One of the world’s most consumer protective spam laws recently went into effect in Canada on July 1, 2014, and many companies operating outside of Canada are learning that the law also impacts them because of how broadly it is drafted.
Background on the Law
Canada’s Anti-Spam Legislation seeks to regulate all “commercial electronic messages,” which are defined broadly to include a message sent by any means of telecommunication, including e-mails, text messages, and other types of messages that are aimed at encouraging participation in a commercial activity. The general rule under the new legislation is that entities are prohibited from sending a commercial electronic message without consent (either implied or express), unless an exception applies. The law contains specific requirements on what is required for each model of consent. The laws operates very differently from the United States CAN-SPAM Act because it requires a higher level of consent — namely, opt-in consent — whereas the CAN-SPAM Act was implemented with an opt-out consent mechanism. The law has stiff penalties with a maximum of $10 million Canadian dollars. A private right of action will come into force on July 1, 2017.
What’s the Takeaway?
The biggest impact to companies operating outside of Canada is that the law applies to any entity that sends e-mails to Canadian consumers. There is no exception for companies outside of Canada or companies that do not have knowledge of possessing Canadian e-mail addresses. Liability will still exist if you e-mail a Canadian individual even if you do not know they are in Canada.
Companies can take several steps towards compliance including:
- Evaluating its e-mail databases to determine whether e-mail addresses are linked to geographic data;
- If the e-mail addresses are linked to geographic data, companies should then evaluate whether either express or implied consent exists;
- If neither form of consent exists, companies should consider screening out Canadian customers.