Canada’s New Anti-Spam Law: What Your Organization Needs To Know
Adrian Liu and Victoria Prince
On July 1, 2014, new legislation will take effect that will impact the email marketing and communication practices of all Canadian organizations, including those in the not-for-profit sector. The Canadian government has passed legislation that will prohibit the sending of commercial electronic messages unless the messages meet consent, content and unsubscribe requirements. While there are provisions in the legislation that will assist not-for-profit organizations (“NFPs”) in certain circumstances, NFPs must comply with the law because there is no general exemption for these organizations.
The legislation has a long official name but is being called “CASL”, which stands for “Canada’s Anti-Spam Law”. CASL also includes two regulations, which were the result of a lengthy consultation process that the government had with businesses and other stakeholders. Most provisions of CASL will come into force on July 1, 2014. Certain sections of CASL relating to computer programs and software will come into force on January 15, 2015, and a private right of action will come into force on July 1, 2017.
Any individual, business or organization that sends commercial electronic messages (such as email and text messages) (“CEMs”) needs to take action to make sure it complies. Keep in mind that although CASL refers to “spam”, the law is drafted so that it applies to a much broader array of messages than would normally be regarded as spam. “Commercial activity” is defined broadly in CASL to include any transaction, act or other conduct that has a commercial character, even if the person carrying it out does not expect to profit from it. For example, electronic messages sent by a NFP to promote a fundraiser or networking event that is not carried out in expectation of profit for the members but does have a commercial character will be a CEM and will have to comply with CASL.
Technically, a single email sent to a person that has a commercial purpose falls under CASL. In addition, since CASL applies to CEMs sent from or accessed in Canada, persons located outside Canada will also need to comply if they send CEMs to recipients in Canada.
The basic rule of CASL is that an individual, business or organization cannot send an unsolicited CEM. Before a CEM is sent, the sender must ensure that: 1) it has the consent of the recipient; 2) the message contains prescribed information about the sender; and 3) the message contains an unsubscribe mechanism.
- Consent – The recipient of a CEM must have given consent to receive CEMs. Consent can be expressly given, such as the recipient signing a document or checking a box on a form indicating consent to receiving these kinds of message from the sender. The consent must be specific about the type of CEMs that will be sent (e.g. marketing emails, product updates, promotions, and/or newsletters) and cannot be buried in the terms and conditions or privacy policy. Consent can be obtained orally, but adequate records should be kept to demonstrate that consent was given. CASL also provides for several types of implied consent (see below).
- Content of the Message – The CEM must contain the name and contact information (address and telephone number, email or website) of the sender. If the sender is sending the CEM on behalf of a third party (e.g. a marketing agency is sending an email blast on behalf of its client), the sender must identify the person on whose behalf the message is being sent.
- Unsubscribe Mechanism – The CEM must contain a no-cost mechanism that allows the recipient to unsubscribe from receiving future CEMs. The unsubscribe mechanism must be able to be “readily performed”, meaning that it is not difficult or time-consuming to access; it should be simple, quick, and easy for the recipient to use. For CEMs sent by email, the body of the email should contain an “unsubscribe” button, a reply-to email address or a link that will take the recipient to a web page where he or she can unsubscribe. For CEMs sent by text message, the user should have the choice between replying to the text message with the word “stop” or “unsubscribe”, or clicking a link that will take the recipient to a web page where he or she can unsubscribe. A request to unsubscribe must be implemented within 10 business days.
The law allows for some exemptions, but careful analysis is required before using any exemption. Some provisions exempt the sender from the consent, content and unsubscribe requirements, while other provisions only exempt the sender from the consent requirement (i.e. the sender may not be required to obtain express consent from the recipient to send the CEM, but may still be required to include information about the sender and an unsubscribe mechanism).
Consent may be implied where CEMs are sent to recipients with whom the sender has an “existing business relationship” or “existing non-business relationship”. These terms have a specific meaning in CASL. As an example relevant to NFPs, “existing non-business relationship” applies to individuals who were members of a club or voluntary organization within the two year period prior to sending the CEM.
Consent may also be implied where CEMs are sent to recipients that have disclosed their electronic addresses directly to the sender, or that have conspicuously published their electronic address. In each circumstance, the recipient must not have indicated that it does not want to receive CEMs and the CEMs must relate to the recipient’s business, role, functions or duties in their business or official capacity. For example, if an individual gives a business card directly to the sender, then the sender may send that individual CEMs that are related to the recipient’s business or official capacity. Furthermore, if the recipient has its email address posted online at its business or organization website, then the sender may send CEMs that relate to the recipient’s business or official capacity. Remember, however, that in both examples, the CEMs can only be sent if the recipient has not indicated that it does not want to receive CEMs and the CEMs must still satisfy the content and unsubscribe requirements.
In addition to the exceptions discussed above, NFPs may be exempted from some CASL requirements based on other factors related to its business, operations, interactions, or relationships. The applicability of the exceptions can be complex and confusing, so seeking professional advice prior to relying on any exception is recommended.
Failure to comply with CASL can have very serious consequences. The administrative monetary penalties for a violation are up to $1 million for individuals and up to $10 million for organizations, per violation. In addition, beginning on July 1, 2017, individuals will have a private right of action directly against individuals, businesses or organizations who send CEMs that are not in compliance with CASL and that result in damages to the recipient.
It is important to begin preparing for CASL immediately. NFPs should begin by auditing (or developing) their electronic messaging policy to determine what types of CEMs they send, to whom they send the CEMs, and whether they have express or implied consent to send CEMs to the contacts on their mailing lists. NFPs should also assess their technological abilities to ensure they are capable of satisfying the unsubscribe requirements and acting upon unsubscribe requests. Finally, NFPs should educate their employees, members and other representatives about the CASL requirements to promote organization-wide compliance.
Borden Ladner Gervais LLP has been helping clients become CASL compliant. For more information, please visit www.blg.com/antispam or contact any member of our Advertising, Marketing and Sponsorship Group.