June 23, 2014 – Canada’s anti-spam law (“CASL”) will come into force on July 1, 2014. CASL sets out strict new rules for sending commercial electronic messages (“CEMs”). This includes emailed notices, updates, or advertisements to clients and contacts. Companies will need to change their practices for sending CEMs or face potentially stiff new penalties.

CASL goes beyond prohibiting bulk, unsolicited email communications (“spam”) by creating a consent-based regime. Companies may not send CEMs unless the recipient has expressly or impliedly consented to receiving them.

Penalties

Corporations that fail to comply with CASL risk fines of up to $10,000,000 and damages of up to $1,000,000 a day. Beginning on July 1,2017, CASL also creates a private right of action, which will allow recipients of unauthorized CEMs to sue for enforcement and recover damages.

What is a Commercial Electronic Message?

CASL applies to electronic messages sent by telecommunication, including emails, text messages, or other electronic messages. A message is “commercial” if it would be reasonable to conclude that one of its purposes is to encourage participation in a commercial activity. For example, emails advertising or promoting business or investment opportunities, products, or services, or any person who provides them would be considered CEMs. Messages requesting consent to send CEMs are also considered a CEM, and will be restricted as of July 1, 2014.

Consent Requirement

CASL’s main impact is to require the sender to have a recipient’s consent prior to sending any CEMs. Express consent can be obtained in a variety of manners, including by having the sender’s customers click an opt-in link in an email sent before CASL comes into effect on July 1, 2014. Without express consent, CEMs may only be sent under specific statutory exceptions, or if consent can be implied.

Exceptions to the Consent Requirement

There are limited exceptions to the consent requirement, which are generally meant to address the unintended application of CASL to ordinary business communications and transactions. These include CEMs that solely:

  1. are inquires relating to the recipient’s commercial activities;
  2. provide factual information about an ongoing subscription, membership, account, loan or similar relationship of the recipient;
  3. respond to a request, inquiry, or complaint, or are otherwise solicited by the recipient;
  4. are business messages between employees, representatives, or consultants of the same company; or
  5. are business messages between employees, representatives, or consultants of different organizations that have a business relationship.

Implied Consent

There are also circumstances under which consent can be implied for a limited period of time, including where there is an “existing business relationship” arising from:

  1. the purchase or lease of a product, goods, a service, land or an interest or right in land within the last two years;
  2. acceptance by the recipient of a business or investment opportunity offered by the sender within the last two years;
  3. a written contract between the sender and the recipient that is still in existence, or ended within the last two years;
  4. if the recipient has submitted an inquiry or application to the sender within the last six months in relation to any of the foregoing; or
  5. an ongoing use or ongoing purchase under a subscription, account, loan, or similar relationship, or pursuant to a membership, in which case CEMs may be sent for the duration of such ongoing use or membership, and for up to two years after the relationship terminates;

The foregoing time periods will not apply during the initial three years after CASL comes into force if the existing business relationship includes communications using CEMs and the recipient has not opted-out of receiving them.

 

Consent may also be implied where if the recipient’s email address is conspicuously published, without any restricting forbidding communication for commercial purposes, and the sender’s CEM relates to the recipient’s business function or activities; or if the recipient has provided its address to the sender without restriction, and the CEM relates to the recipient’s business function or activities.

 

Shareholder Communications

Sending email bulletins to shareholders with news releases and other company news falls into a gray area under CASL. First, it is unclear whether an email update presenting factual information to shareholders would be considered an encouragement to participate in commercial activity, and therefore a CEM. Second, even if they are CEMs, it is unclear whether such messages fall within the exception for delivery of factual information about a “subscription, membership, account, loan, or similar relationship” (Exceptions, item (ii) above). Similarly, it is unclear whether shareholder consent can be implied on the basis of “existing business relationships” (Implied Consent, item (v) above). Though there are good arguments in favour of these interpretations, a conservative approach would be to avoid sending CEMs to shareholders if they have not given express consent, and do not fit into any other category.

Form and Content Requirements

CASL requires that all CEMs include an unsubscribe mechanism that allows the recipient to opt out of all electronic messages or specified categories. Such mechanisms must be valid for at least 60 days following the original CEM, and unsubscribes must be effective within ten business days. CEMs will also have to identify the sender (and, if applicable, the person on whose behalf the message is sent), and provide the sender’s contact information.

Recommendations

The following measures will help your business prepare for CASL:

  1. Assess CEM Use: Identify what kinds of CEMs your business sends, what form they take, to whom they are sent, and why they are sent;
  2. Obtain express consent: Send CASL-compliant requests for opt-in express consents;
  3. Identify exceptions: Take inventory of CEM recipients to determine whether you have express or implied consent, or whether you may send messages under an exception;
  4. Update policies: Update your policies, procedures, and business practices to deal with your new CASL obligations;
  5. Training: Provide CASL training to all workers who send emails to the public;
  6. Establish Data Management: Establish a CASL consent record-keeping system to track express consents, expiry times for implied consents, and unsubscribes; and
  7. Ensure Compliant Unsubscribes: Establish an unsubscribe method to include in CEMs, and ensure that it meets all CASL requirements.

This publication is intended to provide our general comments on developments in the law. It is not intended to be a comprehensive review nor is it intended to provide legal advice. Readers should not act on information in this publication without first seeking specific advice on the particular matter. If we can assist your business or organization in understanding and applying the information provided above to your particular situation, we would be pleased to do so.