Canada’s New Anti-spam Legislation (CASL): An Overview – Part 2

CANADIAN CASL (ANTI-SPAM LAW) PRECEDENTS

Do you need a precedent or checklist
to comply with CASL (Canadian anti-spam law)?

We offer Canadian anti-spam law (CASL) precedents and checklists to help electronic marketers comply with CASL.  These include checklists and precedents for express consent requests (including on behalf of third parties), sender identification information, unsubscribe mechanisms, business related exemptions and types of implied consent and documenting consent and scrubbing distribution lists.  We also offer a CASL corporate compliance program.  For more information or to order, see: Anti-Spam (CASL) Precedents/Forms.  If you would like to discuss CASL legal advice or for other advertising or marketing in Canada, including contests/sweepstakes, contact us: contact.

**********

In December 2010 Canada’s new anti-spam legislation was passed (the “Anti-spam Act”) which will, when it comes into force, be one of the strictest anti-spam regimes in the world (see: Anti-spam Act).  In general, the Anti-spam Act will require express or implied consent for the sending of “commercial electronic messages” or “CEMs” and also impose form (i.e., disclosure) and unsubscribe requirements for CEMs.

The Anti-spam Act is expected to have significant impacts on companies and individuals that engage in electronic marketing, including through the use of e-mail, text messaging, instant messaging and likely social media.  The Anti-spam Act will also require express consent for some other practices, including altering transmission data and the installation of computer programs on other persons’ computer systems.

The Anti-spam Act will also broaden the Competition Bureau’s jurisdiction to regulate misleading advertising in the context of electronic communications – for example, misleading representations made electronically, such as in sender information, subject matter information, electronic messages or locators.  In this regard, the Anti-spam Act includes amendments to the civil and criminal misleading advertising sections of the federal Competition Act (sections 52 and 74.01), as well as related penalty and enforcement provisions.

Failure to comply with the Anti-spam Act, once in force, will potentially expose individuals and companies to severe penalties of up to C $1 million (for individuals) and C $10 million (for companies).  The Anti-spam Act also creates private rights of action, under which both actual and statutory damages may be awarded of up to $1 million per day of non-compliance.  Class actions may also be commenced once the legislation is in force.

This is the second in a series of posts on the new Anti-spam Act, which will conclude with practical steps individuals and companies can take before the new legislation comes into force.

For Part 1 see: here.

____________________

OVERVIEW OF KEY PROVISIONS

Canada’s new Anti-spam Act will create an “opt-in” regime for commercial electronic marketing and amend the following federal statutes:

1.  The Canadian Radio-television and Telecommunications Commission Act.

2.  The Competition Act.

3.  The Personal Information Protection and Electronic Documents Act (“PIPEDA”).

4.  The Telecommunications Act.

Unlike similar U.S. legislation (i.e., the U.S. CAN-SPAM Act), which is restricted to e-mail communications, Canada’s new Anti-spam Act will require express or implied consent for the sending of a wide range of commercial electronic communications, by e-mail, text message, instant message and potentially social media communications (though the new legislation contains some specific exceptions for some types of communications – for example, telemarketing).

The new Anti-spam Act regime is also, generally speaking, stricter than present requirements under federal privacy legislation (PIPEDA), under which opt-out consent is permitted.

Some key aspects of the new Anti-spam Act include:

CONSENT AND FORM REQUIREMENTS FOR CEMs

Consent

The Anti-spam Act prohibits the sending of “commercial electronic messages” or “CEMs” without the recipient’s prior express or implied consent.

This “opt-in” system is in contrast to the U.S. opt-out regime (i.e., a sender may send a message where there is no positive consent, with the recipient being able to “opt out” of future messages).

“CEMs” are broadly defined as any electronic message that encourages participation in a commercial activity regardless of whether there is any expectation of profit.

“Electronic messages” are defined in turn as messages sent by any means of telecommunication, including a text, sound, voice or image message.

Electronic messages that request consent to receive CEMs are also defined as CEMs and, therefore, cannot be sent unless consent is received.  In other words, consent cannot be obtained by sending a request for consent by, for example, e-mail (see below for consent gathering requirements).

Express and Implied Consent

The Anti-spam Act allows both express and implied consent for the sending of CEMs.

Express Consent

When requesting express consent, the following is required: (i) state the purpose for which consent is being sought and (ii) information identifying the person seeking consent or person on whose behalf consent is being sought (as set out in the Regulations).

The draft CRTC Regulations issued in June 2011 (the “June CRTC Regulations”) set out the requirements for requests for consent.  They state that requests for consent must be “in writing” and sought separately from, for example, the sending of a CEM, and also set out specific information that must be included in consent requests.

Implied Consent

Consent may also be implied, including in the following:

1.  An “existing business relationship” (as defined) between the sender and the recipient.

2.  An “existing non-business relationship” (as defined) between the sender and the recipient.

3.  A so-called “business card” exception, whereby a person has published their electronic address without a statement that they do not wish to receive unsolicited CEMs and the message is relevant to their business, role, functions or duties in a business or official capacity.

4.  A recipient has disclosed their electronic message to a sender without indicating that they do not wish to receive unsolicited CEMs and the message is relevant to their business, role, functions or duties in their business or official capacity.

5.  As set out in the Regulations.

“Existing business relationship”, which will likely be the most important category of implied consent, is defined to include, among other things:

1.  The purchase of products (goods or services) within two years before the message is sent;

2.  The acceptance by the recipient of a business, investment or gaming opportunity within two years before the message is sent; or

3.  An inquiry by the recipient within six months before the message is sent.

“Existing non-business relationship” is defined to include:

1.  Certain donations or gifts to charities or political parties.

2.  Volunteer work for charities or political parties.

3.  Memberships in clubs, associations or voluntary organizations (“membership” and “club, association or voluntary organization” both as defined in the Regulations).

Form and Unsubscribe Requirements

The Anti-spam Act also sets out rules governing the sending of CEMs, including form (i.e., disclosure) requirements and mechanisms for the withdrawal of consent (i.e., unsubscribing).

Form Requirements

CEMs must be in a prescribed form that, among other things, (i) identifies the person who sent the CEM, (ii) the person, if different, on whose behalf it is sent, (iii) includes information enabling the recipient to contact the sender, and (iv) includes an unsubscribe mechanism.

The June CRTC Regulations set out the specific information that must be included in CEMs.  This currently includes the name of the person sending the CEM, the physical and mailing address, a telephone number providing access to an agent or voice messaging system, an e-mail address and the web address of the person sending the CEM.

The June CRTC Regulations also state that the prescribed information to be included in CEMs must be “set out clearly and prominently”.

The contact information included must also be valid for a minimum of 60 days after a CEM is sent.

The June CRTC Regulations also contain an exception to the prescribed form and unsubscribe requirements, however, providing that where it is “not practicable to include the [prescribed information] and the unsubscribe mechanism” in a CEM, that information may be provided by a web link that is clearly and prominently set out and can be accessed by a single click at no cost to the recipient.

This exception, if it remains in the finalized Regulations, will likely prove to be important for some forms of social media communications, where it is impractical to disclose the full prescribed information in a message.

Unsubscribe Mechanisms

Unsubscribe mechanisms must:

1.  Allow recipients to indicate that they wish to no longer receive any CEMs using the same electronic message (or if impractical, any other electronic means that will enable the same result); and

2.  Specify an electronic address (or web link) to unsubscribe.

The electronic address or webpage for unsubscribing must also be valid for a minimum of 60 days after a message is sent.

In addition, recipients who unsubscribe must be unsubscribed “without delay” (and in any event no later than 10 business days after requesting to be unsubscribed).

The June CRTC Regulations also provide that an unsubscribe mechanism must be “set out clearly and prominently” and “must be able to be performed in no more than two clicks or another method of equivalent efficiency.”

********************

Tips For Complying With
CASL (Canadian Anti-Spam Law)

Canada’s federal anti-spam legislation (CASL) came into force in 2014.  Since then, electronic marketers and their advisors have been working to comply with what remains a complex law with outstanding uncertainties in some key areas. Having said that, many of the core requirements of CASL are not overly difficult to comply with (though continue to be misunderstood in many cases).

The following are some key legal tips for complying with CASL:

Express Consent. If you cannot rely on any category of implied consent (e.g., an existing business relationship within two years of a purchase) or a CASL exemption, ensure that you have collected and documented express consent from recipients. Express consent requests must include all of the information set out in CASL and its regulations otherwise the consent will not be valid. Failure to correctly collect consent is the most common CASL compliance error we see and a key basis for CRTC enforcement. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.

Implied Consent. If you are relying on one or more categories of implied consent to send commercial electronic messages (CEMs) (e.g., an existing business relationship within two years of a purchase or six months of a product inquiry) ensure that all of the requirements of the particular type of implied consent are met. Remember that there is not a single blanket type of implied consent under CASL; rather, there are many different types of implied consent each with their own specific requirements. Also, as with express consent, CEMs that rely on implied consent must still include the prescribed sender identification information and unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.

Consent For Third Parties To Send CEMs. Under CASL, consent to send CEMs can be requested for a sender themselves, identified third parties (or multiple identified third parties) or unidentified third parties (i.e., entities whose identities are not yet known when consent is requested). Importantly, however, each type of consent request has specific requirements for the request and, in the case of consent requests on behalf of unidentified third parties, somewhat complex additional requirements. The failure of marketers to correctly request consent for third parties (e.g., partners, affiliates, co-sponsors in promotions, etc.) is another CASL-related error that we regularly see. For more information, see: Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.

CASL Exemptions. Similar to implied consent, there is no single exemption from CASL but many types of exemptions. If you are relying on a particular exemption (e.g., the “business-to-business” exemption) it is important to ensure that all of the requirements of the exemption are met. Importantly, there is little or no case law interpreting many CASL exemptions. This means that there there may be more risk when relying on an exemption than express consent. Express consent is the strongest type of consent under CASL, considering that it does not expire unless a recipient unsubscribes.

Passive Consents. Remember that under CASL express consent or a category of implied consent is generally required to send CEMs unless a CASL exemption applies. As such, passive types of consents (e.g., language in general terms and conditions) will likely not be CASL compliant unless a sender does not need express consent (i.e., can rely on a category of implied consent or a CASL exemption).

Sharing Lists With Third Parties. Consider the potential risks of sharing e-mail or other electronic marketing lists with third parties. While this is certainly possible under CASL, marketers should be aware that there are specific requirements that must be met depending on who a list will be shared with (e.g., to expressly identify third parties with whom consent is being gathered on behalf of, including their contact information and other requirements for unidentified third parties). Marketers should also be aware that there is also potentially not only risk if they themselves violate CASL (e.g., send CEMs without consent), but also if they assist third parties that violate CASL. As such, it is often prudent for marketers that want to share electronic marketing lists with third parties to ensure that they have list sharing agreements in place with parties with whom they share e-mails. For more information, see: Anti-Spam Law (CASL) FAQs, Anti-Spam (CASL) Compliance Errors and Canadian Anti-Spam (CASL) Precedents. See also: Influencer, Co-Sponsor and List Sharing Agreements.

Sender Identification Information. Ensure that all CEMs include the prescribed sender identification information required by CASL unless an exemption applies. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.

Unsubscribe Mechanism. Ensure that all CEMs include a CASL-compliant unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.

Document Consent. Under CASL, the onus is on senders of CEMs to document consent. As such, it is important to document the type of consent (express or implied) or exemption being relied upon, evidence of consent (e.g., subscription logs, forms, dates and names/e-mail addresses), divide lists according to the type of consent or exemption being relied upon and to scrub lists after recipients have unsubscribed or the relevant time period for a category of implied consent has expired (e.g., two years after a purchase). Failure to adequately document consent is another CASL-related compliance error that we regularly see, including not documenting consent at all, not segregating distribution lists and inadequately documenting consents or types of implied consent. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.

CASL Compliance Program. Consider adopting a CASL compliance program, particularly if electronic marketing is a core aspect of your marketing strategy. The CRTC has issued guidance on CASL compliance programs including key recommended elements. For more information, see: Anti-Spam (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.

CASL and Specific Types of Promotions. Care should be taken in relation to specific types of promotions under CASL. Just one of many examples is friends and family type promotions (e.g., contests where entrants can gain more entries by sharing with or tagging a friend or family member). While there is an exception to the unsolicited CEMs section of CASL (section 6) for messages sent to a person with whom the sender has a personal or family relationship, these terms are narrowly defined. For example, “family relationship” is limited to spouses, common-law partners and parent-child relationships. “Personal relationship” is defined in a multi-factor and case-by-case fashion such that it is often impractical to rely on this exception for any broad “friends and family” type promotion. Marketers should also be aware that there is potential risk for both themselves and their clients in running friends and family type promotions if they cannot meet the specific definitions of “family relationship” and/or “personal relationship” under CASL for a promotion. For more information, see: Anti-Spam (CASL) Compliance Errors and Running a Friends-and-Family Promotion in Canada? Cruel, Cryptic CASL Strikes Again.

____________________

SERVICES AND CONTACT

I am a Toronto competition/antitrust lawyer and advertising/marketing lawyer who helps clients in Toronto, Canada and the US practically navigate Canada’s advertising and marketing laws and offers Canadian advertising/marketing law services in relation to print, online, new media, social media and e-mail marketing.

My Canadian advertising/marketing law services include advice in relation to: anti-spam legislation (CASL); Competition Bureau complaints; the general misleading advertising provisions of the federal Competition Act; Internet, new media and social media advertising and marketing; promotional contests (sweepstakes); and sales and promotions. I also provide advice relating to specific types of advertising issues, including performance claims, testimonials, disclaimers, drip pricing, astroturfing and native advertising.

For more information about my services, see: services

To contact me about a potential legal matter, see: contact

For more regulatory law updates follow me on Twitter: @CanadaAttorney

This entry was posted in Advertising Law, Anti-spam Law, Compliance, Consumer Protection, CRTC, Direct Sales, Electronic Marketing, Internet Advertising, New legislation, New Publications, News, Online Advertising, Privacy Law, Publications, Sectors - Broadcasting, Sectors - Internet & New Media, Sectors - Media, Sectors - Telecommunications, Social media marketing, Targeted Advertising, Testimonials. Bookmark the permalink.