0
Canada’s Anti-Spam Law (CASL)
re: Commercial Electronic
Messages
Paul Armitage, Partner
paul.armitage@gowlings.com
604-891...
CASL Basics
• CASL will be in force July 1, 2014 for CEMs
• CASL regulates “commercial electronic messages”
(“CEMs”) with ...
Does CASL Apply to the Message?
CASL covers:
• Email
• SMS
• Instant messages
• Messages to user accounts on social networ...
Is the Message a “CEM”?
A CEM is a message which encourages participation in a
“commercial activity”, e.g.,
• Offers to se...
Is the Message a “CEM”? (con.’t)
CASL excludes several classes of message from its
requirements:
• Interactive two way voi...
Examples of CEMs
If the following is true: CEM (Yes/No)
The message promotes the organization as being
able to provide a g...
Is the CEM Exempt? (Fully Exempt CEMs)
The following CEMs are fully exempt (“Fully Exempt CEMs”):
• Internal communication...
Is the CEM Exempt? (Fully Exempt CEMs) (con.’t)
• Messages sent to a limited-access secure and confidential
account offere...
Is the CEM Exempt? (Fully Exempt CEMs) (con.’t)
9
The personal or family relationship exemption
“Personal relationship”
 ...
What Consent is Required to Send CEMs?
Except for Fully Exempt CEMs (see before), CEMs
must:
• Either have express or impl...
Express Consent
Express consent is opt-in consent which the organization
has recorded and can substantiate if necessary
11...
Express Consent (con.’t)
12
When requesting consent, the following requirements must
be met:
Requirements for Express Cons...
Implied Consent
Unlike Canadian privacy law, implied consent is not a general concept
that can be assumed, but only exists...
Implied Consent (con.’t)
• An “existing non-business relationship” exists due to:
(i) A donation or gift made by recipient...
Implied Consent (con.’t)
• “Membership” is the status of having been accepted as a
member of a club, association or volunt...
Implied Consent (con.’t)
• The recipient has given (e.g., on a business card) or
conspicuously published (e.g., on a websi...
Transactional Messages Not Requiring Consent
Consent is not required for transactional CEMs which solely:
• Provide a quot...
Referral Messages Not Requiring Consent
• If the CEM is being sent to a recipient referred to the
organization by another ...
Content and Format Requirements for CEMs
• Except for Fully Exempt CEMs (see slides
before), all CEMs must meet sender dis...
Sender Disclosure Requirements
(e.g., in the email template)
• The organization sending the message and (if different)
on ...
Unsubscribe Mechanism
(e.g., opt-out in an email)
• The unsubscribe mechanism must be clear and
prominent in the CEM and b...
Unsubscribe Mechanism (con.’t)
22
Examples of Unsubscribe Mechanism Valid (Yes/No)
An email CEM which permits the recipien...
Unsubscribe Web Pages
(e.g., managing user preferences)
• Must enable the recipient to indicate that he or
she no longer w...
Third Party Marketing Lists
CASL expressly provides for consent obtained on
behalf of an unknown third party; however, it ...
Third Party Marketing Lists (con.’t)
Message content when consent is obtained from a
third party (e.g., list-creating comp...
Misleading Advertising
• CEMs sent by the organization must not contain
false or misleading statements, either in the
lite...
Misleading Advertising (con.’t)
When sending CEMs:
• DO NOT use overly broad or misleading statements in
the “Re:” line in...
CASL - Penalties
Administrative monetary penalties (AMPs) for
violations:
• A fine of up to $1,000,000 for a violation by ...
CASL – Penalties (con.’t)
Competition Act (Misleading Advertising)
• Criminal prosecution
• Fines/imprisonment possible
• ...
CASL – Penalties (con.’t)
July 1, 2017: private right of action for breach of CASL
comes into force
• CASL creates a priva...
CASL – Penalties (con.’t)
Factors to consider in determining award in the private right
of action:
• Person’s history of c...
CASL – Penalties (con.’t)
• Private right of action will be available for any
CASL violation unless CRTC has taken
enforce...
CASL – Penalties (con.’t)
• Liability extends to any person who aids, induces or
procures a prohibited act
• Organizations...
Transitional Period
• There is a three year transitional period (i.e., until July 1,
2017) after CASL comes into force dur...
Thank You
montréal  ottawa  toronto  hamilton  waterloo region  calgary  vancouver  beijing  moscow  londo...
Upcoming SlideShare
Loading in...5
×

Canada's Anti-Spam Law & Commercial Electronic Messages

835

Published on

In this presentation, Gowlings partner Paul Armitage provides an overview of Canada's Anti-Spam Legislation (CASL). Topics covered include:

-What qualifies as a commercial electronic message (CEM)
-Consent - express & implied
-Content & format requirements
-Third party marketing lists
-Penalties
-Transitional period

To learn more, visit Gowlings' CASL Resources page at www.gowlings.com/casl.

Published in: Law, Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
835
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Canada's Anti-Spam Law & Commercial Electronic Messages"

  1. 1. Canada’s Anti-Spam Law (CASL) re: Commercial Electronic Messages Paul Armitage, Partner paul.armitage@gowlings.com 604-891-2755
  2. 2. CASL Basics • CASL will be in force July 1, 2014 for CEMs • CASL regulates “commercial electronic messages” (“CEMs”) with new requirements for consent, sender disclosure, and unsubscribe mechanisms • Additional parts of CASL regulating software installations will be in force January 15, 2015 2
  3. 3. Does CASL Apply to the Message? CASL covers: • Email • SMS • Instant messages • Messages to user accounts on social networks • Messages to user accounts on portals • Messages sent by telecommunication to similar accounts 3
  4. 4. Is the Message a “CEM”? A CEM is a message which encourages participation in a “commercial activity”, e.g., • Offers to sell a product, service or interest in land • Offers of a business, investment or gaming opportunity • Advertisements or promotions for any of the above • A request for consent to send CEMs If the message does any of the above, then it is a “CEM” even if that is not its only or primary purpose 4
  5. 5. Is the Message a “CEM”? (con.’t) CASL excludes several classes of message from its requirements: • Interactive two way voice communications • Messages sent via facsimile to telephone accounts • Voice recordings sent to a telephone account These messages are currently subject to the CRTC’s oversight via the Telecommunications Act and the Do Not Call List 5 CASL contains a provision that permits the government to repeal this exception AND the National Do Not Call List at a later date. If exercised, this would make unsolicited commercial telephone calls subject to the CASL requirements
  6. 6. Examples of CEMs If the following is true: CEM (Yes/No) The message promotes the organization as being able to provide a good or service Yes A recipient reasonably interpreting the “Re:” line or content is likely to conclude that the message contains an advertisement for the organization Yes Posting on the organization’s own website, portal or social media pages (other than to another user’s account) No The message contains a survey or newsletter and does not include any secondary marketing of the organization’s products or services No The message gives safety or security information about a product or service No 6
  7. 7. Is the CEM Exempt? (Fully Exempt CEMs) The following CEMs are fully exempt (“Fully Exempt CEMs”): • Internal communications between employees, representatives, consultants or franchisees of the organization, and the CEM concerns the organization’s activities • B2B communications between employees, representatives, consultants or franchisees of the organization and another organization which has a relationship with the organization, and the CEM concerns the activities of the other organization • An inquiry or application related to the recipient’s commercial activity • A response by the organization to a request, inquiry or complaint it receives 7
  8. 8. Is the CEM Exempt? (Fully Exempt CEMs) (con.’t) • Messages sent to a limited-access secure and confidential account offered by the organization to which only the organization can send messages (e.g., secure portal for its user accounts) • Certain instant messaging platforms whose interfaces meet the sender disclosure and unsubscribe requirements (see later), with the recipient’s express or implied consent • Sent to a recipient in a foreign state which has anti-spam laws substantially the same as CASL and the message complies with the foreign laws (e.g., US, EU, Japan, China, Korea, and Australia) • Communications between individuals with a “family relationship” or “personal relationship” (as defined in CASL) (see next slide) • Messages sent by a registered charity for fund-raising • Messages sent by a political party, organization, or candidate soliciting contributions 8
  9. 9. Is the CEM Exempt? (Fully Exempt CEMs) (con.’t) 9 The personal or family relationship exemption “Personal relationship”  Must have had direct, voluntary, two- way communications  Must be reasonable to conclude they have a “personal” relationship “Family relationship”  Must have had direct, voluntary, two-way communications  Marriage  A common-law partnership  Legal parent-child Note: siblings, cousins, aunts, uncles, etc. are not included
  10. 10. What Consent is Required to Send CEMs? Except for Fully Exempt CEMs (see before), CEMs must: • Either have express or implied consent, or • Be transactional messages or referral messages which do not require consent 10
  11. 11. Express Consent Express consent is opt-in consent which the organization has recorded and can substantiate if necessary 11 Examples Valid (Yes/No) Signature on a consent form Yes Checking an “I agree” box on a web page Yes Oral consent recorded by the organization Yes Clicking on a consent link in an email Yes Pre-checked “I agree” box No Opt-out box that recipient must check in order to decline consent No
  12. 12. Express Consent (con.’t) 12 When requesting consent, the following requirements must be met: Requirements for Express Consent Provide the purpose of consent (i.e., to receive CEMs) Seek CEM consent separate from other consents (e.g., from a general consent to purchase the service) Identify the organization seeking consent (or on whose behalf it is sought) by its business name and identify the party seeking consent Provide the mailing address, and one (or more) of a telephone number, website, or email address of the organization seeking consent (or on whose behalf it is sought) State that consent may be withdrawn Note: Industry Canada has advised that express consents obtained before CASL comes into force (July 1, 2014) will be recognized as being compliant with CASL, even if the above requirements are not met
  13. 13. Implied Consent Unlike Canadian privacy law, implied consent is not a general concept that can be assumed, but only exists under CASL in specific situations: • An “existing business relationship” exists due to: (i) The purchase, lease or barter of a good, service, or land interest by the recipient from the organization within the previous two years (ii) Acceptance of a business, investment or gaming opportunity made by the organization to the recipient within the previous two years (iii) An inquiry from the recipient to the organization about any of the above within the previous six months (iv) A written contract between the organization and the recipient which is in force, or which expired within the previous two years OR 13
  14. 14. Implied Consent (con.’t) • An “existing non-business relationship” exists due to: (i) A donation or gift made by recipient to the sender within the 2-year period immediately before the day on which the message was sent, where the sender is a registered charity, a political party or organization, or a person who is a candidate for election (ii) Volunteer work performed by the recipient for the sender, or attendance at a meeting organized by the sender, within the 2-year period immediately before the day on which the message was sent, where the sender is a registered charity, a political party or organization, or a person who is a candidate for election (iii) “Membership” by the recipient, in the sender, within the 2- year period immediately before the day on which the message was sent, where the sender is a “club, association or voluntary organization” (see next slide) 14
  15. 15. Implied Consent (con.’t) • “Membership” is the status of having been accepted as a member of a club, association or voluntary organization in accordance with its membership requirements • “Club, association or voluntary organization” is a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than personal profit, if no part of its income is payable to, or otherwise available for the personal benefit of, any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is an organization whose primary purpose is the promotion of amateur athletics in Canada OR 15
  16. 16. Implied Consent (con.’t) • The recipient has given (e.g., on a business card) or conspicuously published (e.g., on a website) his or her electronic address and (i) Without indicating they do not wish to receive unsolicited CEMs, and (ii) The CEM is related to the recipient’s business, role, functions or duties Note: this does not apply to electronic addresses which have been harvested using automated tools, which is prohibited 16
  17. 17. Transactional Messages Not Requiring Consent Consent is not required for transactional CEMs which solely: • Provide a quote or estimate in response to a request • Facilitate, complete or confirm a previously agreed upon transaction • Provide warranty, product recall, or safety or security information about a product or service the recipient uses • Provide factual information about an ongoing subscription, loan, account, membership, or similar relationship • Provide information directly related to an ongoing employment relationship or related benefit plan • Deliver a good or service, including a product update or upgrade, as part of an existing transaction between the organization and the recipient Note: secondary marketing of other organization products and services must not be included 17
  18. 18. Referral Messages Not Requiring Consent • If the CEM is being sent to a recipient referred to the organization by another person, then consent is not required for the first CEM (only), so long as the following conditions are met: (i) The person making the referral must have an “existing business relationship”, “existing non- business relationship”, “personal relationship” or “family relationship” with both the organization and the person being referred (ii) The CEM must disclose the name of the individual who made the referral, and state that the CEM is a referral 18
  19. 19. Content and Format Requirements for CEMs • Except for Fully Exempt CEMs (see slides before), all CEMs must meet sender disclosure and unsubscribe mechanism requirements 19
  20. 20. Sender Disclosure Requirements (e.g., in the email template) • The organization sending the message and (if different) on whose behalf it is sent must be identified by business name, and the party sending the CEM must be indicated • The mailing address, and one (or more) of a telephone number, website, or email address must be provided for the party sending the message or (if different) for the person whose behalf it is sent • This contact information must be valid for 60 days after the CEM is sent Note: If it is not practicable (e.g., for a text but not for an email) to include this information and the unsubscribe mechanism in the CEM, it may be provided by a clear and prominent link in the CEM to a web page which can be accessed by one-click and at no cost to the recipient 20
  21. 21. Unsubscribe Mechanism (e.g., opt-out in an email) • The unsubscribe mechanism must be clear and prominent in the CEM and both: (i) Use the same electronic means that were used to send the CEM, or if this is not practicable, another electronic means; and (ii) Specify an electronic address or a link to a website to which the unsubscribe request can be sent • Effect must be given to the unsubscribe request within 10 business days and at no cost to the recipient 21
  22. 22. Unsubscribe Mechanism (con.’t) 22 Examples of Unsubscribe Mechanism Valid (Yes/No) An email CEM which permits the recipient to unsubscribe by responding to the email using the same address (or a different email address) Yes An email CEM which permits the recipient to unsubscribe by responding to the email using the same (or a different) address or by clicking on a link Yes An SMS CEM which permits the recipient to unsubscribe by texting back “STOP” or “unsubscribe” Yes An SMS CEM which permits the recipient to unsubscribe solely by clicking on a link Yes
  23. 23. Unsubscribe Web Pages (e.g., managing user preferences) • Must enable the recipient to indicate that he or she no longer wishes to receive: (i) All CEMs, or (ii) Specific classes of CEMs, so long as the option to unsubscribe to all CEMs is also given 23
  24. 24. Third Party Marketing Lists CASL expressly provides for consent obtained on behalf of an unknown third party; however, it limits how this consent may be obtained and used: • The party that seeks consent (i.e., the list-creating company) is required to comply with the standard CASL requirements for obtaining consent, including stating the purpose for the collection, and providing their name and contact information • A person who relies on such a consent (i.e., the organization that buys or rents the list) must meet additional disclosure requirements for the message content 24
  25. 25. Third Party Marketing Lists (con.’t) Message content when consent is obtained from a third party (e.g., list-creating company) When a contact list is purchased from a third party, it is essential that the third party list be used separately from the organization’s own opt-in lists, as messages sent pursuant to the third party list are subject to additional disclosure requirements: • The message must identify the person who obtained the original consent as well as the person who sent the message • The unsubscribe mechanism must allow the recipient to remove consent from both the person who sent the message and the person who obtained the original consent 25
  26. 26. Misleading Advertising • CEMs sent by the organization must not contain false or misleading statements, either in the literal words used or by the impression left, in the: (i) “Re:” line of the CEM, or (ii) Body of the CEM (in a material respect) 26
  27. 27. Misleading Advertising (con.’t) When sending CEMs: • DO NOT use overly broad or misleading statements in the “Re:” line in an attempt to catch the recipient’s attention, and then try to qualify the statements in the “fine print” in the body of the CEM • DO include in the “Re” line next to the subject matter description of the CEM a notation like “terms and conditions apply” or “see message below for details and conditions” • DO include all material terms and conditions about the product or service offered by the organization 27
  28. 28. CASL - Penalties Administrative monetary penalties (AMPs) for violations: • A fine of up to $1,000,000 for a violation by an individual • A fine of up to $10,000,000 for a violation by a corporation Factors for determining penalty: • Previous history of contraventions • Financial benefit received from offending activity • Ability to pay • Other 28
  29. 29. CASL – Penalties (con.’t) Competition Act (Misleading Advertising) • Criminal prosecution • Fines/imprisonment possible • AMPs • Corporation, fines of up to $10,000,000 for the 1st offence; up to $15,000,000 subsequent 29
  30. 30. CASL – Penalties (con.’t) July 1, 2017: private right of action for breach of CASL comes into force • CASL creates a private right of action for persons who allege they have been affected by a violation. If the action is successful in court, the court may order: • Compensation equal to the actual loss or damage suffered • Up to $200 for each contravention, not exceeding $1,000,000 for each day on which a contravention occurred • Up to $1,000,000 for each event of aid, induce, or procure a violation PLUS $1,000,000 for each day if actual violation 30
  31. 31. CASL – Penalties (con.’t) Factors to consider in determining award in the private right of action: • Person’s history of contraventions • Ability to pay • Financial benefit received by offender • Other 31
  32. 32. CASL – Penalties (con.’t) • Private right of action will be available for any CASL violation unless CRTC has taken enforcement action, or CRTC has agreed to an undertaking (i.e., negotiated settlement) by the violating organization • Will organizations self-report and settle with the CRTC to avoid the private right of action? 32
  33. 33. CASL – Penalties (con.’t) • Liability extends to any person who aids, induces or procures a prohibited act • Organizations are liable for acts of their employees within the scope of their authority • Liability extends to officers, directors, agents, mandataries if they directed, authorized, assented to, acquiesced, or participated in the prohibited act 33
  34. 34. Transitional Period • There is a three year transitional period (i.e., until July 1, 2017) after CASL comes into force during which implied consent will survive in cases of “existing business relationships” or “existing non-business relationships” which have included the sending of CEMs • The transitional period provides an extended timeline for perfecting existing implied consent by seeking express consent 34
  35. 35. Thank You montréal  ottawa  toronto  hamilton  waterloo region  calgary  vancouver  beijing  moscow  london Paul Armitage, Partner Tel: 604-891-2755 Email: paul.armitage@gowlings.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×