Canada has enacted the Canada Anti-Spam Legislation (CASL), which is now one of the most comprehensive electronic communication laws in the world. U.S. companies that use, or are considering implementing, a commercial e-messaging platform or campaign should review the CASL to determine whether their e-messaging policies are in compliance.
- The CASL requires Canadian recipients to “opt-in” before commercial e-messages can be sent to them.
- If the Canadian recipient consents, the sender can transmit commercial e-messages, but only if the CASL’s other requirements are met (see below)
- Failure to comply can result in penalties of up to C$1 million per violation of the CASL for individuals and C$10 million for legal entities. Officers, directors, and agents of a company may be personally liable if they approved or participated in a violation. However, an affirmative defense is available if due diligence and a good faith effort to comply with the CASL can be shown.
The CASL impacts any business that operates inside or outside of Canada that transmits a commercial electronic message (e-message) to a Canadian recipient. The CASL was passed in 2010 but the implementation of the first portion (and potentially most far-reaching) of the CASL was delayed until July 1, 2014. U.S. businesses need to understand the breadth of this legislation and the steps needed to comply with this new anti-spam law or significant financial penalties can be invoked that can even create liability on a business when an employee violates the CASL.
Under the CASL, a business cannot send, cause or permit to be sent to a Canadian recipient a commercial e-message unless (i) the recipient has consented to receiving it, either expressly or by implication; and (ii) the message complies with required form and content requirements. Under the CASL, a commercial e-message is any e-message (including emails, messages to social network accounts and text messages) that encourages the recipient to participate in a commercial activity, regardless of whether there is an expectation of profit.
The CASL, unlike the U.S.’s “opt-out” anti-spam policy, requires Canadian recipients to “opt-in” before commercial e-messages can be sent to them. Once a business obtains appropriate consent, the business can transmit commercial e-messages, but only if the CASL’s other requirements are met such as:
(a) identify the sender and, if different, the person or entity on whose behalf it is sent; (b) set out information enabling the recipient to readily contact one of the persons referred to in paragraph (a); and (c) set out a means for the recipient to unsubscribe.
The CASL does afford businesses, however, certain exclusions from the CASL’s stringent compliance obligations such as:
(a) responding to requests for product/service quotes; (b) furthering or consummating an ongoing commercial transaction; (c) providing product warranty, recall, upgrade or similar information; (d) dealing with ongoing subscriptions, memberships or similar relationships; or (e) involving a current employment relationship.
The CASL, notably, provides businesses a three-year transitional period ending on July 1, 2017, that enables businesses to adjust to the new consent requirements. When an "existing business or non-business relationship” exists with a Canadian recipient that included, prior to July 1, 2014, the transmission of commercial e-messages, consent is implied until the Canadian recipient makes it clear that the recipient no longer wants to receive commercial e-messages.
Businesses that use, or are considering implementing, a commercial e-messaging platform or campaign should carefully consider the CASL to determine whether their e-messaging policies are in compliance.
For more information, please contact the authors, Alex Woollcott and Ryan Kelly, or a member of MMM's Data Security & Breach Protection Practice.