Most Canadian businesses will have heard of the incoming Canadian Anti-Spam Law (referred to as CASL, which joins the Canadian pantheon of legislative acronyms like PIPEDA and PIPA). The consent requirements for sending commercial electronic messages (CEMs) is covered elsewhere (See here, and see this upcoming event on March 18 and 20, 2014). Those requirements come into effect July 1, 2014.
The software-related regulations are getting less press. Why? Possibly because CASL is being implemented in phases, and the software-related rules are not expected to be in full force until January 15, 2015. And possibly because the software-related regs are complicated and at times confusing.
This element of CASL is designed to control surreptitious installation of software, particularly “invasive software”. Generally, express, clear consent is required. Installation of invasive software imposes additional requirements. Implied consent (or “deemed express consent”) may be relied upon in other cases:
- cookies, HTML code, Java scripts;
- upgrades for telecom network security;
- “reasonable” installs - where it is reasonable to expect that the user would consent.
Software vendors should take note of these incoming obligations, to assess and plan for any updates that will be required for CASL compliance. Get advice on how these regulations apply to your software products.