In 2014, Canada joined the many countries that have already enacted anti-spam laws with the coming into force of Canada’s Anti-Spam Legislation (CASL). The CASL provisions regulating the installation of computer programs come into force on January 15, 2015.

The following presents general information about the CASL computer program installation provisions and the effect these provisions may have on your business.

Prohibition on Installation of Computer Programs in the Course of Commercial Activity without Prior Consent: CASL provides that a person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person’s computer system, without consent.

In this context, the term “computer program” is broadly defined to include most software applications, while the term “computer system” includes not only traditional computers, but other connected devices, including tablets, smartphones, gaming consoles, computerized appliance, computerized vehicle, or any other connected device that incorporates hardware and computer program components.

Consent Required for Installations, Upgrades & Updates: CASL requires that consent be obtained for both the initial installation of a computer program and all future updates or upgrades to the computer program.

In most instances express consent for a computer program installation is required under CASL, however there are some allowable exemptions, including those discussed below.

Request for Consent: When a request for consent is provided to a user, specific information must be provided, including:

  1. the name of the party seeking consent;
  2. contact information for the party seeking consent;
  3. the reason why consent is sought;
  4. a statement indicating that consent can be withdrawn at any time; and
  5. a description of the function and purpose of the computer program to be installed.

Deemed Consent for Certain Computer Programs: The CASL rules provide that a person is deemed to have expressly consented to the installation of certain types of computer programs if that person’s conduct is such that it is reasonable to believe that he or she consents to the installation. The types of computer programs to which the deemed consent rule applies include cookies, JavaScript, HTML code, an operating system, software installed solely to correct a failure in a computer system, and software installed by a telecommunications provider to protect network security, upgrade a network, and/or prevent the failure of a computer system or program.

Self-Installed Computer Programs: The CASL rules do not apply when the owner (or authorized user) of a computing device installs a computer program on his or her own computer system.

Self-Installation & Updates/Upgrades: The CASL rules also apply to the installation of upgrades or updates to a computer program, even if the original computer program was self-installed.

Additionally, even if a user self-installs an update or upgrade to a computer program, the CASL rules will still apply if the update or upgrade is considered to have certain functions that are particularly invasive and which are which would not normally be expected by the user.

Penalties: Under CASL, the CRTC can impose monetary penalties up to $1 million per violation by an individual, and up to $10 million per violation by an organization. The factors to be considered in a determination of appropriate enforcement measures include: the nature of the violation, the seriousness and impact of the violation, the history of non-compliance, and measures to prevent future violations.