CANADA’S ANTI - SPAM LAW (“CASL”) AN OVERVIEW HOW WILL CASL AFFECT YOUR BUSINESS AND HOW CAN YOU PREPARE FOR IT? Diane Karnay Wednesday June 18, 2014
Introduction Most provisions of CASL (including those impacting the sending of commercial electronic messages) will come into force on July 1, 2014 . Certain sections (pertaining to computer programs and software) will come into force on January 15, 2015. CASL received Royal Assent (was passed by Parliament) on December 15, 2010. The CRTC has published the Electronic Commerce Protection Regulations (CRTC) , as well as two compliance and enforcement information bulletins. Industry Canada’s final regulations were published on December 4, 2013. 2
Intent of CASL The Industry Canada website states : “ The intent of the new law is to deter the most damaging and deceptive forms of spam from occurring in Canada. ” The Industry Canada website further states : “ Collectively, these online threats disrupt online commerce and reduce business and consumer confidence in the online marketplace; congest networks, imposing heavy costs on network operators and users, and threatening network reliability and security; and undermine personal privacy. ” The legislation is meant to provide a secure online environment for business in Canada, and to combat spam emails; however, it will end up capturing a broader array of messages than would normally be regarded as spam. 3
Enforcement and Penalties The CRTC will have broad powers to investigate and impose substantial administrative monetary penalties for violations - of up to $1,000,000 for an individual and up to $10,000,000 for an organization for each violation. There will also be a private right of action to allow consumers and businesses to take civil action against anyone who violates CASL. Corporate officers and directors can be held personally liable for corporate violations and employers can be held liable for violations committed by their employees or agents acting within the scope of their employment or authority. Due diligence to prevent the commission of the violation is a defence. 4
Characteristics of CASL CASL is a strict and broad piece of anti-spam legislation. CASL will: regulate the use of commercial electronic messages; prohibit the installation of a computer program on any person’s computer system without the express and informed consent of the owner or authorized user of the computer system; prohibit the alteration of ‘transmission data’ in an electronic message without the consent of the sender or the recipient (the practice of pharming); and prohibit the unauthorized collection of email addresses through automated means (address harvesting), and misleading representations in sender information, subject matter information or content of an electronic message. 5
Spam Reporting Centre The Canadian Radio-television and Telecommunications Commission (CRTC) will have the chief enforcement responsibility under CASL and will host the spam reporting centre, which will go live on July 1, 2014. 6
Basic Prohibition Against CEMs Section 6 of CASL contains the basic prohibition against sending “ commercial electronic messages ” without: consent , and 1. compliance with certain form and unsubscribe 2. requirements. CASL applies to the sending of CEMs by any ‘person’ – individuals or companies (both for-profit and not- for-profit). 7
What is a CEM? A commercial electronic message (CEM) is any electronic message (email, instant message, text or similar means) which encourages participation in a commercial activity. Commercial activity does not necessarily mean an activity conducted for profit. Note that broadcast messaging (tweets and posts), will not be caught by CASL. However, sending any message via email or text over social media will be caught. Also CASL does not apply to voice or fax messages. 8
When is Consent Not Required? Quotes or estimates; Messages that facilitate or confirm transactions; Provision of warranty, recall, safety or security information; Provision of information about: - ongoing use or ongoing purchases; - ongoing subscriptions, memberships, accounts, loans, etc.; and - employment relationships or benefit plans; and Delivery of goods or services, including updates and upgrades. 9
Exemptions from CASL Regulation There are certain exemptions from CASL regulation (to which neither the consent nor form and content requirements apply). They are: Messages sent to persons with whom the sender has a personal or family relationship (where there has been direct, voluntary, two-way communication); Responses to commercial inquiries; Messages sent to satisfy legal obligations or enforce a legal right or obligation; Messages sent via a closed messaging system , such as a proprietary system or a system where ID and unsubscribe are included on the platform; 10
Continuation of exemptions Internal business communications (within a business), provided the message concerns the affairs of the business; Business to business communications, provided the organizations have a relationship and the message concerns the activities of the recipient organization; Messages sent by charities , when the message has the primary purpose of raising funds for the charity and the charity is a registered charity in accordance with Canada’s Income Tax Act; 11
Continuation of exemptions Messages sent by political candidates or organizations, soliciting political contributions; Messages relating to a business located or provided outside of Canada and accessed while the recipient was visiting Canada; and Messages sent to a foreign jurisdiction in compliance with their spam law. 12
Types of Consent Consent may be either express or implied, and either written or oral. Oral consent will always carry an evidentiary burden, so it is recommended that such consent be confirmed in writing. The onus to prove consent will be on senders of CEMs. 13
Express Consent CASL will, once in force, create an “opt - in” regime for express consent. A positive action will be required to be taken by the person providing his or her consent, such as checking a box on a web page to give consent. Also, the purposes for which consent is sought will need to be made clear. Consent will need to be sought separately for (a) sending CEMs, (b) altering transmission data in electronic messages, and (c) installing a computer program on another person’s computer. 14
Implied Consent Consent may be implied in various circumstances, including the following: in an existing business relationship setting, where: - the recipient has purchased or leased products, goods, services or land within two years of the date the CEM was sent, - there is a written contract with the recipient which is currently in existence or has expired not more than two years from the date the CEM was sent, or - the recipient has made an inquiry within the previous six months; 15
Implied Consent continued in an existing non-business relationship setting, where the recipient has made a donation or gift, or performed volunteer work or attended meetings or attained membership in the organization sending the CEM, all within two years of the date the CEM was sent; where the recipient has disclosed his/her address to the sender without indicating that no commercial messages are to be sent, and the message is relevant to the recipient’s business or official capacity; 16
Implied consent continued As a result of a grace period offered by CASL, for the first 3 years (until June 30, 2017), there will be implied consent to send commercial messages to recipients where, as of the enforcement date of the legislation, there was an existing business or non- business relationship which included the exchange of CEMs; provided the recipient does not withdraw its consent. 17
Difference between express and implied consent Businesses and organizations who wish to rely on implied consent will need to strictly manage their lists of recipients, and keep in mind that such consent is of limited duration. Express consent will not have an expiry date. It will be necessary to manage your contact lists to ensure that you can demonstrate consent for every recipient. 18
Form Requirements CEMs will need to identify the sender and its 1. affiliates (name and address, and telephone number, email or website). If the sender is sending the CEM on behalf of a 2. third party, the sender must identify for whom the message is sent. The contact information must be valid for at least 3. 60 days after the CEM was sent. 19
Unsubscribe Requirements The unsubscribe mechanism must: - be able to be “readily performed”, so it must be accessed without difficulty or delay, and should be simple, quick and easy to use; - be a no-cost mechanism; and - allow the recipient to unsubscribe by way of the same electronic means. The electronic address or link for the unsubscribe mechanism must be valid for at least 60 days from the date the CEM was sent. 20
When to Implement Unsubscribe? A request to unsubscribe must be implemented without delay, and in any event no later than 10 business days after the request was sent. 21
Recommend
More recommend