Canada Begins Implementation of Anti-Spam Legislation
Canada's Canadian Anti-Spam Law (CASL) took effect on July 1, 2014. It is important to take note of CASL because it impacts electronic communications both inbound to and outgoing from Canada. This Alert summarizes some key requirements of CASL, but the reader should note that the Canadian Radio-television and Telecommunications Commission maintains a website containing the text of the new law, associated regulations, and helpful guides and publications, available at http://www.crtc.gc.ca/eng/casl-lcap.htm , which should be consulted in crafting a compliance program.
CASL regulates the sending of commercial electronic messages ("CEM"), which are defined as messages that encourage participation in a commercial activity, including, but not limited to, offering, advertising, or promoting a product, a service, or a person, sent to an electronic address. CASL therefore applies to commercial electronic messages sent via email, SMS text, instant message, and social media message, including voice, sound, or text, among other modes of electronic transmission. CASL will apply to CEM sent or accessed using a computer system located in Canada. Importantly, this means that CEM sent to Canadian residents will fall within the scope of CASL.
In order for a sender of CEM to be in compliance, the sender must have authority under CASL. Authority can be obtained in one of three ways: express consent, implied consent, or through an express exemption.
From July 1, 2014 to July 1, 2017 (the "transition period") CASL requires that anyone desiring to send CEM obtain either the express or implied consent of the recipient prior to sending the message. After the transition period, obtaining the express consent of the recipient will be the preferred method to ensure compliance with the law. However, implied consent will continue to suffice so long as, at the time the CEM is sent, the implied consent is then valid under CASL. Furthermore, as discussed below, additional information, such as contact information and an unsubscribe mechanism, must be included in any CEM.
As more specifically set out in CASL, obtaining express consent requires that the recipient perform a task affirmatively indicating the recipient's desire to receive CEM, such as by checking a box or entering contact information into a form. Requiring a recipient to opt-out, such as by unchecking a pre-populated box if he/she does not want to receive communications, does not create express consent. Senders should maintain records of the consent received, as the sender may be required to provide proof of having received express consent to send CEM.
As detailed in CASL and subject to its requirements, implied consent may exist (i) if the recipient has conspicuously posted or sent to the sender the recipient's email address without indicating a desire not to receive CEM and the subsequent CEMs are "relevant" to recipient's business, or (ii) if the recipient and sender have an established business or non-business relationship. Again, CASL should be carefully reviewed for the requirements of implied consent. The transition period is intended to provide senders with the opportunity to obtain express consent from those whom they have only implied consent.
Certain types of CEM are exempt from the consent requirement. For example, as more fully set forth in the regulation, consent is not required for messages that solely provide a requested quote or estimate, that facilitate or confirm a previously agreed-to transaction, or that provide warranty, product recall, or safety information about a purchased product. Because these exemptions can be limited in scope, the contents of such messages should be carefully mapped to CASL's requirements.
As noted above, merely obtaining recipient consent to CEM is insufficient to comply with CASL. All CEM sent to consenting recipients must contain, generally, the following information, either in the message or in a clearly and prominently displayed link in the message:
- The sender's business name (or, if none, the individual's name), and the name of anyone on whose behalf the electronic message is sent (for information on who constitutes a "sender," see http://www.crtc.gc.ca/eng/com500/faq500.htm );
- Certain contact information relative to these parties (for information regarding required contact information, see http://www.crtc.gc.ca/eng/archive/2012/2012-183.htm )
- A readily-performable method to unsubscribe from the mailing list, as set forth in CASL.
The contact information must be valid for at least 60 days after the message is sent.
Penalties for violating CASL include administrative monetary penalties of up to $1 million per violation for an individual, and up to $10 million per violation for a business. An officer, agent, or mandatary of a corporation that commits an offense might also be held liable for the offense, if the officer, agent, or mandatary directed, authorized, assented to, acquiesced in, or participated in the commission of the offense. CASL also provides for a private right of action once the transition period has ended on July 1, 2017.
In order to best protect themselves, it is advisable for companies to implement systems and processes for ensuring compliance with CASL. If a company implements a compliance system and actively attempts to ensure compliance with CASL, the company may be able to use its due-diligence in mitigation in the event of a mistake that results in a violation
CASL compliance is not one-size-fits-all, and readers should consult the text of the statute and compliance materials located at http://www.crtc.gc.ca/eng/casl-lcap.htm .
If you have any questions regarding this alert, please contact John Hines, firstname.lastname@example.org , or Jennifer Woods, email@example.com . We thank Matthew Caldwell for his assistance in preparing this Alert.