CANADIAN CASL (ANTI-SPAM LAW) PRECEDENTS
Do you need a precedent or checklist
to comply with CASL (Canadian anti-spam law)?
We offer Canadian anti-spam law (CASL) checklists and precedents to help electronic marketers comply with CASL. These include checklists and precedents for express consent requests (including on behalf of third parties), sender identification information, unsubscribe mechanisms, business related exemptions and types of implied consent and documenting consent and scrubbing distribution lists. We also offer a template CASL corporate compliance program.
For more information and to order, see: CASL Compliance Checklists and Precedents. If you would like to discuss CASL legal advice or for other advertising or marketing in Canada, including contests/sweepstakes, contact us: Contact.
**********************
FREQUENTLY ASKED QUESTIONS (FAQS)
ABOUT CANADIAN ANTI-SPAM LAW (CASL) – I
For more CASL FAQs, see: CASL FAQs – II.
********************
Canada’s federal anti-spam legislation (CASL) is complex and highly prescriptive. There are specific and detailed requirements relating to its core consent, sender identification and unsubscribe requirements for sending commercial electronic messages (CEMs) and for the types of implied consent, exceptions and record-keeping obligations set out under the legislation.
As such, companies and individuals that rely on electronic marketing as part of their business should obtain specialist legal advice, given that the potential penalties for violating CASL can be severe and include administrative monetary penalties (AMPs) of up to $10 million. The CRTC, which is one of three regulatory bodies responsible for the administration and enforcement of CASL together with the Competition Bureau and Office of the Privacy Commission, also consistently enforces Canada’s anti-spam law.
The following are some frequently asked questions relating to the scope and requirements of CASL.
GENERAL
What is CASL?
CASL is Canada’s federal anti-spam legislation, which requires express or implied consent to send CEMs. CASL also imposes sender identification, unsubscribe and compliance obligations on electronic marketers (including documenting consents to send CEMs).
What is a “CEM”?
CASL defines “commercial electronic messages” (CEMs) very broadly as electronic messages that “encourage participation in a commercial activity”, regardless of whether there is an expectation of profit. CEMs include offering or advertising to purchase or sell products, goods, services or land or offering or advertising to provide business, investment or gaming opportunities.
What is an “electronic message”?
CASL is technologically neutral. It defines “electronic messages” as those sent by any means of telecommunication, including text, sound, voice or image messages. As such, CASL can apply to a variety of types of electronic media, including e-mail, text messaging, instant messaging and direct messages (e.g., electronic message sent via social media platforms).
What is the jurisdictional scope of CASL?
CASL applies where CEMs are sent from or accessed by computer systems in Canada (i.e., that are not merely routed through Canada). CASL’s regulations also exempt messages sent from Canada to a prescribed list of countries with their own anti-spam legislation, provided that the messages comply with the applicable foreign laws that are substantially similar to CASL’s consent and sender identification requirements (e.g., the U.S., U.K., EU, Japan, China, Korea, Australia and New Zealand).
What are some of the potential penalties for violating CASL?
Violating CASL can result in significant penalties of up to CDN $1 million (for individuals) and CDN $10 million (for corporations).
Over the past several years, there has been regular enforcement of CASL by the CRTC with penalties ranging from under $100,000 to over $1 million. Many of the cases to date have related to failures to comply with CASL’s core consent, sender identification and unsubscribe requirements. The failure to comply with the specific types of implied consent under CASL (e.g., the “conspicuous publication” type of implied consent) has also been the basis of CRTC enforcement.
How many CEMS are “spam”?
CASL does not specify how many unsolicited CEMs are “spam”. As such, sending a single unsolicited e-mail or other electronic message can constitute spam. Importantly, sending a CEM to request consent to receive CEMs can also constitute spam.
KEY REQUIREMENTS OF CASL
What are the key requirements of CASL?
The three key requirements to comply with section 6 of CASL (the unsolicited CEMs section) are consent to send CEMs (whether express consent or one of the types of implied consent under CASL), sender identification information included in both express consent requests and any CEMs sent to recipients and to include a CASL-compliant unsubscribe mechanism in CEMs.
CONSENT (EXPRESS OR IMPLIED)
What is consent under CASL?
CASL prohibits sending CEMs without a recipient’s prior express or implied consent. Senders have the onus of proving consent. CASL permits both express consent and certain categories of implied consent as set out under the legislation with specific tests that must be met for each type of implied consent.
CASL also includes a number of partial and complete exceptions to the legislation.
Express consent is the strongest type of consent because it is good and does not expire unless a recipient unsubscribes.
CASL Compliance Checklists and Precedents: For information about the CASL compliance checklists and precedents we offer, including for express consent and types of implied consent and exceptions, see: CASL Compliance Checklists and Precedents.
What are the key requirements
of express consent?
The key requirements for express consent are as follows: (i) an express consent request must be a positive opt-in (e.g., checking a box and not, for example, a pre-checked box), (ii) consent must be uncoupled (i.e., sought separately from requests for consent to general terms and conditions of use or sale), (iii) state the purpose for which consent is sought, (iv) the name (or doing business name (“DBA”) if different) of the person seeking consent, (v) if consent is sought for another person, the name of the other person (or their DBA name if different), (vi) if consent is sought for another person, state who is seeking consent and on whose behalf consent is sought, (vii) the mailing address and at least one of the following for the person seeking consent or, if different, the person on whose behalf consent is sought: phone number, e-mail address or web address and (viii) a statement that recipients may withdraw their consent at any time.
It is also a good practice to send an e-mail confirmation to the person giving express consent to receive CEMs.
How can consent be gathered?
Express consent can be gathered either in writing or orally. Written consent may include both paper and electronic forms (e.g., a box on a web page or filling out a consent form at point-of-purchase).
The CRTC’s view is that oral consent is sufficient if it can be verified by an independent third party or where there is a complete and unedited audio recording of the consent.
Whatever type of consent is obtained, the onus is on the sender to prove that they had consent to send CEMs.
What is implied consent?
Consent may also be implied under CASL in certain cases to send CEMs, including where there is: (i) an “existing business relationship”, (ii) an “existing non-business relationship”, (iii) where a person has published their electronic address without a statement that they do not want to receive unsolicited CEMs and the message is relevant to their business and (iv) a recipient has disclosed their electronic address to a sender without indicating that they do not want to receive unsolicited CEMs and the message is relevant to their business.
Importantly, for every type of implied consent under CASL, a specific test must be met to be able to rely on the particular type of implied consent to send CEMs.
What are the “existing business relationship”
types of implied consent?
CASL includes a number of “existing business relationship” types of implied consent. “Existing business relationships” include: (i) the purchase of products, goods, services or land within two years before a message is sent, (ii) the acceptance by the recipient of a business, investment or gaming opportunity within two years before a message is sent and (iii) an inquiry by the recipient for products, goods, services, etc. within six months before a message is sent.
For existing business relationships, however, a marketing list must be purged on a rolling basis once the above dates have expired unless express consent has been obtained during the relevant time periods for each type of implied consent or another type of consent or a CASL exception can be relied on.
What is the “conspicuous publication”
type of implied consent?
CASL also contains a “conspicuous publication” category of implied consent, which requires that all three of the following requirements be met: (i) the recipient has conspicuously published their e-mail address or caused it to be published, (ii) there is no statement that the recipient does not want to receive CEMs and (iii) the CEM is relevant to the recipient’s business, role, functions or duties in a business or official capacity.
What is the “business card”
type of implied consent?
CASL also contains a so-called “business card” category of implied consent. This type of implied consent requires that a recipient of CEMs has disclosed their electronic address to the sender without indicating that they do not want to receive unsolicited CEMs and also the message is relevant to their business.
What is required to document consent?
Senders of CEMs have the onus of proving consent under CASL. In this regard, section 13 of CASL provides that “a person who alleges that they have consent to do an act that would otherwise be prohibited under any of sections 6 to 8 has the onus of proving it”.
In general, the CRTC recommends that senders keep records of whether consent was obtained in writing or orally, when consent was obtained, why consent was obtained and how consent was obtained.
Some of the CRTC’s specific recommendations for documenting consent include keeping all evidence of express and implied consent (e.g., completed electronic forms), ensuring that consent can be verified for all recipients of CEMs, recording the date, time, purpose and manner of consent and recording all unsubscribe requests and resulting actions.
Can consent to send CEMs
be gathered for third parties?
CASL permits consent requests for three types of persons: (i) the person requesting consent to send CEMs themselves, (ii) an identified third party (or multiple identified third parties), such as corporate affiliates or affiliate marketers or (iii) an unidentified third party (or multiple unidentified third parties), such as for future potential marketing partners whose identities are not yet known when consent is requested. There are specific requirements under CASL for obtaining consent for each of these three situations.
However, the rules for obtaining consent for unidentified third parties (e.g., future marketing partners that are not yet known when consent is requested) are complex and should be carefully reviewed by electronic marketers before this type of consent is relied upon.
Also, all consent requests to send CEMs must be drafted with care and all of the prescribed requirements included in the request, otherwise the consent request will be defective and a sender will not have consent to send CEMs.
Can third party marketing lists
be used to send CEMs?
Marketers can use e-mail addresses obtained from third parties or list providers.
However, they should satisfy themselves that the e-mail lists obtained comply with CASL’s consent requirements, whether express or implied consent.
This is because the obligation to ensure that consent (whether express or implied) has been obtained lies with the sender of CEMs.
For example, if an electronic marketer wants to use e-mail lists obtained from the web for B2B marketing (as only one example), they should ensure that not only were such e-mails conspicuously posted with no message against solicitation, but also that any marketing sent is likely to be relevant to the recipient’s business.
As such, using third party or list provider lists to send CEMs can be risky. One way to mitigate the potential risk of using a third party electronic marketing list is to implement a list sharing agreement with any third party supplying marketing lists. However, the effectiveness (and risk mitigation) of any such agreement would turn on the likelihood and ability of the third party supplying the marketing list to comply with CASL.
Can marketing lists
be shared with third parties?
Some marketers want to share consents for electronic marketing with other parties, whether they are related entities (e.g., corporate affiliates) or third party marketing partners such as affiliate marketers.
While this is certainly possible under CASL, electronic marketers need to be aware that there are specific requirements that must be met depending on who a list will be shared with (e.g., to expressly identify a third party with whom consent is being gathered on behalf, including the third parties contact information and a number of other requirements if the identity of a third party with whom a list will be shared is not known at the time consent is requested).
Marketers should also be aware that there is potentially not only liability if they violate CASL, but also if they assist a third party violate the legislation based on an “aiding” provision in section 9 of CASL (e.g., if the person obtaining consent shares a marketing list with a third party that violates CASL, the person that requested consent may also face liability under CASL).
Based on the potential risk of sharing electronic marketing lists with third parties, it is often prudent for marketers that want to share electronic marketing lists to ensure that they have an agreement in place with third parties with whom they intend to share e-mails that includes, among other things, covenants by the third party to comply with CASL and indemnification provisions in favour of the party sharing the list in the event CASL is violated by the third party.
What are some of the most common
CASL consent request errors?
Some of the most common CASL consent request errors include the following:
1. A consent request to receive electronic marketing that is bundled with other terms (e.g., combined with general terms of sale, a privacy policy or terms for a contest or other promotion).
2. An attempt to gather consent by “passive means” (e.g., where a person merely participates in a contest or other promotion, and the rules/terms state that they provide their consent, or where language is merely included in the footer of a web page that does not comply with the specific identification and opt-in requirements of CASL.
3. Where consent is being requested on behalf of identified or unidentified third parties without complying with the CASL’s specific disclosure requirements for consent requests on behalf of third party senders.
********************
SERVICES AND CONTACT
We are a Toronto based Canadian competition and advertising law firm that helps clients in Toronto, Canada and the United States practically navigate Canada’s advertising and marketing laws and offers Canadian advertising/marketing law services in relation to print, online, new media, social media and e-mail marketing.
Our Canadian advertising/marketing law services include advice in relation to anti-spam legislation (CASL), Competition Bureau complaints, the general misleading advertising provisions of the federal Competition Act, Internet, new media and social media advertising and marketing, promotional contests (sweepstakes) and sales and promotions. We also provide advice relating to specific types of advertising issues, including performance claims, testimonials, disclaimers, drip pricing, astroturfing and native advertising.
For more information about our services, see: services
To contact us about a potential legal matter, see: contact
For more information about our firm, visit our website: Competitionlawyer.ca
