CASL (Anti-spam Law)

CANADIAN CASL (ANTI-SPAM LAW) PRECEDENTS

Do you need a precedent or checklist
to comply with CASL (Canadian anti-spam law)?

We offer Canadian anti-spam law (CASL) precedents and checklists to help electronic marketers comply with CASL. These include checklists and precedents for express consent requests (including on behalf of third parties), sender identification information, unsubscribe mechanisms, business related exemptions and types of implied consent and documenting consent and scrubbing distribution lists. We also offer a template CASL corporate compliance program.

For more information and to order, see: CASL Checklists and Precedents.

If you would like to discuss CASL related legal advice or for other advertising or marketing in Canada, contact us: Contact.

**********************

OVERVIEW OF CASL

In 2014, Canada’s federal anti-spam law (CASL) came into force. In general, CASL requires express or implied consent to send Canadians “commercial electronic messages” (CEMs) and also imposes sender identification and opt-out (i.e., unsubscribe) requirements for CEMs.

CASL impacts individuals, companies and other organizations that engage in electronic marketing, including e-mail, text messaging, instant messaging and some types of social media marketing (e.g., where messages are sent to electronic addresses, such as via social media platforms’ messaging services).

CASL is also often relevant when running contests or other promotions in Canada, including if electronic distribution lists will be used to market the contest/promotion, the contest/promotion will include the collection of e-mails for marketing unrelated to administration of the promotion, if participants’ e-mail addresses will be shared with third parties (e.g., other related companies, affiliate marketers, etc.) or participants are encouraged or required to “share” information about the contest/promotion with friends and family.

With respect to jurisdiction, CASL applies where CEMs are sent from or accessed by computer systems in Canada (not merely routed through Canada). Regulations under CASL, however, exempt messages sent from Canada to a prescribed list of countries with their own anti-spam legislation, provided that the messages comply with the applicable foreign laws that are substantially similar to CASL’s consent and form requirements, including the U.S., U.K., EU, Japan, China, Korea, Australia and New Zealand.

CASL also broadens the Competition Bureau’s jurisdiction to regulate misleading advertising in the context of electronic communications – for example, misleading representations made electronically, such as in sender information, subject matter information, electronic messages or locators. In this regard, CASL amended some of the civil and criminal misleading advertising provisions of Canada’s federal Competition Act.

Violation of CASL may result in significant penalties of up to $1 million (for individuals) and $10 million (for corporations). As such, it is important for electronic marketers to ensure that they comply with CASL’s consent, sender identification and unsubscribe requirements (as well as CASL compliance, including documenting consent).

KEY CASL REQUIREMENTS  

CONSENT AND SENDER IDENTIFICATION

Consent

CASL prohibits sending CEMs without the recipient’s prior express or implied consent, the onus of which is on senders. CASL permits both express and certain categories of implied consent. CASL also includes a number of exceptions from the consent, sender identification and unsubscribe requirements.

CASL defines “CEMs” very broadly as electronic messages that encourage participation in a commercial activity (regardless of whether there is an expectation of profit).

CEMs include:

1. Offering or advertising to purchase or sell products, goods, services or land.

2. Offering or advertising to provide business, investment or gaming opportunities.

“Electronic messages” are defined as messages sent by any means of telecommunication, including text, sound, voice or image messages.

When CASL came into force, sending electronic messages requesting consent to receive CEMs also became prohibited.

Express Consent Requests

CRTC Regulations under CASL set out requirements for express consent requests to send CEMs.

When requesting express consent, the following are required: (i) the purpose for which consent is being sought; and (ii) information identifying the person seeking consent (or on whose behalf consent is being sought).

Consent requests must include certain information as follows:

1. The name by which the person seeking consent carries on business, if different than their name (or if not, the person seeking consent).

2. If consent is sought on behalf of another person, the name by which that person carries on business, if different from their name (or if not, the name of the person on whose behalf consent is sought).

4. If consent is sought on behalf of another person, identifying which person is seeking consent and which person on whose behalf consent is sought.

5. The mailing address, and either a phone number to an agent or a voice messaging system, an e-mail address or a web address of the person seeking consent or, if different, the person on whose behalf consent is sought.

6. A statement that the person whose consent is sought can withdraw their consent at any time.

CRTC guidelines also clarify some other aspects of consent requests, which include what mailing address information must be included, the use of check boxes and toggling to obtain express consent and examples of disclosure where check boxes are used on online forms for consent.

Express consent requests may be made orally (e.g., through call centres, personal and direct contact, point of sale purchases, etc.) or in writing (e.g., using electronic forms on web pages).

The CRTC’s position is that express oral consent to receive CEMs can be satisfied if: (i) it can be “verified by an independent third party”; or (ii) “where a complete and unedited audio recording of the consent is retained by the person seeking consent” (or a client of the person seeking consent). In many cases, the requirements to obtain express oral consent to send CEMs is impractical.

Written consent to send CEMs can be satisfied where express consent is obtained using either paper or electronic forms, provided that the prescribed information and sender identification information is included in the express consent request. In this regard, it is very important for senders to ensure that all of the prescribed information and sender identification information is included in express consent requests, regardless of how the express consent is requested (i.e., via hardcopy forms, electronic forms, etc.).

CASL also imposes consent verification requirements for senders (e.g., maintaining a record of the date, time, purpose and manner of consent obtained).

CASL Compliance Checklists and Precedents: For checklists that we offer to comply with CASL’s express consent requirements, see: CASL Checklists and Precedents.

Implied Consent

Consent to send CEMs may also be implied in certain cases, including where there is:

1. An “existing business relationship” (as defined under CASL). “Existing business relationships” include: (i) the purchase of products, goods, services or land within two years before a message is sent; (ii) the acceptance by the recipient of a business, investment or gaming opportunity within two years before a message is sent; and (iii) an inquiry by the recipient for products, goods or services within six months before a message is sent.

2. An “existing non-business relationship” (as defined under CASL). “Existing non-business relationships” include: (i) certain donations or gifts to charities or political parties; (ii) volunteer work for charities or political parties; and (iii) memberships in clubs, associations or voluntary organizations (“membership” and “clubs, associations and voluntary organizations” as defined in the Industry Canada Regulations).

3. A person has published their electronic address without a statement that they do not want to receive unsolicited CEMs and the message is relevant to their business.

4. A recipient has disclosed their electronic address to a sender without indicating that they do not want to receive unsolicited CEMs and the message is relevant to their business.

The types of implied consent under CASL are very specific and defined in the legislation. As such, the requirements for any category of implied consent sought to be relied upon should be carefully reviewed and documented before sending any unsolicited CEMs.

CASL Compliance Checklists and Precedents: For checklists and precedents that we offer to comply with common business related exemptions and categories of implied consent under CASL, see: CASL Checklists and Precedents.

Sender Identification
and Unsubscribe Requirements

CASL also sets out other specific rules governing the sending of CEMs, including sender identification and unsubscribe requirements.

Sender Identification Requirements

CEMs must be in a prescribed form that, among other things: (i) identifies the person who sent the CEM; (ii) the person, if different, on whose behalf it is sent; (iii) sender contact information (which must be valid for at least 60 days); and (iv) an unsubscribe mechanism.

The CRTC Regulations set out the specific information that must be included in CEMs:

1. The name the sender carries on business under if different from their name (or if not, the person’s name).

2. If sent on behalf of another person, the name by which the person on whose behalf the message is sent carriers on business if different from their name (or if not, the name of the person on whose behalf the message is sent).

3. If sent on behalf of another person, a statement identifying the sender and on whose behalf the message is being sent.

4. The mailing address and either a phone number to an agent or voice messaging system, e-mail or web address of the sender or, if different, the person on whose behalf the message is sent.

This information and the unsubscribe mechanism must be “set out clearly and prominently”.  The CRTC Regulations provide, however, that where it is “not practicable” to include the required disclosure information and unsubscribe mechanism in a CEM, the information may be posted on an Internet web page that is “readily accessible” by the recipient at no cost via a “clearly and prominently” labeled link in the CEM.

CASL Compliance Checklists and Precedents: For checklists and precedents to comply with the sender identification requirements under CASL, see: CASL Checklists and Precedents.

Unsubscribe Mechanism
for CEMs

CASL also requires that an easy unsubscribe mechanism be included in CEMs.

CASL’s unsubscribe requirement is generally technologically neutral, but must: (i) allow recipients to indicate that they no longer want to receive CEMs using the same electronic message (or if not practical any other electronic means enabling the same result); and (ii) specify an electronic address or web link to unsubscribe.

The electronic address or webpage for unsubscribing must be valid for a minimum of 60 days. Recipients who unsubscribe must also be unsubscribed “without delay” and in no later than 10 business days after requesting to be unsubscribed.

The CRTC Regulations under CASL also require that an unsubscribe mechanism must be “set out clearly and prominently” and “be able to be readily performed.”

According to CRTC guidelines, for an unsubscribe mechanism to be “readily performed” it must be “accessed without difficulty or delay and should be simple, quick and easy for the consumer to use”.

CASL Compliance Checklists and Precedents: For checklists and precedents to comply with the unsubscribe requirements under CASL, see: CASL Checklists and Precedents.

Exceptions to CASL

CASL provides some broad exceptions to both the consent and sender identification requirements and also some narrower exceptions to only the consent requirement (i.e., where the sender identification requirements must still be met).

Exceptions to both the consent and sender identification requirements include: (i) “personal relationships” or “family relationships” (both as defined by the Industry Canada Regulations under CASL); (ii) inquiries for commercial goods and services; and (iii) interactive two-way voice communications (telemarketing), faxes or messages sent by phone.

Other exceptions to both the consent and sender identification requirements are set out in the Industry Canada Regulations under CASL and include messages: sent within organizations; between organizations with an existing relationship where the message relates to the recipient’s activities; to satisfy certain legal or judicial obligations; sent on platforms where the required identification and unsubscribe information is conspicuously published; and by charities or political parties for fundraising or political contributions.

CASL also includes the following exceptions from only the consent requirement: (i) providing a quote or estimate for products, goods, services or land if requested by the recipient; (ii) facilitating, completing or confirming a commercial transaction previously agreed to by the recipient; (iii) sending warranty, product recall or safety information about a product the recipient uses, has used or has purchased; (iv) certain information relating to employment or benefit plans; (v) product updates or upgrades following an earlier transaction; and (vi) a limited exception for referrals, provided certain conditions set out in the Industry Canada Regulations are met.

Like the different categories of implied consent under CASL, if a sender wants to rely on one of the exceptions under CASL, it is important to carefully review the requirements for the particular exemption and document the exemption(s) being relied upon to avoid CASL.

CASL Compliance Checklists and Precedents: For checklists and precedents that we offer to comply with common business related exemptions and categories of implied consent under CASL, see: CASL Checklists and Precedents.

CASL AND CONTESTS/PROMOTIONS

CASL is often relevant when running contests or other types of promotions in Canada, including if electronic distribution lists will be used to market the contest/promotion, the contest/promotion will include the collection of e-mails for marketing unrelated to administration of the contest/promotion, if participants’ e-mail addresses will be shared with third parties (e.g., related entities or affiliate marketers) or participants are encouraged or required to “share” information about the promotion with friends or family.

Given the potentially severe penalties for violating CASL, which include AMPs of up to CDN $10 million, it is important for those running contests or other promotions in Canada to ensure that they comply with CASL for electronic marketing related to a promotion (or other electronic marketing using e-mails collected during the promotion).

For more information about contests and CASL, see: Contests and CASL and CASL Compliance Errors.

CASL Compliance Checklists and Precedents: For CASL compliance checklists and precedents that we offer to comply with CASL’s consent, sender identification, unsubscribe and other requirements, see: CASL Checklists and Precedents.

OTHER CASL PROVISIONS

In addition to the electronic marketing relating provisions, CASL also includes provisions relating to: (i) the alteration of transmission data in electronic messages in the course of commercial activities; (ii) the unauthorized installation of computer programs; (iii) the collection of personal information by means of unauthorized access to computer systems; and (iv) the collection of electronic addresses using computer programs (address harvesting).

With respect to Competition Act amendments, the criminal and civil misleading advertising provisions of the Competition Act, and related penalty provisions have also been broadened to expressly include misleading representations made in the electronic and online environment.

For example, CASL amended the criminal misleading advertising provisions of the Competition Act to prohibit false or misleading representations made electronically, such as in sender information, subject matter information, electronic messages or locators.

Like the general civil and criminal misleading advertising provisions of the Competition Act, under these electronic marketing related provisions it is not necessary to prove that any person was actually deceived or misled. Also like the general misleading advertising provisions, the general impression in addition to the literal meaning is also relevant in evaluating whether misleading representations have been made in the electronic context.

ENFORCEMENT

Three federal government agencies are responsible for enforcing CASL.

Competition Bureau

The Competition Bureau’s mandate is to focus on misleading and deceptive practices and representations online, including false or misleading headers, web links and website content. CASL extends the Competition Bureau’s existing jurisdiction over misleading advertising and deceptive marketing practices in Canada, which already included online advertising and marketing under the general civil and criminal misleading advertising provisions of the Competition Act (sections 52 and 74.01). For more information about Competition Bureau enforcement, see: Bureau Enforcement.

CRTC

The CRTC has primary enforcement responsibility for CASL and has the power to investigate and take action, including imposing significant AMPs, against unsolicited electronic messages (i.e., without consent), the alteration of transmission data or the installation of computer programs without consent (e.g., malware, spyware or viruses).

Office of the Privacy Commissioner of Canada

The Privacy Commissioner has the power to take measures against the collection of personal information through unlawful access to computer systems (i.e., contrary to federal law, such as the Criminal Code) or electronic address “harvesting”, where bulk e-mail lists are compiled through mechanisms, including the use of computer programs that automatically mine the Internet for e-mail addresses.

PENALTIES

Violation of CASL may result in AMPs of up to $1 million for individuals and $10 million for corporations.

CASL also prohibits aiding, inducing, procuring or causing unauthorized CEMs, altering transmission data or installation of computer programs and includes broad director and officer liability provisions.

********************

SERVICES AND CONTACT

We are a Toronto based Canadian competition and advertising law firm that helps clients in Toronto, Canada and the United States practically navigate Canada’s advertising and marketing laws and offers Canadian advertising/marketing law services in relation to print, online, new media, social media and e-mail marketing.

Our Canadian advertising/marketing law services include advice in relation to anti-spam legislation (CASL), Competition Bureau complaints, the general misleading advertising provisions of the federal Competition Act, Internet, new media and social media advertising and marketing, promotional contests (sweepstakes) and sales and promotions. We also provide advice relating to specific types of advertising issues, including performance claims, testimonials, disclaimers, drip pricing, astroturfing and native advertising.

For more information about our services, see: services

To contact us about a potential legal matter, see: contact

For more information about our firm, visit our website: Competitionlawyer.ca