Do you send emails, texts, or other electronic messages to your consumers, customers or suppliers? If so, you will be impacted by Canada’s Anti-Spam Legislation (“CASL”), which sets out new rules for sending commercial emails, texts, social media messages and any other form of commercial electronic message (“CEM”).
The primary obligation imposed by CASL is that the sender of CEMs must have the express consent of the recipient, unless a statutory implied consent (or exemption) applies. Where express consent is required, the recipient must give a positive opt-in consent: pre-checked opt-in boxes, or consent tied to the receipt of a service or entry into a promotion will not be sufficient. Certain contact information and other disclosures will now also be required when obtaining express consent.
In addition, CASL also requires that certain information be included in most messages themselves, including contact information and an unsubscribe mechanism.
Key points about CASL relevant to retailers include:
- CASL doesn’t just apply to traditional “spam”. Without the proper kind of consent in advance of sending the email, and the proper disclosures in the communication itself, your CEM could be contrary to CASL.
- CASL applies to messages that are either sent from, or received in, Canada. Even if the CEM originates from outside of the country, CASL may still apply.
- The onus is on the sender of the CEM to prove that express consent, when required, was obtained. Procedures, training, and ongoing monitoring should be in place if collecting emails and consent to send CEMs at the point of sale to know that you can prove the appropriate form of consent was obtained.
- Consent to receive a CEM may be implied in certain limited cases, including where an “existing business relationship” exists between the sender and the recipient. This includes situations where the recipient purchased goods or services within 2 years before the day on which the CEM is sent.
- Exceptions to the consent requirements may apply in certain situations, including where the CEM relates to a quote or estimate which was requested by the recipient, transactional emails (e.g. ecommerce) where the email facilitates, completes or confirms the transaction, and providing warranty or product recall information about a product or service that the recipient has purchased.
- CASL applies to direct messages sent through social media platforms like Facebook and Twitter, but not to public posts.
- CASL also applies to computer programs – not just malware, but virtually any app or website that makes software available to consumers’ devices. Note, however, that these provisions don’t come into force until January 2015.
- The penalties are significant: for corporations, up to $10 million penalty per day that a violation occurs and, in 2017, individuals will be able to file their own suits against alleged transgressors, or worse - file a class action.
This list of issues is not exhaustive. As a preliminary matter, retailers should take an inventory of the emails they send, and the basis on which they will be permitted to do so following July 1, 2014. Note that emails to obtain express consent will themselves be governed by CASL. Since there is no blanket grandfathering of existing lists, many companies are finding they need to go back and ask recipients to ‘reaffirm’ their consent now, prior to the July 1 deadline.