This document provides an overview and summary of Canada's Anti-Spam Legislation (CASL):
1. It introduces CASL and outlines its key provisions regarding commercial electronic messages, altering transmission data, and installing computer programs without consent.
2. CASL significantly increases liability for violations, with maximum penalties of $10 million for corporations and $1 million for individuals. It also establishes a private right of action.
3. The presentation defines key terms in CASL, outlines consent requirements and exemptions for sending commercial electronic messages, and reviews compliance strategies.
Social Media and the Law - by Tom CowlingiCrossing
Social Media Law: Branded content, conversations and the new responsibilities of marketers online
Brands are becoming publishers, participants and distributors on the social web. What do they need to bear in mind from a legal perspective?
In partnership with Wired Sussex.
Social Media and the Law - by Tom CowlingiCrossing
Social Media Law: Branded content, conversations and the new responsibilities of marketers online
Brands are becoming publishers, participants and distributors on the social web. What do they need to bear in mind from a legal perspective?
In partnership with Wired Sussex.
Recorded on Monday, March 19, 2012 - This webinar, presented by Margaret Capes, Legal Education Coordinator of Community Law School (Sarnia-Lambton) Inc., looks at common scams such as phishing, advance fee frauds, prize and lottery scams, the grandparent scam, and cheque overpayment scams. The webinar reviews the risks of purchasing goods or services online. It covers plans of action to counter scamming activity involving reports to police, banks, credit card companies, the Canadian Anti Fraud Centre, and the Ministry of Consumer Services. Finally, it discusses how to launch a civil claim in Small Claims or Superior Court including the pros and cons of taking such a step against "hard to trace" perpetrators. Those interested in expanding their knowledge of this topic area may find the Identity Theft webinar useful.
To watch an archived version of this webinar visit:
http://yourlegalrights.on.ca/webinar/watch-your-step-internet
Recorded on Monday, April 16, 2012. This webinar, presented by Margaret Capes, Legal Education Coordinator of Community Law School (Sarnia-Lambton) Inc., looks at telephone scams and other consumer problems with phones. It reviews the role of the Competition Bureau, the Ministry of Consumer Services, the Canadian Radio-television and Telecommunications Commission (CRTC), and the Canadian Anti Fraud Centre in combatting telephone trickery. Examples of recent versions of these scams will be reviewed so attendees will have an idea of what to watch for in their everyday lives.
To watch an archived version visit:
http://yourlegalrights.on.ca/webinar/Fighting-Telephone-Trickery-Using-Consumer-Protection-Laws
E-contracting and Commerce is presented by Pria Chetty and details the South African legal position with regard to electronic contracts and the effect on commerce.
Legal Obligations of Technology Service Providers as IntermediariesEquiCorp Associates
A database of millions of customers including their contact details are found freely accessible online and are available for sale at a very nominal price at various online social media platforms has brought a serious and basic question in focus- who all can be held responsible and accountable for such unauthorize and illegal acts?
Prima facie, the person who is selling the database is responsible under the eyes of law, but do the technology services providers or the platform where such database is been listed, owes any obligation to the customers and can be held responsible for unauthorized acts by a third party on their platform?
The intermediaries play a very important role in the enforcement of various provisions under the IT Act. In any technology services, there are multiple players involved in provision of services such as setting up web page or website, ISP providing internet connectivity, service provider for registration of domain name and hosting the domain, different service provider for uploading the web pages etc
Matheson partner and head of the Telecommunications Group, Helen Kelly, authored the Irish chapter for Getting the Deal Through: Market Intelligence - Telecoms & Media.
Does the internet feel like a legal twilight zone to you? This session will address your concerns when it comes to the legalities of being online. What can your organization do safely? What should you avoid? What key policies and privacy issues do you need to know about? Get your legal questions answered in this engaging session (not too much legalese, we promise!).
Data Protection and Journalism: The Changing LandscapeDavid Erdos
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
Recorded on Monday, March 19, 2012 - This webinar, presented by Margaret Capes, Legal Education Coordinator of Community Law School (Sarnia-Lambton) Inc., looks at common scams such as phishing, advance fee frauds, prize and lottery scams, the grandparent scam, and cheque overpayment scams. The webinar reviews the risks of purchasing goods or services online. It covers plans of action to counter scamming activity involving reports to police, banks, credit card companies, the Canadian Anti Fraud Centre, and the Ministry of Consumer Services. Finally, it discusses how to launch a civil claim in Small Claims or Superior Court including the pros and cons of taking such a step against "hard to trace" perpetrators. Those interested in expanding their knowledge of this topic area may find the Identity Theft webinar useful.
To watch an archived version of this webinar visit:
http://yourlegalrights.on.ca/webinar/watch-your-step-internet
Recorded on Monday, April 16, 2012. This webinar, presented by Margaret Capes, Legal Education Coordinator of Community Law School (Sarnia-Lambton) Inc., looks at telephone scams and other consumer problems with phones. It reviews the role of the Competition Bureau, the Ministry of Consumer Services, the Canadian Radio-television and Telecommunications Commission (CRTC), and the Canadian Anti Fraud Centre in combatting telephone trickery. Examples of recent versions of these scams will be reviewed so attendees will have an idea of what to watch for in their everyday lives.
To watch an archived version visit:
http://yourlegalrights.on.ca/webinar/Fighting-Telephone-Trickery-Using-Consumer-Protection-Laws
E-contracting and Commerce is presented by Pria Chetty and details the South African legal position with regard to electronic contracts and the effect on commerce.
Legal Obligations of Technology Service Providers as IntermediariesEquiCorp Associates
A database of millions of customers including their contact details are found freely accessible online and are available for sale at a very nominal price at various online social media platforms has brought a serious and basic question in focus- who all can be held responsible and accountable for such unauthorize and illegal acts?
Prima facie, the person who is selling the database is responsible under the eyes of law, but do the technology services providers or the platform where such database is been listed, owes any obligation to the customers and can be held responsible for unauthorized acts by a third party on their platform?
The intermediaries play a very important role in the enforcement of various provisions under the IT Act. In any technology services, there are multiple players involved in provision of services such as setting up web page or website, ISP providing internet connectivity, service provider for registration of domain name and hosting the domain, different service provider for uploading the web pages etc
Matheson partner and head of the Telecommunications Group, Helen Kelly, authored the Irish chapter for Getting the Deal Through: Market Intelligence - Telecoms & Media.
Does the internet feel like a legal twilight zone to you? This session will address your concerns when it comes to the legalities of being online. What can your organization do safely? What should you avoid? What key policies and privacy issues do you need to know about? Get your legal questions answered in this engaging session (not too much legalese, we promise!).
Data Protection and Journalism: The Changing LandscapeDavid Erdos
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
“Canada's new Anti-Spam Law comes into force on July 1, 2014 and will cover all electronic messages including: email, social networking accounts and text messages - plus much more.
What does it mean for you as a business owner when communicating with current and potential clients? What are the guidelines and penalties? What do you need to know and how should you prepare?”
Debbie Lapointe is a small business owner who began educating herself on the Canadian Government’s new Anti-Spam law a year ago, when the spam received in her inbox became a daily source of frustration. She is not associated with the new Anti-Spam program, but happily shares what she’s learned with other business owners, who will be impacted by the changes.
Working through the implications that the Canadian Anti-Spam Legislation (CASL) might have on Tyndale. I am not a lawyer, this is not legal advice.
This is posted primarily for reference for the staff at Tyndale.
Canadian Anti-Spam Legislation(CASL) & New Marketing StrategiesDalia Asterbadi
A Quick review of the Anti-Spam legislation, it's impact and the other sources of impact to some organizations mix in demand generation. New sales and marketing channels, and solutions are reviewed.
A marketers guide to canada anti spam legislation (casl)Anene Wealth
Canada’s Anti‐Spam Legislation (CASL) took effect on July 1, 2014. It is a well known fact that this law will have an enormous impact on marketers all over the globe, and it’s crucial to arm your marketing department with all of the facts.
Below are some tips to help your company remain compliant with these new laws:
The new Canadian Anti-Spam Legislation (CASL) is shaking things up for marketers, recruiters, and higher education professionals. Starting July 1st, 2014, new laws about commercial electronic messages (CEM) will be enforced to ensure consent, identification, and the presence of unsubscribe mechanisms.
As a trusted higher education leader, EDge Interactive held a free online webinar to provide an overview of the legislation as well as useful tips to ensure compliance.
Jeff Kahane of the Kahane Law Office will explain exactly what you need to know to comply with Canada's Anti-Spam Legislation. Is your marketing plan with permission and within the law? Post presentation, Jeff will answer audience questions in an interactive Q&A.
Preparing for Compliance: Canada's Anti-Spam Law (CASL)Act-On Software
Get to know the ins & outs of Canada's latest anti-spam legislation in this exciting webinar led by David Fowler, Act-On's Chief Deliverability Officer!
Anti-Spam 101: Risks and Implications for Businesses - Complying with the new...Now Dentons
Canada's New Anti-Spam legislation is intended to deter damaging and deceptive forms of spam, such as identity theft, phishing and spyware from occuring in Canada. In this presentation, FMC's Margot Patterson gives an in-depth look at the legislation including: risks and implications for business, the scope, reach and liability of the liability of the legislation, regulations, software installation, violations and enforcement as well as a look at where the legislation is headed and what that means for your business.
Canada’s Anti-Spam Legislation goes into effect July 1, and marketers who believe that compliance with the United States’ CAN-SPAM Act also will cover their activities in Canada could be setting themselves up for a rude and expensive surprise. Unlike the opt-out approach of the United States’ CAN-SPAM Act, CASL’s opt-in orientation prohibits all commercial electronic messages (CEMs) that are sent without proper consumer consent, including e-mail, text, social media, sound and image messages.
CAN-SPAM Act : When Do Corporate Marketing Activities Become SPAMKarl Larson
Since its inception, the use of unsolicited e-mail, known as spam, has grown exponentially. The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”) generally regulates the transmission of unsolicited commercial electronic mail messages. All businesses that send commercial e-mail must now comply with the new federal requirements of the CAN-SPAM Act.
In this presentation, Gowlings partner Paul Armitage provides an overview of Canada's Anti-Spam Legislation (CASL). Topics covered include:
-What qualifies as a commercial electronic message (CEM)
-Consent - express & implied
-Content & format requirements
-Third party marketing lists
-Penalties
-Transitional period
To learn more, visit Gowlings' CASL Resources page at www.gowlings.com/casl.
Stage one of Canada’s new Anti-Spam Law came into effect on July 1, 2014, creating a new regulatory framework for any organization sending Commercial Electronic Messages (CEMs) to or from Canada.
Designed to reduce spam, spyware/malware, email address harvesting and network rerouting, CASL contains some of the toughest measures of its kind in the world, with severe penalties for non-compliance including fines, criminal charges, civil charges and personal liability.
It’s a complex framework with strict requirements for all CEMs, myriad rules on consent as well as numerous full and partial exemptions. Are you confident your organization is ready for CASL? Is your technology? What about proving compliance?
Presentation from IAPP Canada 2011 Conference.
Presented by Shaun Brown - (http://nnovation.com), and Matthew Vernhout (http://www.transcontinental-interactive.com).
Canada’s Anti-Spam Legislation: What Charities and Not-For Profits Need to Kn...NetSquared Vancouver
Learn how mass emails could, should or are supposed to work under the Canadian Anti-Spam Legislation.
Maanit Zemel is a Partner with the law firm of Miller Thomson LLP, practicing out of the Toronto office, where she advises businesses, non-profit organizations, charities and individuals on a variety of legal issues. Ms. Zemel has substantial experience and expertise in internet and social media law, including Canada’s Anti-Spam Legislation (“CASL”), online privacy, online defamation, cyberbullying and cyber-security. As a member of Miller Thomson’s CASL Advisory Group, she assists her clients with developing and implementing practical policies and procedures for complying with CASL.
Canada's Anti-Spam Legislation (CASL) comes into effect on July 1, 2014 and will have a significant impact on how Canadian organizations can legally communicate with their clients, prospects, members and partners.
The penalties for non-compliance with CASL are severe, with fines of up to $10 million. Understanding key information regarding the changes will help you adapt your marketing strategies and avoid litigation.
In this presentation, Wendy Wagner and Anca Sattler of Gowlings provide an overview of CASL and outline how organizations can remain compliant with the legislation while ensuring continued success with their marketing efforts.
To learn more about how Gowlings can help you comply with CASL, visit www.gowlings.com/CASL
Your company’s people, products, profits and politics have a direct impact on its bottom line.
In this seminar presentation aimed at in-house counsel, HR and other business leaders, you’ll learn from legal and industry insiders on how to master these four key pillars ― and succeed in today’s competitive manufacturing market.
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfoZoomInfo
Beginning on July 1, 2014, organizations will generally be required to have prior consent to email intended recipients protected under Canada’s Anti-Spam Legislation (CASL). Check out this presentation by ZoomInfo and learn how CASL is going to change the way the business world communicates electronically with recipients accessing their messages in Canada and steps you can take to help keep your organization out of trouble.
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...ZoomInfo
As of July 1, 2014, organizations will generally be required to have prior consent to email intended recipients protected under Canada’s Anti-Spam Legislation (CASL) with steep fines for violators. In this webinar, learn how CASL is going to change the way the business world communicates electronically with recipients accessing their messages in Canada and steps you can take to help keep your organization out of trouble.
The new anti-spam legislation took effect July 1, 2014. Find out what this means for your business by viewing our presentation created by Shaun Brown LLP.
Texas Lawyer Advertising: Being Strategic While Remaining in ComplianceStacey Burke
A thorough discussion of the 2021 changes to the Texas lawyer advertising rules by 20-year lawyer Stacey E. Burke to the Coastal Bend Women Lawyers Association.
Cyber risk related to information security is growing. A potentially huge exposure for transportation companies is the personal data of their current and prospective drivers.
Similar to CIPS ON CASL presentation Mar 20 2014 (20)
Cardware Conference presentation on BIG DATA June 17-18 2014
CIPS ON CASL presentation Mar 20 2014
1. Understanding the New
Canadian Anti-Spam Legislation ("CASL")
Lisa Abe-Oldenburg, B.Comm., JD.
CIPS Ontario AGM
March 20, 2014
2. Agenda
• Why should you care about CASL?
• Introduction to Canada's Anti-Spam Legislation: What is it?
• Anti-Spam Provisions
• Transmission Data Alteration Provisions
• Installation of Computer Program Provisions
• Compliance strategies
• Q & A
2
3. • This presentation was prepared by Bennett Jones LLP to provide
general information about the anti-spam legislation in Canada. Due to
the general nature of this presentation, nothing herein should be relied
upon as legal advice.
• CASL consists of a lengthy Act and Regulations, which must be read
together. They are complicated, legally very technical, contain
ambiguities and will be evolving as more regulations and
interpretations are created.
The fine print…
3
5. • INCREASED LIABILITY
• INCREASED COST OF DOING BUSINESS
• Actual costs:
• Developing and implementing compliance and policies
• Updating or purchasing new customer relationship
management software
• Investigating targets in due diligence associated with M&A
activity
• Indirect costs:
• Finding alternative ways to advertise or do business
• Revising software update and upgrade distribution and
installation processes and support services.
5
Why should you care about CASL?
6. 1. Administrative Monetary Penalties:
• Maximum penalty for corporations and organizations =
$10,000,000.00 per violation
• Maximum penalty for an individual = $1,000,000.00 per
violation
2. Vicarious liability:
• An employer may be liable for a violation committed by an
employee acting within the scope of the employment.
3. Personal liability:
• Officer, director, agent who directed, authorized, assented to,
acquiesced in or participated in the commission of the violation,
whether or not the corporation is proceeded against.
6
Liabilities
7. 4. Private Right of Action
• For violations of CASL, as well as specified violations under PIPEDA
and the Competition Act.
• Liability includes :
• Compensation in an amount equal to the actual loss or damage
suffered or expenses incurred; and
• A maximum of $200.00 for each contravention of CEM provisions,
not exceeding $1,000,000.00 for each day the contravention
occurred; and
• A maximum of $1,000,000.00 for each day a contravention of
the data or computer software provisions occurred.
• A maximum of $1,000,000 per s.9 contravention (aiding,
inducing, procuring)
That's enough to make anyone…
7
Liabilities (con't.)
10. Key Dates
July 1, 2014
• Anti-spam requirements
• Altering transmission data requirements
January 15, 2015
• Installation of computer program requirements
July 1, 2017
• Private right of action
11. Scope
• The Act and Regulations:
• prohibit sending "commercial electronic messages" to an electronic
address without consent (though exceptions may apply);
• prohibit the alteration of transmission of data in an electronic message so
that the message is delivered to a destination other than or in addition to
that specified by the sender without consent;
• prohibit installing a computer program on any other person’s computer
system without consent and certain requisite notice;
• prohibit causing a program on any person’s computer system to send an
electronic message without consent; and
• capture activities that aid, induce, procure or cause to be procured any of
the foregoing.
11
12. Key Definitions
• What is a CEM?
• An “electronic message” means a message sent by any means of
telecommunication, including a text, sound, voice or image
message.
• A “commercial electronic message” is defined as an electronic
message that, having regard to the content of the message, the
hyperlinks in the message to content on a website or other
database, or the contact information contained in the message,
it would be reasonable to conclude has as its purpose, or one of
its purposes, to encourage participation in a commercial
activity, including an electronic message that…(cont.):
12
13. ….(cont.):
(a) offers to purchase, sell, barter or lease a product, goods, a
service, land or an interest or right in land;
(b) offers to provide a business, investment or gaming opportunity;
(c) advertises or promotes anything referred to in paragraph (a) or
(b); or
(d) promotes a person, including the public image of a person, as
being a person who does anything referred to in any of paragraphs (a)
to (c), or who intends to do so.
NOTE: a CEM includes an electronic message that asks for consent to
be given
13
Key Definitions
14. • “commercial activity” means any particular transaction, act or
conduct or any regular course of conduct that is of a commercial
character, whether or not the person who carries it out does so in the
expectation of profit, other than any transaction, act or conduct that is
carried out for the purposes of law enforcement, public safety, the protection
of Canada, the conduct of international affairs or the defence of Canada.
• An “electronic address” is an address used in connection with the
transmission of an electronic message to:
(a) an electronic mail account;
(b) an instant messaging account;
(c) a telephone account; or
(d) any similar account (e.g. social media?)
14
Key Definitions
15. • It is prohibited to send (or cause or permit to be
sent ) to an electronic address a commercial
electronic message unless:
• An exemption to the prohibition applies;
• OR
(a) the person to whom the message is sent has
consented to receiving it or the CEM is
exempt from consent; and
(b) the message meets the formality
requirements.
Core Anti-Spam Provisions
15
16. • The anti-spam prohibition under the Act does not apply to:
• messages that are not CEMs
• commercial electronic messages where the recipient:
• has a family or personal relationship (as defined in
the regulations) with the sender; or
• is engaged in commercial activity and the message from
the sender consists solely of an inquiry or application
related to that activity.
• Telecommunications Service Providers enabling the
transmission of a message as part of a telecommunications
service (safe harbour for intermediaries);
General Exemptions
16
17. • Family relationship definition: 2 people related through
marriage, common law, or legal parent-child, and who have had
direct, voluntary two-way communications.
• Personal relationship definition: 2 people who have had
direct, voluntary two-way communication where it would be
reasonable to conclude that the relationship is personal.
• Reasonable test based on a non-exhaustive list of factors
provided in the Regulations
• Must be close relationship
• No provision in the Act or regs for individuals to "opt-out" of
the exemptions
17
Existing Family and Personal Relationships
18. • CEMs that are:
• whole or partial interactive two-way voice communication between
individuals;
• sent by fax to a telephone account;
• voice recordings sent to a telephone account;
• sent by personnel within an organization, and it concerns the
activities of the organization (intra-business);
General Exemptions
18
19. • CEMs that are:
• sent by personnel of one organization to the personnel of another
organization if the organizations have a relationship at the
time, and it concerns the activities of the recipient
organization (inter-business);
• solicited by the recipient (i.e. response to a request, inquiry or
compliant);
• sent to a person in a foreign jurisdiction (that is listed in the Regs),
and the CEM conforms to the laws of that foreign state which must
be substantially similar;
General Exemptions
19
20. • CEMs that are:
• sent in relation to satisfy, provide notice of or enforce a legal or
juridical obligation or right;
• messages sent and received on an electronic messaging service as
long as certain requirements are met;
• sent within a limited-access, secure and confidential account (one-
way only);
• sent on behalf of registered charity for primary purpose of raising
funds as defined in the Income Tax Act; or
• sent on behalf of political party for primary purpose of soliciting
contributions, as defined in the Elections Act.
General Exemptions
20
21. Exemptions from Consent Requirements
• NOTE: You must still comply with formality requirements!
• CEM that solely:
• provides a requested quote or estimate for the supply of a
product, or service;
• facilitates, completes or confirms a commercial transaction
that recipient previously agreed to enter into;
• provides warranty information, product recall information or safety
or security information about a product or a service that the
recipient uses, has used or has purchased;
• provide notification of factual information about the ongoing
use or ongoing purchase by the recipient of products or services
offered under a subscription, membership, etc….
22. Exemptions from Consent Requirements
• NOTE: You must still comply with formality requirements!
• CEM that solely:
• provides information directly related to the recipient's current
employment relationship or related benefit plan;
• delivers a product or service, including upgrades or updates, that
the recipient is entitled to receive under the terms of a
previous transaction;
• communicates (first time only!) for the purpose of a third party
referral by an individual with an existing business or non-
business relationship, family or personal relationship and
the message contains certain prescribed information.
24. • Unless otherwise exempt from the prohibition or from consent, one of
the following must be relied upon to send a commercial electronic
message:
1. express consent; or
2. implied consent.
• Note: Onus is on person who alleges they have consent to prove it.
• Note : Different forms of consent and each must be sought separately
for each of: sending CEMs, alteration of transmission data and
installation of a computer program.
24
Consent Requirements for CEMs
25. • When seeking express consent, the following information must be set
out clearly:
• the purpose(s) for which consent is being sought;
• information identifying who is requesting consent;
• a statement that the person can withdraw their consent; and
• other prescribed information.
• requires active “opt-in” (pre-checked boxes not permitted)
• may be obtained orally or in writing
• Note: Once the law is in force you cannot send a CEM to request express
consent, unless one of the exemptions apply or you already have implied
consent.
25
Express Consent requirements for CEMs
26. • Consent may be implied and allow for the sending of a commercial
electronic message in the following situations:
1. The recipient:
• has conspicuously published (e.g. on a website) the
electronic address to which the message is sent;
• has not included in their publication a statement that
they do not wish to receive unsolicited commercial electronic
messages at that electronic address; and
• the electronic message is relevant to the recipient's
official business, role, functions or duties; OR
26
Implied Consent for CEMs
27. 2. The recipient:
• has disclosed to the sender (e.g. provide a business card)
the electronic address to which the message is sent;
• has not indicated that they do not wish to receive unsolicited
commercial electronic messages at that electronic address;
and
• the electronic message is relevant to the recipient's official
business, role, functions or duties; OR
3. The sender has an existing business relationship or an
existing non-business relationship with the recipient.
27
Implied Consent for CEMs (cont.)
28. • "Existing business relationship" means a business relationship
between the recipient and sender of a message, arising from:
• the purchase, lease or barter of a product or a service, land or an
interest or right in land, within 2 years immediately prior to the day
on which the message was sent;
• the acceptance by the recipient, within 2 years immediately prior to
the day on which the message was sent, of a business, investment or
gaming opportunity;
• a written contract between the parties if the contract is currently in
existence or expired within 2 years immediately prior to the day on
which the message was sent; or
• an inquiry or application by the recipient, within the six-month
period immediately before the day on which the message was sent.
28
Existing business relationships
29. • "Existing non-business relationship" means a non-business relationship
between the recipient and the sender arising from
• a donation or gift made by the recipient to the sender within 2 years
immediately prior to the day on which the message was sent, where the
sender is a registered charity, a political party or organization;
• volunteer work performed by the recipient, or attendance at a
meeting organized by sender, within the 2 years immediately prior
to the day on which the message was sent, where the sender is a
registered charity, a political party; or
• Membership of the recipient in the sender's club, association or
voluntary organization, as defined in the regulations, within the 2 years
immediately prior to the day on which the message was sent.
29
Existing non-business relationships
31. Formalities of CEMs
• A commercial electronic message must contain:
• the name of the sender or the name under which the sender carries on
business;
• If sent on behalf of another person, CEM must contain that name or
the name under which that person carries on business;
• If sent on behalf of another person, must contain a statement
indicating which person is sending the message and which person on
whose behalf the message is sent;
• the mailing address, and either:
• A telephone number;
• An email address; or
• A web address; AND
• A functional unsubscribe mechanism that meets the prescribed
requirements.
• Contact info must be valid for 60 days
31
33. • ALTERING TRANSMISSION DATA
• In force July 1, 2014
• INSTALLATION OF COMPUTER PROGRAMS
• In force January 15, 2015
33
34. ALTERING TRANSMISSION DATA
• CASL prohibits the alteration of
transmission data in an electronic
message in the course of a commercial
activity, without express consent
• Where message is delivered to a destination
other than, or in addition to, that specified
by the sender
• To aid, induce, procure or cause to be procured
is also prohibited
• Applies to any computer system located in
Canada that is used to send, route or access the
electronic message
34
35. ALTERING TRANSMISSION DATA
• “data” means signs, signals, symbols or concepts that are
being prepared or have been prepared in a form suitable for
use in a computer system
• “transmission data” means data that :
(a) relates to the telecommunications functions of
dialling, routing, addressing or signalling;
(b) either is transmitted to identify, activate or
configure an apparatus or device, including a computer
program, in order to establish or maintain a
communication, or is generated during the
creation, transmission or reception of a
communication and identifies or purports to identify the
type, direction, date, time, duration, size, origin,
destination or termination of the communication;
and
(c) does not reveal the substance, meaning or
purpose of the communication.35
36. ALTERING TRANSMISSION DATA
• Express consent is required from the sender or the person to whom the
message is sent, i.e. the authorized email account holder
• Burden of proof is on the person who alleges that they have consent
• Note: no implied consent possible, like with CEMs
• Consent must meet the formalities set out in the Act and the Regulations,
including describing the purpose for the consent, the persons seeking it, the
period of consent, and such other information as set out in the regulations
• Consent must also include a withdrawal mechanism in the form
prescribed by the Act and the regulations
• Any request for withdrawal must be implemented within 10 business
days of receipt
36
37. ALTERING TRANSMISSION DATA
• General Exemption: if the alteration is made pursuant to a
court order, or by a telecommunications service provider
(TSP) for the purposes of network management
• TSPs are broadly defined under the Act to include any providers
of services or features by telecom facilities
• Examples were provided in the RIAS of GM's OnStar or Ford's
Sync systems
37
38. INSTALLATION OF COMPUTER PROGRAMS
• CASL prohibits the installation of a computer program on any other
person’s computer system, in the course of commercial activity
• CASL also prohibits installed computer programs to cause the
sending of an electronic message from a computer system
• Without express consent, unless pursuant to court order
• To aid, induce, procure or cause to be procured is also prohibited
• Applies to any computer system or person (whether contravening or
directing) located in Canada at the relevant time
• Computer program and computer system are Criminal Code definitions
• Note: CASL does not apply to user's own installation. Query who is doing
the installation in a web download or with pre-installed software?
• Note: CASL does not apply to computer programs installed for public safety
purposes. Query whether auto braking systems are public safety, as per
RIAS?
38
39. INSTALLATION OF COMPUTER PROGRAMS
• Express consent is required from the owner or authorized user of the
computer system
• Burden of proof is on the person who alleges that they have consent
• Note: no implied consent, like with CEMs, except in very narrow
circumstances prior to January 15, 2015
• Problematic where there is no user interface to receive messages or provide
disclosure notices
• Consent must meet the formalities set out in the Act and the Regulations,
including describing the purpose for consent, the persons seeking it, the
functions and purposes of the computer program, and such other
information as set out in the regulations
• For certain "invasive" software (with special functions listed in
ss.10(5)), it gets more complicated. You must include additional
information and actions set out in the Act and the regulations.
39
40. INSTALLATION OF COMPUTER PROGRAMS
• Invasive software - Subsection 10(5) Functions:
• Knowledge and intent that the software will cause the
computer system to operate in a manner that is
contrary to the reasonable expectations of the
owner or an authorized user and:
• Collects stored personal information
• Interferes with control of the computer system
• Changes or interferes with settings, preferences or
commands
• Changes or interferes with stored data
• Communicates with another computer system or device
• Installs a computer program that may be activated by a
third party; or
• Performs any other function specified in the regulations.
40
41. INSTALLATION OF COMPUTER PROGRAMS
• Consent must be clear and simple
• For software with ss. 10(5) functions, one must add additional
information:
• set out clearly and prominently, and separately and apart from
the license agreement and the consent:
(i) description of the computer program's material
elements that perform the function(s), including the
nature and purpose of those elements and their
reasonably foreseeable impact on the operation of
the computer system;
(ii) bring those elements to the attention of the person
from whom consent is being sought in the prescribed
manner; and
41
42. INSTALLATION OF COMPUTER PROGRAMS
(iii) obtain an acknowledgement in writing from the
person from whom consent is being sought that they
understand and agree that the program performs the
specified functions.
• Such additional information not required if the function only
collects, uses or communicates transmission data or performs an
operation specified in the regulations
• CASL contains complicated rules for requesting and ensuring
the removal or disabling of certain software with ss. 10(5)
functions, including providing assistance at no cost, within a one
year period
42
43. INSTALLATION OF COMPUTER PROGRAMS
• Deemed express consent (no separate consent required) for:
• Cookies, HTML code, Java Scripts, operating systems, any other
program that is executable only through the use of another computer
program whose installation or use the person has previously expressly
consented to, or any other programs specified in the regulations
• IC Regulations have added several additional classes of programs,
mainly for telecom network security and upgrades, as well as
correction of failures of computer systems and programs
• Provided it meets the reasonability test: the person’s conduct is such
that it is reasonable to believe that they consent to the program’s
installation
• Many issues with what constitutes an operating system, a cookie, a telecom
network, an upgrade/update or a failure
43
44. INSTALLATION OF COMPUTER PROGRAMS
• Special rules for installation of software updates and upgrades
• May be deemed consent if TSP is installing an update to their network
or if required for safety/failure correction purposes
• Consent to install updates or upgrades can be requested in advance, e.g.
at the same time as the original installation, or when the user is
downloading, as long as consent is requested in accordance with the
specific formalities of CASL and the upgrades or updates are installed
in accordance with those terms.
• Implied consent until January 15, 2018 to installation of update
or upgrade if the software being updated was installed prior to
January 15, 2015 and no notice of withdrawal of consent is given.
44
46. • The majority of CASL is coming into force on July 1, 2014; however…
• A person’s consent to receiving CEMs is implied until (i) notified
otherwise or (ii) July 1, 2017, whichever is earlier, if :
• the sender and recipient have had an existing business relationship
or an existing non-business relationship at any time prior to
July 1, 2014 (i.e. no 2 year limit) ; and
• the relationship includes the communication of CEMs.
• Also, implied consent to install software updates or upgrades
until (i) notified otherwise or (ii) January 15, 2018, whichever is
earlier, if the software was installed prior to January 15, 2015.
46
Transitional Provisions
48. • Be proactive!
• Review existing communication and software practices internally as
well as with applicable external service providers.
• Develop a database that identifies which commercial electronic
messages (and data alterations or software installations, if any):
(i) have implied consent and track duration;
(ii) require express consent and must comply with formalities;
(iii) must comply with formalities or information requirements; and
(iv) neither require consent nor compliance with formalities.
• Draft, review, collect and update necessary consents, notices and
acknowledgements
48
How to comply…
49. • Ensure records of consent, written acknowledgements and notices
are retained and retrievable
• Create and maintain an easy-to-use and effective unsubscribe
mechanism
• Create templates for your business' electronic commercial messages
which satisfy the prescribed requirements
• Develop a CASL-compliance policy to address applicable provisions
in the law and provide copies of this policy to all relevant employees
and service providers – provide training
• Amend contracts with service providers to allocate obligations and
liability risk
49
Additional considerations…
50. • Maintain records of all procedures and policies implemented in
order to ensure compliance with the CASL .
• Such documentation may later support a due diligence defense.
• Contracts for sale of a business should include provisions
transferring express consents as a business asset. *
* Note: We are awaiting the CRTC/IC's position on this.
• Monitor development in jurisprudence and any new regulations and
guidelines with respect to CASL and adapt practices as necessary.
50
Additional considerations…
51. Abe-oldenburgL@bennettjones.com
Tel.: 416-777-7475
Visit our Anti-Spam Learning Centre
at:
www.bennettjones.com
• This presentation
contains statements of
general principles and
not legal opinions and
should not be acted
upon without first
consulting a lawyer
who will provide
analysis and advice on a
specific matter.