As reported in previous issues of this Newsletter, Canada’s Anti-Spam Legislation (“CASL”), which regulates the transmission of electronic messages, came into force on July 1, 2014. CASL applies to the transmission of commercial electronic messages (“CEMs”). CEMs include e-mails, text messages, social media messages, or any other similar forms of electronic communication to third parties, whether they are businesses, consumers, members, volunteers, or donors. CASL’s definition of “commercial” refers to acts or transactions that are of a commercial nature, including activities that are carried on without the expectation of profit. No type of organization is exempt from CASL. As such, if a not-for-profit or charitable organization sends CEMs, it is affected by CASL. Notably, charities are permitted to send certain types of CEMs where the primary purpose of the message is fundraising (this is discussed in further detail below).
Since coming into force, significant fines have been levied against companies by CASL enforcement agencies. In 2015, Quebec based Compu-Finder received a $1.1 million fine for sending e-mails to consumers without consent and in November of 2015, Rogers Media Inc. was fined $200,000 for sending e-mails with a malfunctioning “unsubscribe” option. In December of 2015, the first warrant was served under CASL as part of an international botnet takedown.
Up until now, organizations that have been in contravention of CASL have only faced penalties imposed by government regulators. However, beginning July 1, 2017, CASL will allow individuals and organizations who are affected by an act or omission that constitutes a contravention of CASL to bring a private action in court for actual damages and statutory damages against the party that they allege has violated the law. In addition, the three year transition period for CASL, which provided more flexible rules for implied consent to receive CEMs, will end on July 1, 2017. As the end of the transition period and the introduction of the private right of action could significantly increase CASL compliance related complaints and litigation, and possibly even lead to class action lawsuits, we recommend that all organizations carefully review their practices and policies to ensure they are in compliance with CASL.
Unless an exemption applies, organizations that send CEMs must comply with the following three requirements:
- The sender must obtain the recipient’s consent to receiving the message. Consent can be either express or implied;
- The sender must include their identity and contact information in the message; and
- The sender must include an unsubscribe mechanism in the message.
CASL’s anti-spam provisions do not apply to a CEM sent by or on behalf of a registered charity, as defined under the Income Tax Act, where the primary purpose of the CEM is to raise funds for the charity. Unfortunately, non-profit organizations are unable to rely upon this exemption because it only applies to organizations that are registered charities under the Income Tax Act.
Other exemptions to compliance with CASL include CEMs that are sent:
- internally within an organization where the message concerns the activities of the organization;
- between organizations with an existing relationship where the message concerns the activities of the recipient organization;
- in response to an inquiry or referral;
- in regard to a legal obligation or legal right; or
- to a recipient the sender reasonably believes will be in a foreign country when they access the message.
For a list of recommended steps for developing CASL compliance, please see our December 2013 newsletter. For more information on how CASL applies to charities and not-for-profit corporations see here.