Canada's Anti-Spam Legislation (CASL) Software Installation Sections Effective January 15, 2015: 10 FAQs

Advanced Filters

Please search by first or last name. e.g: "John" or "Smith". Your search will begin after typing at least 2 characters. Searching...
Sort by: Relevance | Name

We are pleased to provide you with detailed biographies on our lawyers, paralegals and administrative team, so you can learn more about how we can best support your business' success.

Use the search bar above or the advanced filters to further narrow your search by service, industry, office location, bar admissions, title, education and language.

: Service; Industry; Office; Position; Bar Admission; Education; Language

Contact Form

: Contact

We want to hear from you: Did we delight you with great service or a timely insight? Did we miss the mark? Are you looking for legal advice? If so, we want to know. Just type a few lines into our form, send an email to client.service@mcinnescooper.com, or call 1-855-622-6668.

Charlottetown

141 Kent St., Suite 300
McInnes Cooper Building
Charlottetown, PE
C1A 1N3

Tel: 902.368.8473
Fax: 902.368.8346

Fredericton

570 Queen St., Suite 600
Barker House
Fredericton, NB
E3B 6Z6

Tel: 506.458.8572
Fax: 506.458.9903

Halifax

1969 Upper Water St., Suite 1300
Purdy’s Wharf Tower II
Halifax, NS
B3J 3R7

Tel: 902.425.6500
Fax: 902.425.6350

Moncton

644 Main St., Suite 400
Blue Cross Building, South Tower
Moncton, NB
E1C 1E2

Tel: 506.857.8970
Fax: 506.857.4095

Saint John

1 Germain St., Suite 1700
Brunswick Square
Saint John, NB
E2L 4V1

Tel: 506.643.6500
Fax: 506.643.6505

St. John’s

10 Fort William Pl., 5th Floor
Baine Johnston Centre
St. John’s, NL
A1C 1K4

Tel: 709.722.8735
Fax: 709.722.1763

More Publications

Publication

Canada’s Anti-Spam Legislation (CASL) Software Installation Sections Effective January 15, 2015: 10 FAQs

December 11, 2014

By Trent Skanes, at McInnes Cooper

On January 15, 2015, the software provisions of Canada’s Anti-Spam Legislation (CASL) will take effect. CASL’s anti-spam sections, touted as the toughest in the world, came into force on July 1, 2014 – and had businesses scrambling to comply. CASL’s software provisions impose equally broad and onerous procedural requirements for companies and individuals installing computer programs on computer systems.

Here are the answers to 10 frequently asked questions about CASL’s new software provisions to help you decide whether they apply to you – and if so, what you need to do to comply:

What do the new software provisions apply to? CASL’s software provisions only apply to “computer programs” that are “installed” on another person’s “computer systems” in the “course of commercial activity.” They apply to installations on computer systems located in Canada even if the installation originated elsewhere, and to installations on computer systems currently located outside of Canada if the installer was in Canada (or acted under the direction of a person in Canada) when she installed the program.
What are computer “systems” and “programs”? The definitions are borrowed from the Canadian Criminal Code:
- “Computer system” means a device (or a group of interconnected or related devices one or more of which) that: contains computer programs or other data; and pursuant to computer programs, performs logic and control, and also may perform any other function besides logic and control.
- “Computer program” means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function.
What is “installed”? It’s not clear yet. CASL doesn’t define “install” or “installer” – and the CRTC hasn’t released anything to provide a glimpse into how it will approach it.
What’s “in the course of commercial activity” CASL defines “commercial activity” as any course of conduct of a commercial character, whether or not it’s carried out in the expectation of profit. Computer programs installed outside of the course of commercial activity include programs designed for law enforcement and public safety purposes. CASL doesn’t apply to owners or authorized users installing software on their own computer systems (e.g. personal computers, mobile devices or tablets), but it’s not yet clear whether computer software an employer installs on employee devices (particularly in the “Bring Your Own Device” context) or its affiliate or client computer systems for internal operational reasons is caught.
If it applies to my activities, what do I have to do? Get express consent. Under CASL’s software sections, a person (or company) can’t, in the course of commercial activity, install a computer program on another person’s computer system – or cause an electronic message to be sent from that installed computer program – unless she:
- has the “express consent” of the owner or the authorized user of the computer system; or
- acts according to a court order.
  
  But you don’t require express consent in these cases:
- Exception. When a user consents to future updates and upgrades at the same time that she expressly consents to install the program itself, then the installer does not require any further consent when she actually installs the update.
- Deemed Consent. CASL deems users to consent to the installation of these computer programs if the user’s conduct shows it’s reasonable to believe she consented to it:
  - Cookies (but it’s not entirely clear what “cookies” means; Industry Canada’s material states cookies are not executable programs while the CRTC asserted that cookies are programs but not installed so aren’t subject to CASL’s prohibitions);
  - HTML code;
  - Java Scripts (although Industry Canada says this an error; it should be “JavaScript” which is different);
  - Operating systems;
  - Any program executable only through use of another computer program for which the user has already consented to installation; and
  - Any program CASL specifies. CASL currently lists a number of such programs that focus on security, updates, and repairs: telecommunications service providers (a person who – independently or as part of a group or association – provides telecommunications services) may install computer programs to protect network security or upgrade the network; installers may install computer programs that solely correct failures in the computer system or program.
How do I get “express consent”? Generally, the installer has to ask for the user’s consent – and must disclose this information in the consent request:
- the reason the installer is seeking consent;
- the full business name of the installer seeking consent;
- the installer’s mailing address, and one of the installer’s telephone number, email address, or web address;
- if consent is sought on behalf of another person, a statement indicating who is seeking consent and on whose behalf consent is being sought;
- a statement that the user may withdraw consent for the computer program’s installation at any time; and
- a clear and simple description, in general terms, of the computer program’s function and purposes . We don’t yet know the extent to which an installer must describe the program to satisfy CASL.
  
  But if an installer “knows and intends” that a computer program will cause a computer system to operate in a way its owner doesn’t reasonably expect, the installer must provide a higher level of disclosure and acknowledgement to get the user’s express consent.
What types of computer programs require the higher level of disclosure and acknowledgement? Computer programs that the installer “knows and intends” will perform one of these functions:
- collecting personal information stored on the computer system;
- interfering with the user’s control of the computer system;
- changing or interfering with settings, preferences, or commands already installed or stored on the computer system without the user’s knowledge;
- changing or interfering with data stored on the computer system in a way that obstructs, interrupts or interferes with lawful access to or use of that data by the user;
- causing the computer system to communicate with another computer system, or other device, without the user’s authorization;
- installing a computer program that may be activated by a third party without the user’s knowledge; and
- performing any other function CASL specifies (there are none as yet).
  
  But computer programs performing one of these functions do not require heightened disclosure or user acknowledgments if the function only collects, uses, or communicates “transmission data” (which CASL defines as data that (a) relates to the telecommunications functions of dialling, routing, addressing or signalling; (b) either is transmitted to identify, activate or configure an apparatus or device, including a computer program, in order to establish or maintain a communication, or is generated during the creation, transmission or reception of a communication and identifies or purports to identify the type, direction, date, time, duration, size, origin, destination or termination of the communication; and (c) does not reveal the substance, meaning or purpose of the communication).
What is the higher level of disclosure and acknowledgement required? When installing a computer program that operates contrary to the system owner’s reasonable expectations the installer must do more than merely describe the program in clear and simple terms; she must clearly and prominently:
- describe the computer program’s material elements, including the nature and purpose of those elements and their reasonably foreseeable impact on how the computer system operates;
- bring the material elements to the attention of the user separately from any other information it provides in a request for consent; and
- obtain the user’s written acknowledgement that the user understands and agrees that the computer program performs the specified functions.
Can a User Withdraw Consent? Yes. Computer programs caught by the higher level of disclosure (see FAQ 8 above) must give the user an electronic address valid for at least one year after installation so the user can ask the installer to remove or disable the computer program. A user can make this request if she believes the installer didn’t accurately describe the “function, purpose, or impact” of the computer program when the installer requested consent to install it. If the installer gets a removal request within one year of installation, and consent was based on an inaccurate description of the program’s material elements, then the installer must assist the user in removing or disabling the program as soon as feasible – and at no cost to the user. We don’t yet know the scope of this “duty to assist” – but it’s likely that failing to assist a user when required to do so will attract CASL’s penalties – and they are significant (see McInnes Cooper’s: Counting Down To Canada’s Anti-Spam Legislation (CASL) – 10 Reasons Why You Should Care About The Upcoming CASL Right Now). Beyond that, you aren’t generally required to help users remove software from their computers.
Is there a “grace period”? Yes. If a computer program was installed on a user’s computer system before January 15, 2015, that user’s consent to the installation of an update or upgrade will be implied until the earlier of January 15, 2018 or the date the user gives notice that she no longer consents to the installation. However, it appears that installers must comply with CASL when installing any new computer programs (rather than updates to existing ones) from January 15, 2015 onward.

Visit McInnes Cooper’s CASL Knowledge Page at www.mcinnescooper.com/services/privacy/casl/ to learn more about CASL.

Please contact your McInnes Cooper lawyer or any member of our McInnes Cooper CASL Team to discuss this topic or any other legal issue.

McInnes Cooper has prepared this document for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this information. McInnes Cooper excludes all liability for anything contained in this document and any use you make of it.

© McInnes Cooper, 2014. All rights reserved. McInnes Cooper owns the copyright in this document. You may reproduce and distribute this document in its entirety as long as you do not alter the form or the content and you give McInnes Cooper credit for it. You must obtain McInnes Cooper’s consent for any other form of reproduction or distribution. Email us at publications@mcinnescooper.com to request our consent.

People

Services

Industries

Technology, Media & Telecom

Publication

September 29, 2015

Canada’s Anti-Spam Legislation (CASL): The Top 3 Lessons Businesses Can Learn from Year 1

The anti-spam sections of Canada’s Anti-spam Legislation (CASL) took effect on July 1, 2014 amidst hype, controversy and dire warnings....

Publication

January 15, 2015

Effective Today: Canada's Anti-Spam Legislation (CASL) Software Installation Sections

Today, January 15, 2015, the software installation sections of Canada’s Anti-Spam Legislation (CASL) take effect. CASL’s anti-spam sections came into...

Publication

February 28, 2014

Counting Down to Canada's Anti-Spam Legislation (CASL): 10 Reasons Why You Should Care

On July 1, 2014, the anti-spam sections of Canada’s Anti-Spam Legislation (aka “CASL”) will take effect. CASL is:Broad. It applies...

We are pleased to provide you with detailed biographies on our lawyers, paralegals and administrative team, so you can learn more about how we can best support your business' success.

Advanced Filters

Contact

We want to hear from you: Did we delight you with great service or a timely insight? Did we miss the mark? Are you looking for legal advice? If so, we want to know. Just type a few lines into our form, send an email to client.service@mcinnescooper.com, or call 1-855-622-6668.

Charlottetown

Fredericton

Halifax

Moncton

Saint John

St. John’s

Send Us Feedback

Un moment s'il vous plaît...

We are pleased to provide you with detailed biographies on our lawyers, paralegals and administrative team, so you can learn more about how we can best support your business' success.

Advanced Filters

Contact

We want to hear from you: Did we delight you with great service or a timely insight? Did we miss the mark? Are you looking for legal advice? If so, we want to know. Just type a few lines into our form, send an email to client.service@mcinnescooper.com, or call 1-855-622-6668.

Charlottetown

Fredericton

Halifax

Moncton

Saint John

St. John’s

Send Us Feedback

Un moment s'il vous plaît...

Share this with others

Twitter

Facebook

Google +

LinkedIn

Email