Canada's new anti-spam law (CASL) comes into force on July 1, 2014: What does it mean for you and your business?
While the federal government passed Canada’s first “anti-spam” Act in December of 2010, the date for its implementation continued to be pushed back due to a number of issues that were raised by industry and others.
With a now firm implementation date of July 1, 2014, it is important for businesses to consider, and plan for, the requirements of the Act.
The Act generally prohibits the sending of “commercial electronic messages” without the recipient's consent or permission, unless an exemption applies.
The Act applies where the message is sent OR accessed in Canada.
“Commercial electronic messages” are broadly defined to include any type of electronic message (emails, twitter, text messages, instant messaging, etc.), in any format, that when examined, as a whole, have a purpose of encouraging participation in a commercial activity (regardless of whether or not that activity is carried out with a profit motive). The simplest example, that we have all received, would be an email that offers to sell you a product or service.
There are a number of “exemptions” from the above consent/permission requirement, including:
- communications between businesses / organizations that have an existing relationship and the content of the communication relates to the activities of the business / organization to which the message is sent;
- responding to a request for a quote or to an inquiry, request or complaint;
- communications sent to satisfy/enforce legal obligations;
- communications that are accessed within a secure account (such as messages from a bank, to its customer, that are delivered via an on-line banking service);
- communications that are reasonably believed to be access in a foreign country, and the message conforms to the laws of that foreign country;
- facilitating an already existing commercial transaction (such as sending an invoice);
- providing warranty and safety information;
- providing ongoing information in respect of a subscription, membership, account, loan or other similar relationship;
- providing information in respect of an employment or benefit plan relationship;
- communications relating to an existing business relationship or a relationship which was in existence within two years of sending the message (unless consent for same is earlier revoked); and,
- situations where the recipient has disclosed their electronic contact information, without any statement that they do not wish to receive communications, and the communication relates to the person’s business.
If an exemption does not apply, express consent must be obtained from the recipient.
The Act requires that such express consent:
- state the purpose of the consent;
- identify the requestor;
- provide the below noted contact information; and,
- clarify that consent can be withdrawn at any time.
It is preferable to have explicit “proof” of the express consent – such as “checking” a box on a website (a “pre-checked” box, requiring an individual to “opt-out” of receiving messages, is not accepted for the purposes of the Act), clicking a link on an email, providing an email address on a website or via written correspondence. Oral consent is allowed, but it raises issues of proof if the recipient alleges that they never gave consent.
Ironically, an electronic message containing a request to send a “commercial electronic message” is, itself, deemed to be a commercial electronic message. Therefore, the use of any such electronic message to obtain consent in anticipation of the Act must cease once the Act comes into force (unless one of the exemptions under the Act otherwise applies). In addition to the above, any commercial electronic message must contain:
- the name of the person sending the message and, if applicable, on whose behalf the message is being sent;
- any name(s) that the person(s) may carry on business under; and,
- contact information of the sender(s), including mailing address and telephone number (with some form of answering service or voice-mail) or email address or web address (if applicable). The contact information must remain valid for 60 days after the message is sent.
Finally, the commercial electronic message must contain a simple unsubscribe mechanism such as a reply option or a “click to unsubscribe” link. The unsubscribe request must be processed within 10 business days.
The Act provides for penalties of up to $1 million in the case of an individual, and $10 million in the case of any other person - for each violation of the Act. Directors of a corporation can also be held liable.
Thankfully, the Act states that consent is implied up to July 1, 2017 (unless earlier revoked) if, as of July 1, 2014, there was an existing business relationship AND the relationship included the sending of commercial electronic messages. As such, businesses may be able to use this period to obtain explicit consent to continue sending commercial electronic messages to their customers.
Obviously, the Act will have a significant impact on business communication. With the Act coming into force very shortly, businesses should begin examining their communication processes to determine whether certain risks may exist and what remedies should be put in place.
This article only provides a brief synopsis of the highlights of the Act and its effects as it relates to electronic communications. Businesses are encouraged to discuss their specific situation with their respective counsel to ensure that all factors have been considered.
Paul K. Grower is a partner with Fillmore Riley LLP who practises primarily in the areas of taxation litigation, general commercial litigation, and privacy law. You can reach him at (204) 957 8369 or firstname.lastname@example.org.