Nelligan O’Brien Payne gratefully acknowledges the contribution of Erin Walkinshaw, Student-at-Law in writing this article.
Questions about Canada’s new anti-spam laws? Nelligan O’Brien Payne can help you understand CASL and can provide information and guidance on how to ensure your organization complies. For more information on CASL, please contact lawyer Kimberley Cunnington-Taylor by email at firstname.lastname@example.org or by phone at 613-231-8299.
While Canadian businesses attempt to make their electronic policies comply with Canada’s Anti-Spam Legislation (CASL) by July 1, 2014, foreign companies who do business in Canada or communicate with Canadians electronically also need to be aware of how this new law applies to their operations.
CASL will strictly regulate the sending of commercial electronic messages (CEMs) and the installation of computer programs in Canada.
A CEM is any message that has the purpose of encouraging participation in a commercial activity, including an electronic message that offers to purchase or sell a product, good, service or land; that offers to provide a business, investment or gaming opportunity; or that promotes any of the above. It includes emails, text messages, instant messaging and other similar accounts. For example; subscription emails, event invitations and firm news. Importantly, “encouraging participation in a commercial activity” does not need to be the sole or even primary purpose of the electronic message for CASL to apply.
CASL is relevant to foreign businesses because it applies if a computer system in Canada is used to send or access the electronic message1. This means any business that sends a CEM to a Canadian recipient must comply with this act. For example, a law firm outside of Canada, such as in the U.S. or Europe, sending a marketing email to promote a service or product to potential customers in Canada would be required to comply with the Act. However, routing a CEM through Canada does not engage CASL.
Under CASL, foreign businesses can only send a CEM to Canadian recipients if they have the consent of the recipient, the CEM identifies the sender and contains the prescribed contact information of the sender, and the CEM contains an unsubscribe mechanism.
Unlike other jurisdictions, CASL’s consent regime is based on an “opt-in” model, meaning businesses must take active steps to obtain consent before sending a CEM, as oppose to putting the onus on the recipient to opt-out of receiving CEMs. This means pre-checked opt-in boxes cannot be used to obtain consent. In addition, consent cannot be obtained under a general terms and conditions acceptance. Consent for the sending of CEMs and the installation of computer programs both need to be obtained separately and in their own right.
There are some statutory exemptions to CASL requirements, and Businesses can rely on implied consent to send CEMs in limited circumstances, such as where they have an existing business relationship with the recipient. This is defined as a relationship arising from the purchase or lease of a product, good, service or land within a two-year period of the CEM being sent; or from an inquiry or application within a six-month period of the CEM being sent. There will be a three year transitional period beginning July 1, 2014, during which consent will be implied where there is a pre-existing businesses relationship with a recipient, and CEMs have been sent to them in the past. This transition period is intended to allow some time for businesses to obtain express consent.
However, electronic requests to Canadian clients seeking express consent need to be sent before July 1, 2014, as requests for consent will be considered CEMs once the law comes into force. After this date, consent will have to be obtained using means other than email or text messages.
Beginning January 15, 2015, CASL will prohibit a person or business from installing a computer program, including mobile applications, on any computer system located in Canada without express consent from the owner or authorized user of the computer, and without additional disclosure requirements, including access to an electronic address for up to one year in which the receiver can request to disable or remove the computer program if the function, purpose or impact of the program was not accurately described.
The administrative penalties for violations of CASL are substantial, including up to $1 million for individuals and $10 million for businesses. Staff training on this legislation is particularly important, as employers can be held vicariously liable for violations by their employees. Beginning in July 2017, CASL will also allow for a right of private civil action, raising the potential for class actions.
Businesses should keep a record of all policies put in place and steps taken to comply with CASL, as there is a due diligence defence that could limit liability.
There are also a number of exceptions to CASL that can be found in both the act itself and in the regulations. For more information, see the additional resources below.
Canada’s Anti-Spam Legislation: http://laws-lois.justice.gc.ca/eng/acts/E-1.6/index.html
Governor In Council Regulations: http://fightspam.gc.ca/eic/site/030.nsf/eng/00273.html
CRTC Regulations: http://www.crtc.gc.ca/eng/archive/2012/2012-183.htm
Industry Canada’s Regulatory Impact Analysis Statement: http://fightspam.gc.ca/eic/site/030.nsf/eng/00271.html
FAQ on CASL: http://www.crtc.gc.ca/eng/com500/faq500.htm
1 An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010 c 23, s 12(1).