CRTC Issues First New Canadian Anti-spam Legislation Guidelines

CANADIAN CASL (ANTI-SPAM LAW) PRECEDENTS

Do you need a precedent or checklist
to comply with CASL (Canadian anti-spam law)?

We offer Canadian anti-spam law (CASL) precedents and checklists to help electronic marketers comply with CASL.  These include checklists and precedents for express consent requests (including on behalf of third parties), sender identification information, unsubscribe mechanisms, business related exemptions and types of implied consent and documenting consent and scrubbing distribution lists.  We also offer a CASL corporate compliance program.  For more information or to order, see: Anti-Spam (CASL) Precedents/Forms.  If you would like to discuss CASL legal advice or for other advertising or marketing in Canada, including contests/sweepstakes, contact us: contact.

**********

On October 10, 2012, the Canadian Radio-television and Telecommunications Commission (the “CRTC”) issued new guidelines on Canada’s anti-spam legislation (the Guidelines on the interpretation of the Electronic Commerce Protection Regulations (CRTC) (“Interpretation Guidelines”) and Guidelines on the use of toggling as a means of obtaining express consent under Canada’s anti-spam legislation) (“Toggling Guidelines”).  These are the first of a series of CRTC guidelines to be issued to facilitate compliance with Canada’s upcoming anti-spam legislation.

In making the announcement, the CRTC said:

“Today, the Canadian Radio-television and Telecommunications Commission (CRTC) published two information bulletins to help Canadian businesses better understand Canada’s anti-spam legislation. The CRTC expects the legislation to come into force in 2013.

‘We are committed to protecting Canadians from the harm caused by spam and other electronic threats,’ said Andrea Rosen, the CRTC’s Chief Compliance and Enforcement Officer. ‘Canadian businesses, both large and small, are strongly encouraged to familiarize themselves with the law, the regulations and the information bulletins. Even though the law is not yet in force, businesses should start preparing now by updating their practices and developing compliance procedures.’

To help businesses interpret the law and the CRTC’ regulations, the information bulletins set out examples of acceptable practices. For instance, the law will require businesses to obtain a consumer’s express consent before sending promotional emails and other commercial electronic messages. In one of the information bulletins, the CRTC has clarified how toggling (a check box on a website) may be used as a means for obtaining consent. The other bulletin provides clarifications on the information that must be included in a message.

These two bulletins are the first of a series to facilitate compliance with Canada’s new anti-spam legislation.”

On December 15, 2010 Canada’s new anti-spam legislation (Bill C-28) received Royal Assent.  When it is in force, it will be one of the strictest anti-spam regimes in the world.

The new anti-spam legislation will impact companies and individuals engaged in electronic marketing, including through the use of e-mail, social media or text messaging and will, among other things, prohibit sending “commercial electronic messages” without the recipient’s express or implied consent or unless the sender has the benefit of one of the legislative exceptions.

The new legislation will also expand the Competition Bureau’s jurisdiction to review electronic marketing and advertising, impose restrictions on the electronic collection of e-mail addresses and prohibit the installation of computer programs on other person’s computers without consent.

Key Aspects of New CRTC
Information Bulletins

Some of the highlights of the CRTC’s two new information bulletins, which interpret a number of key provisions of the CRTC’s recently finalized Regulations (“CRTC Regulations”) and anti-spam legislation, include:

Sender Identification

The Interpretation Guidelines clarify that while sender (and if applicable persons on whose behalf messages are sent) be identified, intermediaries (“persons situated between the person sending the message and person on whose behalf the message is sent”) need not be identified.  Where CEMs are sent for more than one person (e.g., affiliates) all persons must be identified.

Mailing Address

The CRTC Regulations require CEMs and consent requests to set out senders’ mailing addresses.  The Interpretation Guidelines provide that mailing addresses should include the sender’s valid, current street (or civic) address, postal box address, rural route address or general delivery address (and addresses must be valid for a minimum of 60 days).

Unsubscribe Mechanism

The CRTC Regulations require that unsubscribe mechanisms must be set out clearly and prominently (and be able to be “readily performed”).

The Interpretation Guidelines provide that for an unsubscribe mechanism to be “readily performed” it must be “accessed without difficulty or delay, and should be simple, quick, and easy for the consumer to use.”  The CRTC provides several examples in relation to e-mail marketing (a link taking users to a web page where they can unsubscribe) and SMS messages (e.g., replying with the word “STOP” or “unsubsubscribe” and clicking on a link taking users to a page where they can unsubscribe).

Consent Requests

Perhaps one of the most critical questions regarding the new anti-spam legislation, and CRTC Regulations, relates to how express consent can be obtained.  In this regard, the CRTC Regulations provide that consent can be obtained either orally or in writing.

Oral Consent

The newly issued Interpretation Guidelines expand on oral consent, providing that oral consent is satisfied if: (i) it can be “verified by an independent third party” or (ii) “where a complete and unedited audio recording of the consent is retained by the person seeking consent” (or a client of the person seeking consent).  So, for example, oral consent may be obtained through call centers or retail sales, provided the documentation requirements are fulfilled.

Written Consent

The CRTC takes the position in the Interpretation Guidelines that written consent will be satisfied where either paper or electronic form consent is obtained (including checking a box on a web page to give consent, with a record of the date, time, purpose, and manner of consent stored in a database).  Or, alternatively, written consent may be obtained for example by filling out a consent form during a retail purchase.

Separate Consents

Separate consents must be sought for the different activities regulated by the anti-spam legislation (i.e., for sending CEMs, installing computer programs, etc.).  In addition, persons from whom consent is being sought are to have the option to consent to some activities regulated by the anti-spam legislation but not others.  In addition, consent requests must not be combined with other types of consent requests – for example, general terms and conditions.

Toggling

With respect to “toggling” (i.e., checking or un-checking boxes on a website), the CRTC takes the position in its new Toggling Guidelines that a positive or explicit indication of consent is required and therefore express consent for sending CEMs cannot be obtained through opt-out mechanisms (e.g., a default check box that assumes consent).

Acceptable Opt-in Consent

The CRTC’s Toggling Guidelines state that express consent for the sending of CEMs must be through opt-in consent mechanisms – for example, the following type of statement with a positive requirement to tick a box: “I agree to receive Company Inc.’s newsletter containing news, updates and promotions regarding Company Inc.’s products.  You can withdraw your consent at any time.”

The CRTC also includes an example of typing an e-mail address into a field to indicate consent – for example, the following type of statement with a positive requirement to enter an e-mail address: “Enter your email below to receive Company Inc.’s newsletter containing news, updates and promotions regarding Company Inc.’s products.  You can withdraw your consent at any time.”

No CEMs to Request Consent

Importantly, the CRTC’s Toggling Guidelines also reiterate the statutory restriction that consent cannot be obtained by sending a subscription e-mail, text message or other equivalent form (essentially one cannot send “spam” to obtain consent for more “spam”).

Confirmation

Confirmation that consent has been received should be sent to persons consenting to receive CEMs.

********************

Tips For Complying With
CASL (Canadian Anti-Spam Law)

Canada’s federal anti-spam legislation (CASL) came into force in 2014.  Since then, electronic marketers and their advisors have been working to comply with what remains a complex law with outstanding uncertainties in some key areas. Having said that, many of the core requirements of CASL are not overly difficult to comply with (though continue to be misunderstood in many cases).

The following are some key legal tips for complying with CASL:

Express Consent. If you cannot rely on any category of implied consent (e.g., an existing business relationship within two years of a purchase) or a CASL exemption, ensure that you have collected and documented express consent from recipients. Express consent requests must include all of the information set out in CASL and its regulations otherwise the consent will not be valid. Failure to correctly collect consent is the most common CASL compliance error we see and a key basis for CRTC enforcement. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.

Implied Consent. If you are relying on one or more categories of implied consent to send commercial electronic messages (CEMs) (e.g., an existing business relationship within two years of a purchase or six months of a product inquiry) ensure that all of the requirements of the particular type of implied consent are met. Remember that there is not a single blanket type of implied consent under CASL; rather, there are many different types of implied consent each with their own specific requirements. Also, as with express consent, CEMs that rely on implied consent must still include the prescribed sender identification information and unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.

Consent For Third Parties To Send CEMs. Under CASL, consent to send CEMs can be requested for a sender themselves, identified third parties (or multiple identified third parties) or unidentified third parties (i.e., entities whose identities are not yet known when consent is requested). Importantly, however, each type of consent request has specific requirements for the request and, in the case of consent requests on behalf of unidentified third parties, somewhat complex additional requirements. The failure of marketers to correctly request consent for third parties (e.g., partners, affiliates, co-sponsors in promotions, etc.) is another CASL-related error that we regularly see. For more information, see: Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.

CASL Exemptions. Similar to implied consent, there is no single exemption from CASL but many types of exemptions. If you are relying on a particular exemption (e.g., the “business-to-business” exemption) it is important to ensure that all of the requirements of the exemption are met. Importantly, there is little or no case law interpreting many CASL exemptions. This means that there there may be more risk when relying on an exemption than express consent. Express consent is the strongest type of consent under CASL, considering that it does not expire unless a recipient unsubscribes.

Passive Consents. Remember that under CASL express consent or a category of implied consent is generally required to send CEMs unless a CASL exemption applies. As such, passive types of consents (e.g., language in general terms and conditions) will likely not be CASL compliant unless a sender does not need express consent (i.e., can rely on a category of implied consent or a CASL exemption).

Sharing Lists With Third Parties. Consider the potential risks of sharing e-mail or other electronic marketing lists with third parties. While this is certainly possible under CASL, marketers should be aware that there are specific requirements that must be met depending on who a list will be shared with (e.g., to expressly identify third parties with whom consent is being gathered on behalf of, including their contact information and other requirements for unidentified third parties). Marketers should also be aware that there is also potentially not only risk if they themselves violate CASL (e.g., send CEMs without consent), but also if they assist third parties that violate CASL. As such, it is often prudent for marketers that want to share electronic marketing lists with third parties to ensure that they have list sharing agreements in place with parties with whom they share e-mails. For more information, see: Anti-Spam Law (CASL) FAQs, Anti-Spam (CASL) Compliance Errors and Canadian Anti-Spam (CASL) Precedents. See also: Influencer, Co-Sponsor and List Sharing Agreements.

Sender Identification Information. Ensure that all CEMs include the prescribed sender identification information required by CASL unless an exemption applies. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.

Unsubscribe Mechanism. Ensure that all CEMs include a CASL-compliant unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.

Document Consent. Under CASL, the onus is on senders of CEMs to document consent. As such, it is important to document the type of consent (express or implied) or exemption being relied upon, evidence of consent (e.g., subscription logs, forms, dates and names/e-mail addresses), divide lists according to the type of consent or exemption being relied upon and to scrub lists after recipients have unsubscribed or the relevant time period for a category of implied consent has expired (e.g., two years after a purchase). Failure to adequately document consent is another CASL-related compliance error that we regularly see, including not documenting consent at all, not segregating distribution lists and inadequately documenting consents or types of implied consent. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.

CASL Compliance Program. Consider adopting a CASL compliance program, particularly if electronic marketing is a core aspect of your marketing strategy. The CRTC has issued guidance on CASL compliance programs including key recommended elements. For more information, see: Anti-Spam (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.

CASL and Specific Types of Promotions. Care should be taken in relation to specific types of promotions under CASL. Just one of many examples is friends and family type promotions (e.g., contests where entrants can gain more entries by sharing with or tagging a friend or family member). While there is an exception to the unsolicited CEMs section of CASL (section 6) for messages sent to a person with whom the sender has a personal or family relationship, these terms are narrowly defined. For example, “family relationship” is limited to spouses, common-law partners and parent-child relationships. “Personal relationship” is defined in a multi-factor and case-by-case fashion such that it is often impractical to rely on this exception for any broad “friends and family” type promotion. Marketers should also be aware that there is potential risk for both themselves and their clients in running friends and family type promotions if they cannot meet the specific definitions of “family relationship” and/or “personal relationship” under CASL for a promotion. For more information, see: Anti-Spam (CASL) Compliance Errors and Running a Friends-and-Family Promotion in Canada? Cruel, Cryptic CASL Strikes Again.

____________________

SERVICES AND CONTACT

I am a Toronto competition/antitrust lawyer and advertising/marketing lawyer who helps clients in Toronto, Canada and the US practically navigate Canada’s advertising and marketing laws and offers Canadian advertising/marketing law services in relation to print, online, new media, social media and e-mail marketing.

My Canadian advertising/marketing law services include advice in relation to: anti-spam legislation (CASL); Competition Bureau complaints; the general misleading advertising provisions of the federal Competition Act; Internet, new media and social media advertising and marketing; promotional contests (sweepstakes); and sales and promotions. I also provide advice relating to specific types of advertising issues, including performance claims, testimonials, disclaimers, drip pricing, astroturfing and native advertising.

For more information about my services, see: services

To contact me about a potential legal matter, see: contact

For more regulatory law updates follow me on Twitter: @CanadaAttorney

This entry was posted in Advertising Law, Anti-spam Law, Compliance, Consumer Protection, CRTC, Direct Sales, Electronic Marketing, Internet Advertising, New legislation, New Publications, News, Online Advertising, Publications, Sectors - Broadcasting, Sectors - Internet & New Media, Sectors - Media, Sectors - Retail, Sectors - Telecommunications, Sectors - Telemarketing, Social media marketing, Targeted Advertising and tagged , , , , , , , , , . Bookmark the permalink.