Canada’s anti-spam legislation (CASL) came into force on July 1, 2014, and introduces new rules around the use of “commercial electronic messages”, the alteration of transmission data, and the installation of computer software on to another person’s computer or device.
Many day-to-day activities associated with newspaper publishing can be affected by the new regulations, including sending an email to prospective customers, permitting a mobile application to be downloaded, or operating a website. Failure to comply with the new rules could invite significant fines or even attract a private action.
The new rules for sending electronic messages and installing computer programs (including mobile device applications) have the potential to impact a number of aspects of the newspaper business, particularly in electronic marketing, subscriber communications, and network/website management.
The following information is intended to provide an overview of the key requirements of Canada’s anti-spam law. For further information, you are advised to review the slide deck and information bulletin that have been provided by government and/or discuss the matter with your legal advisors. Newspapers Canada also arranged for a webinar on CASL compliance that is available for CNA and CCNA members in the Members Area of the Newspapers Canada website.
- What is covered?
- The Rules Relating to the Use of Commercial Electronic Messages
- Obtaining Consent
- Identification and Unsubscribe Requirements
- Government documents
- CASL website: fightspam.gc.ca
- CASL Webinar (Member login required)
Canada’s anti-spam legislation makes it illegal for a person or organization to send unsolicited electronic messages (such as email, or a social media messaging platform), to install a computer program without consent, to make false or misleading electronic representations, or to collect electronic addresses without authorization.
In addition to covering spam, the legislation and its related regulations also attempt to cover spyware, address harvesting and false and misleading representations involving the use of any means of telecommunications (e.g. SMS, social networking, websites, URL's and other locators, applications, blogs, etc). Violations may result in an administrative monetary penalty (AMP). The maximum amount of an AMP, per violation, for an individual is $1 million, and for a business, it is $10 million. CASL sets out a list of factors considered in the determination the amount of the AMP. In addition to the possibility of fines levied by enforcement agency, the legislation will also phase in a private right of action, effective July 1, 2017.
A Commercial Electronic Message (CEM) is any electronic message that is for a commercial purpose, encouraging participation in a commercial activity. In determining whether a message is encouraging a commercial activity, consideration should be given to the content of the message, contact information, as well as any hyperlinks to a website or database and the degree to which they promote a commercial activity. CEMs would include an offer to purchase, sell, barter, or lease a product, goods or services, or an offer to provide a business, investment or gaming opportunity.
Before an organization sends someone a CEM, they will need to have first obtained the recipients’ express consent. Generally speaking, once obtained, a recipient’s express consent continues indefinitely unless and until the recipient withdraws it.
There are some exemptions, however, particularly when it comes to business-to-business practices and personal relationships. Specifically, the regulations include exemptions for CEMs that are sent within a business, as well as CEMs sent between business organizations that are in an ongoing business relationship and where the messages are relevant to the business, function or duties of the recipient.
The regulations also allow a CEM to be sent in response to a request for information or complaint, to enforce a legal right (e.g. debt collection, enforcing contractual obligations), and exempt messages sent from outside Canada, including messages sent by foreign businesses (when the sender could not reasonably know the message would be received in Canada).
Third-party referrals are also eligible for an exemption from the express consent provisions as long as the sender of the message discloses the full name of the person who made the referral and that the person who made the referral has themselves an existing personal, family, or business relationship with both the sender and the recipient of the message.
A “personal relationship” is defined as one where individuals have had voluntary, two-way communications at any point in the past, unless the recipient has clearly expressed a desire not to receive any CEMs from the sender.
The exemption for “family relationships” allow for CEMs to be sent without consent to family members descending from a common grandparent, including aunts, uncles, first cousins, nieces and nephews.
Consent can be obtained either in writing or verbally and, regardless of the case, it is the responsibility of the sender to be able to prove that they have obtained the consent of the recipient to send the message. Obtaining an email address from a business card that has been handed to you, or when someone has made their email address by publishing it on their website, may be generally viewed as you having been given consent – unless they explicitly communicate otherwise. In order to ensure that you can verify consent, it is important for senders of CEM to carefully track key information, such as how and when consent was obtained.
It is also important to note that the way in which one requests consent cannot presume consent on the part of the intended recipient. Consent must rely on a positive action taken by the user to opt-in, not inaction (as might be the case by using a pre-checked box that assumes consent).
CRTC Information Bulletin 2012-548 provides some thoughts with respect to the information you should be tracking, as well as outlines what information should be included in a request for consent.
In addition to having obtained consent, a person or organization sending a CEM must also provide identification information, as well as provide an “unsubscribe” mechanism.
The regulations require that each CEM clearly identifies who is sending the message and, if applicable, the person (or people) on whose behalf the message is sent, as well as their mailing addresses
Under CASL, the recipients must have been provided with some form of unsubscribe mechanism in each CEMs. For example, a CEM sent via SMS may state that the end-user can unsubscribe by texting the word "STOP." A hyperlink displayed clearly in an email that also would allow the user to unsubscribe by a simple click could also serve this purpose. When setting up your unsubscribe mechanism, you could also offer the choice to the recipient to unsubscribe from all CEMs or give them the option of choosing among the different types of CEMs you might send.
Canada’s anti-spam legislation has been heavily criticized for being overly broad and subject to multiple interpretations. However, its intent is not to interfere with reasonable business practices but to deal with the public and business concerns about actual spam. We have received assurances from enforcement authorities that organizations that undertake efforts, in good faith, to comply with the law should not face a problem.
Please take the time to review the materials available below, which should be able to address many of the questions you might have. However, if you still have any specific questions regarding your requirements, please forward your inquiry to us and we will work with the appropriate regulatory enforcement authority to provide you with an interpretation.
- Compliance and Enforcement Information Bulletin (PDF)
- CRTC CASL Interpretation Bulletin (PDF)
- CRTC CASL Presentation (PDF)
If you have any questions regarding Canada's anti-spam legislation, please contact Jason Grier, Senior Advisor, Policy and Public Affairs, at firstname.lastname@example.org.