BACKGROUND TO CASL
CASL is Canada’s new anti-spam law. Most provisions are coming into force on July 1, 2014. Any individual, business, or organization that sends commercial electronic messages (such as emails and text messages) (“CEMs”) must ensure that they comply with CASL. For past information bulletins and FAQs to assist individuals and businesses in understanding and complying with the requirements of CASL, please visit blg.com/antispam.
Highlights of Discussion with Industry Canada and the CRTC
The following is a brief summary of some of the topics addressed by the panelists.
Several of those in attendance were concerned with whether the consents obtained prior to July 1, 2014 would be valid as express consent under CASL. Under CASL, among other things, express consent requires recipients to agree to receive CEMs by “opting-in” or by taking some other form of positive action to signify consent (e.g. checking a box online). Attendees wanted to know whether consents obtained where recipients provided consent without “opting-in” (e.g. a pre-checked box) would be valid as express pre-CASL consent under CASL.
The panelists stated that express consent obtained prior to July 1, 2014 – including consent obtained through a pre-checked box – may be considered valid express consent under CASL. The panelists reminded attendees that even if express consent was validly obtained prior to July 1, 2014, CEMs sent after that date must satisfy the content and unsubscribe mechanism requirements. The panelists also recommended that the attendees properly vet their mailing lists prior to sending CEMs to ensure that they can support any claim that they obtained valid consent prior to July 1, 2014.
The audience was particularly interested in whether the contacts who are your “Friends” on Facebook and “Followers” on Twitter would satisfy the personal relationship exemption. The personal relationship exemption applies to CEMs sent by one individual to another individual with whom they have a personal relationship, which means that the sender and the recipient must have had direct, voluntary, two-way communication and it would be reasonable to conclude that they have a personal relationship after accounting for any relevant factors such as the sharing of interests, experiences, opinions, etc. CEMs sent by persons in a personal relationship are exempt from the consent, content and unsubscribe requirements. The panelists stated that merely being identified as a “Friend” or “Follower” generally was not sufficient to satisfy the requirements of the personal relationship exemption and that all relevant facts regarding the relationship must be considered to determine if a reasonable person would conclude that the relationship is personal in nature. Frequent interaction over social media platforms may prove the existence of a personal relationship,but something more than being accepted as a “Friend” or “Follower” is required to establish this conclusion.
The panelists pointed out that posting on someone’s Facebook wall or sending tweets may not be considered CEMs because these messages are not sent to an “electronic address” and therefore maynot be regulated under CASL. They noted, however, that private or direct messages sent to an electronic address within social media platforms may be considered CEMs if the message has as its purpose, or one of its purposes, to encourage participation in a commercial activity.
Requests for Quotes, Estimates, Inquiries and Complaints
The panelists clarified the distinction between the exemption for CEMs that provide a quote or estimate and those sent in response to a request, inquiry or complaint or that was otherwise solicited by the recipient. The first category applies to CEMs with a financial component and is exempt from the consent requirement, whereas the second category includes CEMs without a financial component and is exempt from the consent, content and unsubscribe requirements.
The panelists described the enforcement regime as a three-party regime between the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner of Canada. These three parties have entered into a memorandum of understanding that encourages cooperation and coordination of enforcement activities, including the sharing of information to assist in identifying breaches and pursuing enforcement measures. The CRTC also intends to leverage domestic and international partnerships with other stakeholders (e.g. telecom service providers, email service providers and marketers, mail service providers, and reputation and security vendors) to assist in carrying out its enforcement mandate.
Beginning on July 1, 2014, individuals will be able to report spam and other violations at fightspam.gc.ca. The panelists noted that unlike the Office of the Privacy Commissioner of Canada, the CRTC is not required to investigate all complaints received and the determination of whether a complaint will be investigated depends on a variety of factors including the frequency and severity of complaints. Complaints filed at fightspam.gc.ca and data obtained from other sources will be monitored and indexed to assist in identifying spamming trends and to serve as an evidentiary database. If certain patterns emerge regarding the identity of the sender or the type of CEM, the CRTC will leverage the information within the database to pursue necessary action.
In the upcoming weeks, the CRTC expects to release an information bulletin regarding corporate compliance to assist businesses and organizations in developing effective compliance tools. The CRTC also expects to release additional FAQs, which will provide additional guidance on the meaning of “commercial” and which will answer some of themost common and pressing questions that the regulators have received as they conduct these CASL sessions across the country.
CASL has potentially serious implications for almost every Canadian organization that sends electronic messages to customers and potential customers, and every foreign organization that sends electronic messages to Canadian customers and potential customers. Organizations should establish and implement a reasonable CASL compliance plan (which may include converting existing mailing lists to lists of CASL-compliant express consent to receive CEMs) before CASL comes into force on July 1, 2014.