Canada’s Anti-Spam Legislation
New Canadian Anti-Spam Laws Effective: July 1 2014
Provided by TROOL Social Media for Information purposes ONLY. I have added the most important basic requirements and exemptions here.
Please read the CASL info from the Canadian Gov’t to get the complete laws.
3 Requirements from the Electronic Commerce Protection Regulations (CRTC)
There are three general requirements for sending the CEM to an electronic address. You need (1) consent, (2) identification information and (3) an unsubscribe mechanism. The questions under this heading relate to the first requirement, namely consent. There are two types of consent under CASL – express and implied.
How can I obtain express consent?
Consent can be obtained either in writing or orally. In either case, the onus is on the person who is sending the message to prove they have obtained consent to send the message.
The CRTC has issued information bulletins to provide guidance and examples of recommended or best practices. Compliance and Enforcement Information Bulletin CRTC 2012-548, among other things, helps explain what information is to be included in a request for consent. The Bulletin also suggests some key considerations that may make tracking or recording consent easier, and therefore, may make it easier to prove consent. They are:
- whether consent was obtained in writing or orally,
- when it was obtained,
- why it was obtained, and
- the manner in which it was obtained.
The examples provided in the information bulletin are not exhaustive. They are simply examples of recommended or best practices. They may not necessarily be appropriate in every situation. Compliance will be examined on a case-by-case basis in light of the specific circumstances of a given situation.
Can I use pre-checked boxes in order to obtain express consent?
The manner in which you request express consent cannot presume consent on the part of the end-user. Silence or inaction on the part of the end-user also cannot be construed as providing express consent. For example, a pre-checked box cannot be used, as it assumes consent.
Rather, express consent must be obtained through an opt-in mechanism, as opposed to opt-out. The end-user must take a positive action to indicate their consent. For example, this can be done by providing a blank box which a user can check off to indicate consent.
For more information, please see Compliance and Enforcement Information Bulletin CRTC 2012-549 on the use of toggling to obtain express consent.
How do I show that I have consent to send a commercial electronic message?
The onus is on the person who claims that they have consent to prove that they have such consent. Compliance and Enforcement Information Bulletin CRTC 2012-548 provides a few examples on how one can prove they have obtained express consent. Note that the examples provided are not exhaustive; they are simply practices that the Commission considers to be compliant with the legislation. Other practices may satisfy legal requirements imposed by CASL. However, their adequacy will be evaluated on a case-by-case basis in light of the specific circumstances of a given situation.
Do I need consent to send a commercial electronic message following a referral?
There is an exception to the consent requirement for commercial electronic messages (CEMs) sent following a referral, if certain conditions are met. The referral must be made by an individual who has an existing business relationship, an existing non-business relationship, a family relationship or a personal relationship with the sender and the recipient of the CEM. Also, the full name of the individual who made the referral and a statement that the CEM is sent as a result of a referral must be in the CEM.
The CEM must still respect the other two requirements – it must contain the identification information and an unsubscribe mechanism.
Someone gives me a business card: Is that clear consent to add them to my distribution list?
You may have their implied consent to send them CEMs, as long as:
- the message relates to the recipient’s role, functions or duties in an official or business capacity; and
- the recipient has not made a statement when handing you the business card that they do not wish to receive promotional or marketing messages (CEMs) at that address.
It is important to remember that the onus is on the sender to prove they received consent.
Recall that consent under CASL is also implied if you have an existing business relationship, existing non-business relationship with the person.
Compliance will be examined on a case-by-case basis in light of the specific circumstances of a given situation.
Does section 6 of CASL apply to messages sent to my membership?
Yes, section 6 of CASL applies, but consent may be implied where CEMs are sent to members of an association, club or voluntary organization. When sending CEMs to your membership based on implied consent, you should ensure that you are only sending to members.
“Membership” means the status of having been accepted as a member of a club, association or voluntary organization in accordance with its membership requirements. You should also ensure that your organization is a club, association, or voluntary organization that is:
- a non-profit organization,
- organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than personal profit, and
- no part of its income is payable for the personal benefit of any member, proprietor or shareholder unless that entity is an organization whose primary purpose is the promotion of amateur athletics in Canada.
The CEM must still respect the other two requirements – it must contain the identification information and unsubscribe mechanism.
There are three general requirements for sending a commercial electronic message (CEM) to an electronic address. You need (1) consent, (2) identification information and (3) an unsubscribe mechanism. The questions under this heading relate to the second requirement – identification information.
What if I am sending messages on behalf of someone else, including affiliates?
You must identify yourself and the persons on whose behalf a commercial electronic message (CEM) is sent. When a CEM is sent on behalf of multiple persons, then all of these persons must be identified in the CEM.
However, where it is not practicable to include this information in the body of a CEM, then a hyperlink to a webpage containing this information is acceptable as long as the webpage is readily accessible at no cost to the recipient of the CEM. The link to the webpage must be clearly and prominently set out in the CEM.
Also, not every person who is involved in the sending of a CEM must be identified. Rather, only the persons who play a material role in the content of the CEM and/or the choice of the recipients must be identified. For example, an email service provider that provides a service to its clients to send emails, where the email service provider has no input on the content of the message, nor on the recipient list, does not need to be identified in the CEMs sent by clients using its service. Bear in mind however, that though the email service provider does not need to be identified in this scenario, it still shares its responsibilities with its clients in terms of ensuring that the CEMs are sent with valid consent (either express or implied) and contain an unsubscribe mechanism. Both the email service provider and its clients are sending, causing or permitting to send CEMs, and as such, they both have obligations under CASL.
I conduct my business from home. Do I need to disclose my home address to fulfill the identification requirements?
No, you do not need to provide your home address. You can provide another valid mailing address as long as you can be contacted at that address. Please refer to paragraph 9 of Compliance and Enforcement Information Bulletin CRTC 2012-548 for more information. Of note, that Information Bulletin explains that a mailing address includes not only a street address, but also a P.O. Box, rural route address, or general delivery address.
I have a limited amount of characters that I can use when sending a message using a given messaging service (e.g., SMS text message). What should I do if I cannot include all the required information in the commercial electronic message (CEM)?
Where it is not practicable to include this information in the body of a CEM, then a hyperlink to a webpage containing this information is an acceptable practice as long as the webpage is readily accessible at no cost to the recipient of the CEM. The link to the webpage must be clearly and prominently set out in the CEM.
For more information, refer to sections 2 and 3 of the Electronic Commerce Protection Regulations (CRTC) and Compliance and Enforcement Information Bulletin CRTC 2012-548.
There are three general requirements for sending a commercial electronic message (CEM) to an electronic address. You need (1) consent, (2) identification information and (3) an unsubscribe mechanism. The question under this heading relates to the third requirement – unsubscribe mechanism.
What is an unsubscribe mechanism?
Under CASL, you must include an unsubscribe mechanism in the commercial electronic messages (CEMs) that you send. For example, a CEM sent via SMS may state that an end-user can unsubscribe by texting the word “STOP.” Another possibility is a hyperlink that is included clearly and prominently in an email that allows the end-user to unsubscribe by simply clicking it. The hyperlink may also be to a webpage that is readily accessible without delay and is at no cost to the recipient.
You can set up your unsubscribe mechanism in many different ways. It can be broad or very granular. For example, you can offer a choice to the recipient, allowing them to unsubscribe from all or just some types of CEMs your organization sends.
A key aspect is that an unsubscribe mechanism must be “readily performed.” It should be simple, quick and easy for the end-user.
For examples of acceptable unsubscribe mechanisms under CASL, please see Compliance and Enforcement Information Bulletin CRTC 2012-548.
Canada’s Anti-Spam Law: Key exemptions from Deloitte
The revised regulations introduce key exemptions for B2B
A Commercial Electronic Message (CEM) is any electronic message that encourages participation in a commercial activity, such as an email that contains a coupon or tells customers about a promotion or sale. If your organization sends CEMs, you’ll need “express consent” from recipients before sending them – although certain exemptions exist.
The revised regulations introduce key exemptions for B2B, legal and referral business practices, for telecommunications services (TSPs) and for personal relationships.
Here we summarize these exemptions for you:
- Business-to-business (B2B) communications. CASL applies broadly to all CEMs. However, the new regulations include exemptions for CEMs sent within a business, and CEMs sent between businesses that are in an ongoing business relationship. The messages must be sent by an employee, representative, contractor or franchisee, and be relevant to the business, role, function or duties of the recipients. Similarly exempt are communications sent to third-party business partners, such as marketing agencies, recruiting firms and insurance carriers.
- Messages sent to consumers in response to a request for information. The new regulations address this unintended consequence by exempting messages sent in response to requests, inquiries or complaints.
- Messages sent to enforce a legal right. Examples include messages sent for debt collection, licensing and enforcing contractual obligations.
- Messages sent from outside Canada. These include messages sent by foreign businesses (provided the sender could not reasonably know the message would be received in Canada) and internationally-based Canadian organizations.
- Third-party referrals. To qualify for the exemption:
o The individual who sends the message must disclose in the message the ordinary or full name of the person who made the referral.
o The individual who made the referral must have an existing personal or family or business relationship with both the sender and the person who receives the message.
Telecommunications service providers (TSPs)
The new regulations also include two exemptions for TSPs to permit the installation of computer programs without consent:
- For the purpose of preventing illegal activities that pose a risk to network security.
- For network update/upgrading purposes.
While CASL was never meant to apply to communications sent to family or friends, some stakeholders considered the definitions of personal and family relationships to be too narrow. The revised regulations have now broadened these definitions.
Now a “personal relationship” is defined as one where individuals have had voluntary, two-way communications at any point in the past—whether or not they have met in person. Based on factors such as the sharing of interests and experiences, the relationship is considered personal, unless the recipient has clearly asked not to receive any CEMs from the sender.
The definition of “family relationship” has also been expanded so that CEMs can be sent without consent to family members descending from a common grandparent, including aunts, uncles, first cousins, nieces and nephews.
Please be advised this is a short summary of the requirements and the key exemptions for CEMs (Commercial Electronic Messages) and is not a complete explanation of the legislation.