Almost every business sends electronic messages. If yours is one of them, you must be familiar with Canada’s anti-spam legislation (CASL). Though the legislation has been fully in effect since July 1, 2014, there remains a lot of confusion around it. CASL affects every type of business from private enterprises to not-for-profit groups and charities.
Who does CASL affect?
CASL’s anti-spam provisions affect everyone who sends commercial electronic messages (CEMs) to, from or within Canada. A CEM is any electronic message that encourages participation in a commercial activity, regardless of any expectation of profit. The term is “tech-neutral;” in other words, it applies to emails, text messages, social media and other similar forms of communication. The general rule is, unless exempt under the legislation, a sender must have the consent (either express or implied) of the recipient before sending a CEM.
Why should you care?
There is a reputational risk if your business or not-for-profit group breaks the law, but CASL also allows for the imposition of rather significant fines. The maximum penalty for a breach by an individual is $1 million and for an organization is $10 million.
In addition to the potential risk posed to your business or not-for-profit group, the legislation also imposes what is called “vicarious liability”. This means that not only is the organization that violates the law held accountable but so are its officers and directors, and employers are responsible for the actions of their employees. This means that any of these individuals may also be fined.
Does the general public care?
The Canadian Radio-television and Telecommunications Commission (CRTC) is responsible for the enforcement of CASL. Between April and September 2018, the CRTC received 137,000 complaints. That’s more than 5,000 complaints each week, which represents a lot of very annoyed consumers.
While not every complaint will result in an investigation and the imposition of a fine, you don’t want to be on the receiving end of either. Significant fines have already been imposed. The first instance occurred in 2014, when a Quebec business was fined $1.1 million for sending emails in violation of the legislation. Very few businesses can survive paying a penalty of that size.
Consent
As noted above, unless you fit within one of the exceptions set out in CASL, you must have the recipient’s consent before sending a CEM. There are two categories of exceptions:
• exceptions where neither consent nor mandatory content rules apply
• exceptions where mandatory content rules apply but consent is not required
You can’t request consent if you don’t have consent
Unless you fit within one of the exceptions, you must have the recipient’s express or implied consent in order to send a CEM. It should be noted that a CEM asking for consent is still a CEM. In other words, you need consent in order to send such a request.
Express consent means that you expressly agree to receive CEMs. That consent can be oral but only if it is verified by a third party or recorded. Consent must not be bundled with terms and conditions. This means that, for example, it is insufficient to include the consent in the terms and conditions accepted to buy goods or use a service.
Further, opting-out isn’t enough. People have to opt-in to receive CEMs. In other words, people must take an active step to signify their consent. This could include checking a box or typing in a word or email address.
Implied consent
Examples of implied consent include the following:
- existing business relationship if you either:
- purchased services within the past two years
- made an enquiry within the past six months
- existing non-business relationship if in the past two years, you either:
- made a donation or gift to, or performed volunteer work for, a charity registered under the Income Tax Act or a political party
- were a member in a “club,” “association” or “voluntary organization”
It should be noted that clubs, associations and voluntary organizations are non-profit entities organized and operated exclusively for the social welfare, civic improvement, pleasure, or recreation or for any purpose other than personal profit if no part of their income is payable to any owner, member or shareholder.
Mandatory content of CEMs
Subject to certain exceptions, each CEM must contain the following information:
- the sender’s name, telephone number and email / web address, as well as their affiliates and beneficiaries
- a physical mailing address, which remains accurate for at least 60 days after the message is sent
- an unsubscribe mechanism
The unsubscribe mechanism must be “readily performed.” This means that it must be quickly accessible, simple and easy to use. It is very important to keep the communication distribution lists up to date. If someone has unsubscribed, you must remove them from your distribution list. Any opt-out or unsubscribe request must be honoured “without delay” and, at a maximum, no later than 10 business days after it is received.
Exceptions to consent and mandatory content rules
The exceptions to the requirements for mandatory content and consent are few and narrowly defined. A few such exceptions include the sending of CEMs:
- solely as an inquiry or application regarding recipient’s existing commercial activities
- between employees, representatives, consultants or franchisees of an organization regarding the organization’s activities
- to enforce a right
- by a charity that is registered under the Income Tax Act and has fund raising as its primary purpose
Exceptions where mandatory content does apply but consent is not required
You are exempt from the consent requirements but must comply with the mandatory content requirements if you are sending a CEM to:
- provide a requested quotation
- facilitate, complete or confirm a commercial transaction that the recipient previously agreed to enter
- provide warranty, recall or safety info about a purchase
- provide info about an existing employment relationship or related benefits
Conclusion
CASL is complicated legislation. This overview is intended to highlight the most important provisions in a simple way. It does not cover all the details. In order to ensure that you are in compliance with CASL, you must review the legislation and its regulations in their entirety and seek counsel.