Canadians are often bombarded by unwanted emails, text messages, faxes, tweets and other forms of electronic communications. There has been little regulation, and spammers have conducted their business as they have seen fit. Recipients of electronic junk could not help but feel that they were in Wonderland. This feeling was expressed by Alice when watching the Queen’s croquet game.
“I don’t think they play at all fairly,” Alice began in a rather complaining tone, and “they don’t seem to have any rules in particular; at least, if there are, nobody attends to them, and you’ve no idea how confusing it is.”1
Spammers’ free-for-all, or Wonderland, may be coming to an end in Canada. Starting July 1 of this year, when much of Canada’s Anti-spam Legislation2 (CASL) comes into force, there will be rules and severe consequences for not adhering to those rules. Even though there will now be rules in place, however, there will be confusion.
Much has been written about the contents and implications of CASL. (Please see Blaney McMurtry newsletter articles by my colleagues Henry Chang at http://www.blaney.com/articles/canadas-anti-spam-law-comes-force-july-1-2014 and Danielle Stone at http://www.blaney.com/articles/business-must-prepare-now-new-rules-governing-communications-customers.)
Other than to state that CASL:
- prohibits the sending of commercial electronic messages unless:
- the recipient has provided consent,
- the message contains certain regulated information,
- the message provides the sender’s contact information and
- the message contains an unsubscribe mechanism; and
- that the fines are $1million for an individual and $10 million for a company,
this article is not intended to describe CASL. Rather, its purpose is to provide a brief summary of steps that should be taken, before June 30, 2014, to prepare for CASL becoming effective.
Before discussing the steps to take now, it would be helpful to understand the difference between an express consent and an implied consent.
A person will have given an express consent where an actual consent is given and the person giving the consent was advised of:
- the purpose, or purposes, for which the consent is being sought;
- the name by which the person seeking consent carries on business;
- the mailing address, together with one of (i) a telephone number providing access to an agent or a voice messaging system, (ii) an email address or a web address of the person seeking consent, and
- a statement indicating that the person whose consent is being sought can withdraw that consent.
There are additional rules if a person is seeking consent on behalf of someone else.
A consent will be implied if there is an existing business relationship or where the recipient sends its electronic address to the sender (e.g. by sending the address or conspicuously publishing it without indicating that it does not wish to receive unsolicited commercial electronic messages and the message is relevant to the recipient). Certain relationships are considered to be an existing business relationship and therefore result in an implied consent (e.g. the two-year period after a purchase, the two-year period after the recipient accepted an electronic message regarding a business, investment or gaming opportunity offered, and the six-month period following an inquiry by the recipient to the sender).
Steps to be taken to get ready for CASL include:
Steps should be taken to ensure that after June 30, 2014 all electronic messages include the information described above for obtaining an express consent. If it is not practical to include that information in the commercial message, then the information must be posted on a page on the World Wide Web that is readily accessible to the recipient of the message, at no cost to the recipient, by means of a link that is clearly and prominently set out in the message. If applicable, the website and links should be developed soon.
Consent mechanism: Design a methodology for consents to be given. In designing the methodology have the person giving the consent do something to indicate the giving of consent; do not use an opt out mechanism (like pre-checking a box)
Evergreen consents: According to the Canadian Radio-television and Telecommunications Commission (CRTC), which is one of the administrators of the CASL regime3,
“If you obtained valid express consent prior to CASL coming into force, you will be able to continue to rely on that express consent after CASL comes into force, even if your request did not contain the requisite identification and contact information. However, all CEMs (commercial electronic messages) sent after CASL comes into force must contain the requisite information, meet all form requirements and contain an unsubscribe mechanism. If requesting express consent after CASL comes into force, you must meet all form requirements, including setting out the identification information. Please keep in mind that the legislation requires you to prove that you have obtained such express consent after CASL comes into force, even if your request did not contain the requisite identification and contact information.”
Essentially, existing consents will be grandfathered. After June 30, 2014 the rules of CASL will come into play, making it difficult to solicit consents electronically. Accordingly, it is suggested that businesses update or refresh the consents by obtaining compliant consents now.
The mechanism must be accessed without difficulty or delay, and should be simple, quick, and easy for the consumer to use (examples of appropriate unsubscribe mechanisms include a link in an email that takes the user to a web page where he or she can unsubscribe from receiving all or some types of CEMs from the sender or for text messages over cell phone giving the recipient the choice between replying to the text message with the word “STOP” or “Unsubscribe” and clicking on a link that will take the user to a web page where he or she can unsubscribe from receiving all or some types of CEMs from the sender.
- Record Keeping
The onus is on the sender of electronic messages to show that it has a consent and that the consent has not been withdrawn. Procedures should be established for recording and storing consents but, more importantly, for keeping records up to date so that anyone unsubscribing or withdrawing their consent is removed immediately from any lists from which mass electronic communications are sent. An acceptable method of obtaining a consent is checking a box on a web page to indicate consent, but there needs to be a record of the date, time, purpose, and manner of how that consent is given. So, databases need to be established to capture that information.
Where an implied existing-business-relationship consent is being relied upon, the database should include a record of the start date and the end date for the implied consent. There needs to be a mechanism for removing the person from the list of those providing consent at the end of an applicable period (i.e. six months for an inquiry and three years for a transaction) There are additional rules for installing programs on someone’s computers.
Compliance with CASL should not be onerous, but it is important to understand the rules and follow them. Steps taken now will make compliance easier.