legal advice or for other advertising or marketing in Canada, including contests/sweepstakes, contact us: contact.
************
On December 15, 2010 Canada’s new anti-spam legislation received Royal Assent, which will, when it comes into force, be one of the strictest anti-spam regimes in the world:
An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (the “Anti-spam Act”).
Earlier this Fall, consultations on two sets of draft Regulations concluded and so the new law may come into effect later this Fall or in the Spring of 2012 (see coming into force information below).
In passing the Anti-spam Act Industry Canada said:
“On December 15, 2010, the Government of Canada passed the Fighting Internet and Wireless Spam bill, Bill C-28. In doing so, the government delivered on a key commitment made by Prime Minister Harper to Canadians and Canadian businesses in September 2008.
The intent of the legislation is to deter the most damaging and deceptive forms of spam, such as identity theft, phishing and spyware, from occurring in Canada and to help to drive out spammers.
This law addresses the legislative recommendations of the Task Force on Spam, which brought together industry, consumers and academic experts to design a comprehensive package of measures to combat threats to the digital economy. As well the government studied successful legislative models in other countries and, based on their experiences, has developed a focused plan to address spam and related online threats.”
In his online videocast, Canada’s Industry Minister said that the passage of the Anti-spam Act was intended to “help … enhance safety and security in the online world”, “deter the most damaging and deceptive forms of spam from occurring in Canada” and “drive spammers out of Canada”. The Minister also said that “Canadians need to feel just as confident in the electronic marketplace as they do at the corner store” and that “spam is at best a nuisance but it can also discourage electronic commerce, undermine privacy and introduce a host of online threats” (see: Minister of Industry – videocast – Government of Canada Moves to Enhance Safety and Security in the Online Marketplace).
LEGISLATIVE HISTORY
The Anti-spam Act, which was first introduced in April, 2009 and reintroduced on May 25, 2010, addresses legislative recommendations made by the Task Force on Spam (see links below), which assembled consumers, academic experts and industry to design comprehensive legislation to fight spam in the digital economy.
In 2005, the Task Force on Spam completed its one-year mandate and issued its final report (Task Force on Spam Report: Stopping Spam: Creating a Stronger, Safer Internet). The Government also studied successful anti-spam measures in other countries.
During third reading, the amended Bill C-28 received unanimous support in the House of Commons and received Royal Assent on December 15, 2010.
ANTI-SPAM ACT – OVERVIEW
Canada’s new Anti-spam Act, which, unlike similar U.S. legislation, creates an “opt-in” regime for commercial electronic communications, amends the following federal statutes: the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, Personal Information Protection and Electronic Documents Act and the Telecommunications Act.
Some of the key aspects of the new Anti-spam Act, the Regulations for which are not yet finalized, are discussed below.
Commercial Electronic Messages (CEMs)
The Anti-spam Act prohibits sending commercial electronic messages (“CEMs”) without the recipient’s express or implied consent (i.e. permission), including messages sent to e-mail addresses and social media accounts and text messages sent to cell phones.
“CEMs” are broadly defined as any electronic message that encourages participation in a commercial activity regardless of whether there is any expectation of profit. “Electronic messages” are defined as messages sent by any means of telecommunication, including a text, sound, voice or image message (with an exception for interactive two-way voice communications – i.e., telemarketing).
CEMs must also be in a prescribed form that, among other things, identifies the person who sent the message, includes information enabling the recipient to contact the sender and includes an unsubscribe mechanism (that meets the statutory requirements).
Electronic messages that request consent to receive CEMs are also defined as CEMs and, therefore, cannot be sent unless consent is received.
When requesting consent, the following is required: (i) stating the purpose for which consent is being sought and (ii) information identifying the person seeking consent (and any other information that may be prescribed by Regulation).
Consent for section 6 of the Anti-spam Act may also be implied, including in the following cases: (i) an existing “business” or “non-business” relationship (both as defined in the Anti-spam Act), (ii) a “business card” exception (a person has published their electronic address without a statement that they do not wish to receive unsolicited CEMs) or (iii) a recipient has disclosed their electronic message to a sender without indicating that they do not wish to receive unsolicted CEMs (and the message is relevant to the recipient’s business).
There are a number of exceptions, that the Regulations when finalized will clarify, including exceptions for: (i) personal or family relationships, (ii) inquiries for commercial goods and services, (iii) providing a requested quote or estimate for goods or services, (iv) messages to complete or confirm a commercial transaction, (v) the provision of warranty, product recall or safety information, (vi) information relating to an employment relationship and (vii) two-way interactive voice communications (i.e., telemarketing).
Altering Transmission Data
The Anti-spam Act prohibits the alteration of transmission data in an electronic message, which results in the message being delivered to a different destination without express consent (e.g., causing an electronic message to be sent to a destination that is different than what the sender intended).
Misleading Representations in Electronic and Online Content
The Anti-spam Act amends the Competition Act to prohibit false or misleading commercial representations made electronically (e.g., in website headers, web links or website content).
In this regard, the criminal and civil misleading advertising provisions of the Act, as well as the related misleading advertising penalty provisions, have been broadened to expressly include misleading representations in the electronic and online environment (e.g., representations made in the sender information or subject matter information of an electronic message).
Unauthorized Installation of Computer Programs
The Anti-spam Act prohibits the installation of computer programs without the express consent of the computer system’s owner or an authorized user of the computer system (e.g., an authorized employee).
Unauthorized Collection of Personal Information
The Anti-spam Act amends the Personal Information Protection and Electronic Documents Act to prohibit the collection of personal information by means of unauthorized access to computer systems.
Collection of Electronic Addresses
Finally, the collection of electronic addresses using computer programs or using such addresses without permission (“harvesting”) is prohibited.
This may include the collection of e-mail addresses through the use of, for example, “web crawlers” (computer programs that scan websites, usenet groups and social media websites, trolling for electronic addresses) or “dictionary attacks” (where a computer program guesses real/live e-mail addresses by methodically trying various name variations within a particular group of common e-mail domains – e.g., Gmail, Hotmail, etc.).
ENFORCEMENT
The three government agencies responsible for the enforcement of the new Anti-spam Act are as follows:
The Competition Bureau (the “Bureau”) – the Bureau’s mandate will be to focus on misleading and deceptive practices and representations online, including false or misleading headers, web links and website content. The Anti-spam Act extends the Competition Bureau’s existing jurisdiction over misleading advertising and deceptive marketing practices in Canada, which already included online advertising and marketing (under the criminal and civil misleading advertising sections of the Competition Act – sections 52 and 74.01).
The Canadian Radio-television and Telecommunications Commission (“CRTC”) – The CRTC will have the power to investigate and take action, including imposing significant administrative monetary penalties (“AMPs”), against unsolicited electronic messages (i.e., without consent), the alteration of transmission data or the installation of computer programs without consent (e.g., malware, spyware or viruses).
Office of the Privacy Commissioner of Canada (“Privacy Commissioner”) – The Privacy Commissioner will have the power to take measures against the collection of personal information through unlawful access to computer systems (i.e., contrary to federal law, such as the Criminal Code) or electronic address “harvesting” where bulk e-mail lists are compiled through mechanisms, including the use of computer programs that automatically mine the Internet for e-mail addresses.
PENALTIES
Persons contravening the Anti-Spam Act will be subject to AMPs of up to $1 million per violation for individuals and $10 million per violation for corporations.
Private individuals or organizations affected by a violation of the Anti-spam Act will also have a right to commence private actions. In this regard, in addition to allowing awards of damages for actual loss or damage suffered a court may also order persons that contravene the Anti-spam Act to pay damages for each day on which a contravention of the new law continued – for example, for violation of section 6 (unauthorized commercial electronic messages) $200 for each contravention up to $1 million per day the contravention occurred.
The Anti-spam Act also contains broad director and officer liability provisions which provide that directors and officers of a company that commits a violation are liable for that violation if they directed, authorized, assented to, acquiesced or participated in the commission of a violation (subject to a due diligence defence).
COMING INTO FORCE
Two sets of draft Regulations have been published (CRTC Regulations on June 30, 2011 and Industry Canada Regulations on July 9, 2011), the public comment periods for the two sets of Regulations were completed on September 6 and 7, 2011 and final Regulations may come into force in late Fall 2011 or Spring 2012.
In terms of a likely timetable for implementation of the new Anti-spam Act, there has been some debate as to whether, based on comments received during the consultation periods, revised draft Regulations will be issued and whether additional public consultations may be held.
For the draft CRTC Regulations see:
Draft Electronic Commerce Protection Regulations (CRTC)
For the draft Industry Canada Regulations see:
Electronic Commerce Protection Regulations
For the Canadian Bar Association’s comments on the draft Regulations see:
CRTC Draft Regulations Consultation 2011-400
Industry Canada Anti-spam Regulations
********************
Tips For Complying With
CASL (Canadian Anti-Spam Law)
Canada’s federal anti-spam legislation (CASL) came into force in 2014. Since then, electronic marketers and their advisors have been working to comply with what remains a complex law with outstanding uncertainties in some key areas. Having said that, many of the core requirements of CASL are not overly difficult to comply with (though still continue to be misunderstood in many cases).
The following are some key legal tips for complying with CASL:
Express Consent. If you cannot rely on any category of implied consent (e.g., an existing business relationship within two years of a purchase) or a CASL exemption, ensure that you have collected and documented express consent from recipients. Express consent requests must include all of the information set out in CASL and its regulations otherwise the consent will not be valid. The failure to correctly collect consents is the top CASL compliance issue we see and a key basis for CRTC enforcement. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam Law (CASL) Precedents.
Implied Consent. If you are relying on one or more categories of implied consent to send commercial electronic messages (CEMs) (e.g., an existing business relationship within two years of a purchase or six months of a product inquiry) ensure that all of the requirements of the particular type of implied consent are met. Remember that there is not a single blanket type of implied consent under CASL, but rather many different kinds of implied consent each of which with their own specific requirements. Also, as with express consent, CEMs that rely on implied consent must still include the prescribed sender identification information and unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam Law (CASL) Precedents.
Consent For Third Parties To Send CEMs. Under CASL, consent to send CEMs can be requested for a sender themselves, an identified third party (or multiple identified third parties) or unidentified third parties (i.e., entities whose identities are not yet known when consent is requested). Importantly, however, each type of consent request has specific requirements for the request and, in the case of consent requests on behalf of unidentified third parties, somewhat complex additional requirements. The failure of marketers to correctly request consent for third parties (e.g., partners, affiliates, co-sponsors in promotions, etc.) is another of the most frequent CASL-related error that we regularly see. For more information, see: Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam Law (CASL) Precedents.
CASL Exemptions. Like implied consent, there isn’t a single exemption from CASL but many types of exemptions. If you are relying on a particular exemption (e.g., the “business-to-business” exemption) it is important to ensure that all of the requirements of the exemption are met. Importantly, there is little or no case law interpreting many of the CASL exemptions. This means that there is generally more potential risk relying on an exemption than express consent. Express consent is the strongest under CASL and does not expire unless a recipient unsubscribes.
Passive Consents. Remember that under CASL express consent or a category of implied consent is generally required to send CEMs unless a CASL exemption applies. As such, passive types of consents (e.g., language in general terms and conditions) will not be CASL compliant unless a sender does not need express consent (i.e., can rely on a category of implied consent or a CASL exemption).
Sharing Lists With Third Parties. Consider the potential risks of sharing e-mail or other electronic marketing lists with third parties. While this is certainly possible under CASL, marketers need to be aware that there are specific requirements that must be met depending on who a list will be shared with (e.g., to expressly identify a third party with whom consent is being gathered on behalf of, including their contact information and other requirements for unidentified third parties). Marketers should also be aware that there is also potentially not only risk if they themselves violate CASL (e.g., send CEMs without consent), but also if they assist a third party that violates CASL. As such, it is often prudent for marketers that want to share electronic marketing lists with third parties to ensure that they have list sharing agreements in place with parties with whom they share e-mails. For more information, see: Anti-Spam Law (CASL) FAQs, Anti-Spam (CASL) Compliance Errors and Canadian Anti-Spam Law (CASL) Precedents. See also: Influencer, Co-Sponsor and List Sharing Agreements.
Sender Identification Information. Ensure that all CEMs include the prescribed sender identification information required by CASL unless an exemption applies. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.
Unsubscribe Mechanism. Ensure that all CEMs include a CASL-compliant unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.
Document Consent. Under CASL, the onus is on senders of CEMs to document consent. As such, it is important to document the type of consent (express or implied) or exemption being relied upon, evidence of consent (e.g., subscription logs, forms, dates and names/e-mail addresses), divide lists according to the type of consent or exemption being relied upon and to scrub lists after recipients have unsubscribed or the relevant time period for a category of implied consent has expired (e.g., two years after a purchase). The failure to adequately document consent is another of the most common CASL-related compliance errors we see, including not documenting consent at all, not segregating distribution lists and inadequately documenting consents or types of implied consent. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) Compliance and Canadian Anti-Spam Law (CASL) Precedents.
CASL Compliance Program. Consider adopting a CASL compliance program, particularly if electronic marketing is a core aspect of your marketing strategy. The CRTC has issued guidance on CASL compliance programs including key recommended elements. For more information, see: Anti-Spam Law (CASL) Compliance and Canadian Anti-Spam Law (CASL) Precedents.
CASL and Specific Types of Promotions. Care should be taken in relation to specific types of promotions under CASL. Just one of many examples is friends and family type promotions (e.g., contests where entrants can gain more entries for sharing with or tagging a friend). While there is an exception to the unsolicited CEMs section of CASL (section 6) for messages sent to a person with whom the sender has a personal or family relationship, these terms are very specifically defined. For example, “family relationship” is limited to spouses, common-law partners and parent-child relationships. “Personal relationship” is defined in a multi-factor and case-by-case fashion, such that it is often impractical to rely on this exception for any broad “friends and family” type promotion. Marketers should also be aware that there is potential risk for both themselves and their clients in running friends and family type promotions, if they cannot meet the specific definitions of “family relationship” and/or “personal relationship” under CASL for a promotion. For more information, see: Anti-Spam Law (CASL) Compliance Errors and Running a Friends-and-Family Promotion in Canada? Cruel, Cryptic CASL Strikes Again.
____________________
SERVICES AND CONTACT
I am a Toronto competition and advertising lawyer offering business and individual clients efficient and strategic advice in relation to competition/antitrust, advertising, Internet and new media law and contest law. I also offer competition and regulatory law compliance, education and policy services to companies, trade and professional associations and government agencies.
My experience includes advising clients in Toronto, Canada and the US on the application of Canadian competition and regulatory laws and I have worked on hundreds of domestic and cross-border competition, advertising and marketing, promotional contest (sweepstakes), conspiracy (cartel), abuse of dominance, compliance, refusal to deal, pricing and distribution, Investment Canada Act and merger matters. For more information about my competition and advertising law services see: competition law services.
To contact me about a potential legal matter, see: contact
For more regulatory law updates follow me on Twitter: @CanadaAttorney