February 28, 2014
On July 1, 2014, the anti-spam sections of Canada’s Anti-Spam Legislation (aka “CASL”) take effect. CASL will apply to just about every business – from sole proprietors and independent contractors, to multinational corporations – and every person sending just about every form of commercial electronic message to, from or within Canada:
If you’re not ready for CASL, the countdown is on. It’s time to act now.
Key Dates. CASL (and its Regulations) will be phased into effect on these dates:
Opt-In Regime. CASL moves Canada from an “opt-out” to an “opt-in” regime for all electronic-based marketing: with few exceptions, if a person or business wants to send a CEM within or into Canada, it needs the recipient’s prior consent.
The Law. In 2010, the Federal Government proclaimed CASL but it didn’t take effect until the Government finalized the related Regulations – which only happened on December 4, 2013. Generally, CASL sets out the broad strokes of the new “anti-spam” and unsolicited software regime; the Regulations set out the detailed rules for CEM’s. The Canadian Radio-telecommunications Commission (CRTC) will administer most of CASL and its Regulations.
Guidance. The Federal Government published a “Regulatory Impact Analysis Statement” (RIAS) with the Regulations. It provides some explanatory notes, but it’s not law – making its value limited.
COMMERCIAL ELECTRONIC MESSAGES (“CEMs”)
CASL and its Regulations only apply to “CEMs”, so what is – and isn’t – a “CEM” is crucial to CASL compliance.
Definition. There are some inclusions and exclusions, but essentially a CEM is any electronic message that it’s reasonable to conclude has encouragement of participation in a “commercial activity” as one of its purposes, considering the:
“Commercial activity”. Broadly, “commercial activity” is any transaction, act or conduct (or regular course of conduct) of a commercial character – whether or not carried out for profit.
Inclusions and Exclusions. A CEM explicitly includes an electronic message that:
A message involving a pre-existing commercial relationship or activity and providing additional information, clarification or completes the transaction involving a commercial activity already underway, is not a CEM because it carries out – rather than promotes – commercial activity.
The Grey Area. However, the final Regulations add that certain categories of messages could imply that a solely transactional message may be a CEM. The RIAS doesn’t help: it says a message is not a CEM merely because it involves commercial activity, hyperlinks to a person’s website, or contains business-related electronic addressing information, if none of its purposes is to encourage the recipient in additional commercial activity – but it may be if it would be reasonable to conclude one of the purposes is to encourage the recipient to engage in additional commercial activities based on, for example, the prevalence and amount of commercial content, hyperlinks or contact information.
Social Media. The Federal Government hasn’t yet clarified the impact of CASL on CEMs sent via social media sites (e.g. Facebook and LinkedIn) – but if it promotes a commercial activity assume it is a CEM that must comply with CASL.
CASL is a permission-based regime. The final Regulations provide extreme protection of consumers against organizations in the business of compiling and selling email lists to third parties – and catches all CEM senders in the process. With few exceptions (see “Exceptions” below), if an electronic message falls into the definition of a CEM, the sender must obtain the recipient’s consent – either express or implied – before she can deliver it.
Express Consent. Basically, a recipient gives express consent if she has actively agreed to receive CEMs from the sender orally or in writing:
Implied Consent. There are two broad relationships in which the recipient’s consent to receive a CEM from the sender is “implied” – meaning the sender doesn’t need the recipient’s express consent to send it:
Fresh Consent. If a sender already obtained a recipient’s express consent under the Personal Information Protection and Electronic Documents Act (PIPEDA for short), that consent will satisfy CASL – but other forms of PIPEDA consent (such as implied consent) will not.
Again with a few exceptions (see “Exceptions” below”), all CEMs must also include certain content – even if the sender has the recipient’s consent to send it:
Disclosure. All CEMs must disclose the following information:
Unsubscribe Mechanism. All CEMs must include a working “unsubscribe mechanism” allowing recipients to indicate they no longer want to receive CEMs from the sender. The CRTC says the unsubscribe mechanism must be consumer‐friendly, accessible without difficulty or delay, and quick and simple for consumers to use. The Regulations say it must:
Now for the exceptions to the general rules. There are two main categories of “exemptions”:
THE PRICE FOR NON-COMPLIANCE
Individuals and organizations that don’t comply with CASL risk significant penalties:
Monetary Penalties. The CRTC can impose penalties of up to $1M on individuals and $10M on other entities for a CASL contravention. The CRTC must take into account certain factors – including prior violations and financial benefit to the sender – when setting the amount.
Vicarious and Personal Liability. Employers could be liable for violations by employees acting in the scope of employment. Corporate directors and officers could be personally liable for a corporation’s violation if they directed or participated in the violation – though there is a due diligence defence available.
Obstruction of CASL Investigation. It is a criminal offence to fail to comply with a demand to preserve transmission data or produce documents when required.
Private Right of Action. Effective July1, 2017, a person or corporation affected by a CASL contravention can sue for it. Available remedies include monetary compensation and expenses, with maximum penalties of $200 for each CEM contravention (not to exceed $1M/day), and $1M for each day on which a software contravention occurs.
ACT NOW – OR PAY THE PRICE
The countdown to CASL is now on: individuals and organizations only have six months to create, implement or update their CASL compliance program. There is no grandfathering: every CEM sent after July 1, 2014 must comply. It’s time to act now:
Please contact your McInnes Cooper lawyer or any member of our McInnes Cooper CASL Team to discuss this topic or any other legal issue.
McInnes Cooper has prepared this document for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this information. McInnes Cooper excludes all liability for anything contained in this document and any use you make of it.
© McInnes Cooper, 2014. All rights reserved. McInnes Cooper owns the copyright in this document. You may reproduce and distribute this document in its entirety as long as you do not alter the form or the content and you give McInnes Cooper credit for it. You must obtain McInnes Cooper’s consent for any other form of reproduction or distribution. Email us at [email protected] to request our consent.
Jul 27, 2021
Canadian entities regularly contract with foreign companies to provide services in Canada. To complete its obligations under the contract, the…
Jul 21, 2021
Many now agree: it’s imperative that workplaces be both diverse and inclusive. Perhaps the most often-quoted (and definitely most succinct)…
Jun 24, 2021
Many employers use equity compensation plans like employee stock option plans to attract, motivate, and retain talent. One reason stock options…
Jun 21, 2021
There is a duty to consult Indigenous groups when the Crown contemplates actions that may adversely affect their rights under section 35 of the…
Jun 15, 2021
As of January 1, 2021, federally regulated employers (such as banks, telephone and cable systems, most federal Crown corporations,…
Subscribe to McInnes Cooper to stay current with our leading insights on legal updates, trends, news, events, and services.