CANADIAN CASL (ANTI-SPAM LAW) PRECEDENTS
Do you need a precedent or checklist
to comply with CASL (Canadian anti-spam law)?
We offer Canadian anti-spam law (CASL) precedents and checklists to help electronic marketers comply with CASL. These include checklists and precedents for express consent requests (including on behalf of third parties), sender identification information, unsubscribe mechanisms, business related exemptions and types of implied consent and documenting consent and scrubbing distribution lists. We also offer a CASL corporate compliance program. For more information or to order, see: Anti-Spam (CASL) Precedents/Forms. If you would like to discuss CASL legal advice or for other advertising or marketing in Canada, including contests/sweepstakes, contact us: contact.
**********
Over the past several months I’ve begun to increasingly turn my mind both to Canada’s new anti-spam legislation (CASL) and its potential application to social media in particular. In general, CASL will, once largely in force July 1st, create a mandatory advance express consent regime for commercial electronic messages (CEMs) sent to or from Canadian computer systems. The new law will, among other things, also require that certain “form” (i.e., identification), unsubscribe and record-keeping obligations be met after in force.
What remains now, and going forward, is to determine how the new law applies to particular industries and types of electronic marketing. So, for this post, how do the new CASL rules impact social media? What is the difference between mere blogging and messages sent to an electronic address? Or messages sent via an electronic messaging system? What exemptions from the law altogether or categories of implied consent might apply in the blogging or social media space?
In this respect, I decided to take a bit of a closer look at the legislation (CASL), CRTC and Industry Canada Regulations and CRTC and Industry Canada guidelines and other recent statements on the social media point. Below are some of my findings and a few thoughts.
Social Media & “Electronic Addresses”
Perhaps the logical place to start is that section 6 of CASL (consent and identification requirements) applies to CEMs sent to “electronic addresses”. “Electronic addresses” are defined in the legislation (CASL) as e-mail accounts, telephone accounts, instant messaging accounts” or for the purposes of this post “other similar accounts”.
The CRTC takes the position “that some social media accounts may constitute a ‘similar account’” and that whether communication using social media fits the definition of an “electronic address” will be determined on a case-by-case basis depending upon, for example, how a specific social media platform functions and is used.
More helpfully, the CRTC’s view is that “a typical advertisement placed on a website or blog post would not be captured”. The CRTC’s view, however, is that messages sent to other users using a social media messaging system, such as Facebook messaging or LinkedIn messaging, would qualify as sending messages to “electronic addresses”.
Blog Posts v. Social Networking Services
Like the CRTC, Industry Canada, in its Regulatory Impact Analysis Statement issued in conjunction with the new law, distinguishes between merely blogging or micro-blogging and messages that are sent to electronic addresses:
“Another concern is how CASL might apply to CEMs on popular social networking services or instant messaging services. Where they are not sent to electronic addresses, the publication of blog posts or other publications on micro-blogging and social media sites does not fall within the intended scope of the Act”.
Personal Relationship Exemption & Social Media
CASL includes a personal relationship exemption. That is, two-way communications where the sender is an individual (not sending CEMs on behalf of a company) and the recipient is also an individual. So, two individuals that know each other according to several prescribed factors can be exempt from CASL altogether.
“Personal relationship” is defined in the Industry Canada Regulations as requiring direct two-way communications and it would be reasonable to conclude they have a personal relationship considering factors such as: sharing of interests, experiences, opinions and information; frequency of communication; length of time since they communicated; and whether they have met in person.
The CRTC’s position, however, is that “using social media or sharing the same network does not necessarily reveal a personal relationship. The mere use of buttons available on social media websites (such as clicking ‘like’, voting for or against a link or post, accepting someone as a ‘friend’, or clicking to ‘follow’ someone) will generally be insufficient to constitute a personal relationship.” The CRTC also takes the position that a sender should know the real identity of recipients (i.e., not merely aliases or virtual identities).
Electronic Messaging Service
Exemption & Social Media
The Industry Canada Regulations helpfully add several exemptions to section 6 of CASL (consent and identification requirements), including an exemption for CEMs sent and received on an electronic messaging service if the information and unsubscribe mechanisms that are required by CASL are “conspicuously published and readily available on the user interface through which the message is accessed and the recipient consents to receiving it either expressly or by implication.”
Industry Canada’s Regulatory Impact Analysis Statement comments on this potentially social media related exemption:
“Companies in the telecommunications sector also argued that the ID and unsubscribe requirements in CASL are unnecessarily redundant on certain platforms, where the ID and unsubscribe requirements can be conspicuously published and readily available on the user interface of the platform when a message is received, but not necessarily in every message sent. To address this concern, an exemption from these requirements under CASL is introduced where the required identification and unsubscribe information is conspicuously published and readily available to the recipient through the interface itself”.
B2B Implied Consent & Social Media
Also potentially helpful for businesses marketing to businesses (including over social media messaging platforms) are the two CASL “B2B” categories of implied consent in subsection 10(9) of CASL, which allow CEMs to be sent where several conditions are met: namely, recipients have published/disclosed their electronic addresses; have not indicated that they do not wish to receive unsolicited CEMs; and any messages sent are “relevant to the [recipient’s] business, role, functions or duties in a business or official capacity”.
These types of B2B communications post-CASL implementation date, however, still must comply with the “form” (i.e., ID) and unsubscribe requirements given that they are not exemptions from the application of CASL altogether.
There also remains uncertainty regarding what “relevant to business” means and the CRTC has rather unhelpfully indicated that It would approach this potentially very useful category of implied consent on a case-by-case basis. Still, given that CASL in its final form is not intended to crimp legitimate B2B communications, I am rather buoyant about the B2B categories of implied consent for continued business related communications both pre- and post-CASL implementation.
Micro-blogging (e.g., Twitter)
Finally, one interesting Federal Government micro-blogging statement on the its “Fightspam” website, consistent with other permissive blogging/micro-blogging statements that caught my eye included: “CASL does not apply to … broadcast messaging including tweets [sic] and posts”. It is unclear, however, whether the CRTC would take as permissive a position for direct messaging via Twitter that had a commercial purpose (it appears not given their position on Facebook or LinkedIn messaging above).
A Few Conclusions
So what can be concluded from the potential application of CASL and social media? It seems to me that mere blogging or micro-blogging is quite safe to the extent that information is merely passively posted online. Messages that are commercial in nature that are sent to e-mail or other “similar” addresses are riskier.
Having said that, there are likely some promising exemptions from the law entirely (e.g., for certain ‘closed’ electronic messaging services that already include the prescribed ID and unsubscribe functions) and some potentially useful categories of “implied consent” that can be relied upon (e.g., B2B communications, assuming that the “form” and unsubscribe requirements are otherwise met).
********************
Tips For Complying With
CASL (Canadian Anti-Spam Law)
Canada’s federal anti-spam legislation (CASL) came into force in 2014. Since then, electronic marketers and their advisors have been working to comply with what remains a complex law with outstanding uncertainties in some key areas. Having said that, many of the core requirements of CASL are not overly difficult to comply with (though continue to be misunderstood in many cases).
The following are some key legal tips for complying with CASL:
Express Consent. If you cannot rely on any category of implied consent (e.g., an existing business relationship within two years of a purchase) or a CASL exemption, ensure that you have collected and documented express consent from recipients. Express consent requests must include all of the information set out in CASL and its regulations otherwise the consent will not be valid. Failure to correctly collect consent is the most common CASL compliance error we see and a key basis for CRTC enforcement. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.
Implied Consent. If you are relying on one or more categories of implied consent to send commercial electronic messages (CEMs) (e.g., an existing business relationship within two years of a purchase or six months of a product inquiry) ensure that all of the requirements of the particular type of implied consent are met. Remember that there is not a single blanket type of implied consent under CASL; rather, there are many different types of implied consent each with their own specific requirements. Also, as with express consent, CEMs that rely on implied consent must still include the prescribed sender identification information and unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.
Consent For Third Parties To Send CEMs. Under CASL, consent to send CEMs can be requested for a sender themselves, identified third parties (or multiple identified third parties) or unidentified third parties (i.e., entities whose identities are not yet known when consent is requested). Importantly, however, each type of consent request has specific requirements for the request and, in the case of consent requests on behalf of unidentified third parties, somewhat complex additional requirements. The failure of marketers to correctly request consent for third parties (e.g., partners, affiliates, co-sponsors in promotions, etc.) is another CASL-related error that we regularly see. For more information, see: Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.
CASL Exemptions. Similar to implied consent, there is no single exemption from CASL but many types of exemptions. If you are relying on a particular exemption (e.g., the “business-to-business” exemption) it is important to ensure that all of the requirements of the exemption are met. Importantly, there is little or no case law interpreting many CASL exemptions. This means that there there may be more risk when relying on an exemption than express consent. Express consent is the strongest type of consent under CASL, considering that it does not expire unless a recipient unsubscribes.
Passive Consents. Remember that under CASL express consent or a category of implied consent is generally required to send CEMs unless a CASL exemption applies. As such, passive types of consents (e.g., language in general terms and conditions) will likely not be CASL compliant unless a sender does not need express consent (i.e., can rely on a category of implied consent or a CASL exemption).
Sharing Lists With Third Parties. Consider the potential risks of sharing e-mail or other electronic marketing lists with third parties. While this is certainly possible under CASL, marketers should be aware that there are specific requirements that must be met depending on who a list will be shared with (e.g., to expressly identify third parties with whom consent is being gathered on behalf of, including their contact information and other requirements for unidentified third parties). Marketers should also be aware that there is also potentially not only risk if they themselves violate CASL (e.g., send CEMs without consent), but also if they assist third parties that violate CASL. As such, it is often prudent for marketers that want to share electronic marketing lists with third parties to ensure that they have list sharing agreements in place with parties with whom they share e-mails. For more information, see: Anti-Spam Law (CASL) FAQs, Anti-Spam (CASL) Compliance Errors and Canadian Anti-Spam (CASL) Precedents. See also: Influencer, Co-Sponsor and List Sharing Agreements.
Sender Identification Information. Ensure that all CEMs include the prescribed sender identification information required by CASL unless an exemption applies. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.
Unsubscribe Mechanism. Ensure that all CEMs include a CASL-compliant unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.
Document Consent. Under CASL, the onus is on senders of CEMs to document consent. As such, it is important to document the type of consent (express or implied) or exemption being relied upon, evidence of consent (e.g., subscription logs, forms, dates and names/e-mail addresses), divide lists according to the type of consent or exemption being relied upon and to scrub lists after recipients have unsubscribed or the relevant time period for a category of implied consent has expired (e.g., two years after a purchase). Failure to adequately document consent is another CASL-related compliance error that we regularly see, including not documenting consent at all, not segregating distribution lists and inadequately documenting consents or types of implied consent. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.
CASL Compliance Program. Consider adopting a CASL compliance program, particularly if electronic marketing is a core aspect of your marketing strategy. The CRTC has issued guidance on CASL compliance programs including key recommended elements. For more information, see: Anti-Spam (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.
CASL and Specific Types of Promotions. Care should be taken in relation to specific types of promotions under CASL. Just one of many examples is friends and family type promotions (e.g., contests where entrants can gain more entries by sharing with or tagging a friend or family member). While there is an exception to the unsolicited CEMs section of CASL (section 6) for messages sent to a person with whom the sender has a personal or family relationship, these terms are narrowly defined. For example, “family relationship” is limited to spouses, common-law partners and parent-child relationships. “Personal relationship” is defined in a multi-factor and case-by-case fashion such that it is often impractical to rely on this exception for any broad “friends and family” type promotion. Marketers should also be aware that there is potential risk for both themselves and their clients in running friends and family type promotions if they cannot meet the specific definitions of “family relationship” and/or “personal relationship” under CASL for a promotion. For more information, see: Anti-Spam (CASL) Compliance Errors and Running a Friends-and-Family Promotion in Canada? Cruel, Cryptic CASL Strikes Again.
____________________
SERVICES AND CONTACT
I am a Toronto competition/antitrust lawyer and advertising/marketing lawyer who helps clients in Toronto, Canada and the US practically navigate Canada’s advertising and marketing laws and offers Canadian advertising/marketing law services in relation to print, online, new media, social media and e-mail marketing.
My Canadian advertising/marketing law services include advice in relation to: anti-spam legislation (CASL); Competition Bureau complaints; the general misleading advertising provisions of the federal Competition Act; Internet, new media and social media advertising and marketing; promotional contests (sweepstakes); and sales and promotions. I also provide advice relating to specific types of advertising issues, including performance claims, testimonials, disclaimers, drip pricing, astroturfing and native advertising.
For more information about my services, see: services
To contact me about a potential legal matter, see: contact
For more regulatory law updates follow me on Twitter: @CanadaAttorney