On December 4, 2013, the Canadian government announced that most provisions of Canada’s new anti-spam legislation (known as “CASL”) will come into force on July 1, 2014. Certain sections of CASL relating to computer programs and software will come into force on January 15, 2015. The final regulations (the “Regulations”) were also published. These Regulations are the result of a lengthy consultation process that the government had with businesses and other stakeholders.

Now that a date has been set for CASL to take effect, any person, business or organization that sends commercial electronic messages (such as email and text messages) (“CEMs”) needs to take immediate action to make sure they comply. Keep in mind that although CASL refers to “spam”, the law is drafted so that it applies to a much broader array of messages than would normally be regarded as spam. Technically, a single email sent to a person that has a commercial purpose falls under CASL. In addition, since CASL applies to CEMs sent from or accessed in Canada, persons located outside Canada will also need to comply if they send CEMs to recipients in Canada.

The key requirements of the new law are:

  • Consent – The recipient of the CEM must have given his or her consent to receive CEMs. The consent can be expressly given, such as a recipient signing a document or checking a box on a form, indicating his or her consent to receiving these kinds of messages from the sender. The consent must be specific about the type of CEMs that will be sent - e.g., marketing emails, product updates, promotions, and/or newsletters – and cannot be buried in the terms and conditions or privacy policy. Consent can be obtained verbally, but adequate records should be kept to demonstrate that consent was given.
  • Content of the Message – The CEM must contain the name of the sender and its contact information (address and telephone number, email or website). If the sender is sending the CEM on behalf of a third party (e.g., a marketing agency is sending an email blast on behalf of its client), the sender must identify the person on whose behalf the message is being sent.
  • Unsubscribe – The CEM must contain a no-cost mechanism that allows the recipient to unsubscribe from receiving future CEMs. A request to unsubscribe must be implemented within 10 business days.

The law allows for some exemptions, including:

  • CEMs sent to confirm a transaction that the recipient entered into with the sender;
  • CEMs responding to a request for a quote or estimate;
  • CEMs that solely provide warranty or product recall information, or other factual information about the use of a product or service (e.g., bill payment reminders); and
  • CEMs sent between people in a family or other personal relationship.

Use of an exemption requires careful analysis. Some exempt the sender from the consent, content and unsubscribe requirements, while others only exempt the consent requirement. In other words, the sender may not be required to obtain express consent from the recipient to send the message, but may still be required to include an unsubscribe mechanism and information about the sender in the message.

Consent may also be implied where CEMs are sent to recipients with whom the sender has an “existing business relationship” or “existing non-business relationship”. These terms have a specific meaning in CASL.

In addition, the finalized Regulations that Industry Canada just released create some new exemptions, including:

  • CEMs sent by registered charities that have, as their primary purpose, the purpose of raising funds for the charity;
  • Emails sent internally in a business, or between businesses that have an existing relationship, and that relate to the activities of the business;
  • CEMs sent on a limited-access, secure and confidential account that can only be accessed by the person who provides the account to the recipient (e.g., messages sent by a bank through online banking);
  • CEMs sent on electronic messaging services where the required identification and unsubscribe information are conspicuously published and readily available to the recipient on the user interface, and the recipient has consented to receiving the message; and
  • CEMs sent to someone that the sender reasonably believes is outside Canada and where that foreign country already has its own anti-spam legislation. The Regulations have a list of countries that qualify for this exemption.

Moreover, the Regulatory Impact Analysis Statement (the “Statement”) accompanying the Regulations provides clarification in the following areas:

  • Third Party Referrals – The Regulations allow a person to send a single message to a prospective client who has been referred by someone that the prospective client has an existing relationship with.
  • Sharing Contact Lists – A business may request consent for other third parties to send CEMs to the recipient, even if those third parties are not identified when consent is sought, provided certain conditions are met. Third parties must be able to communicate with the original requestor to notify the original requestor that a recipient has withdrawn consent from receiving third party messages.
  • Banner Advertisements - The Statement clarifies that banner ads on a website are not subject to CASL.

Failure to comply with CASL can have serious consequences. The administrative monetary penalties for a violation are up to $1 million for individuals and up to $10 million for organizations, per violation.

CASL has implications for every business and organization that uses CEMs as a marketing or promotional tool.