The “anti-spam” portion of Canada’s anti-spam/spyware law (CASL) comes into effect on July 1, 2014. Most organizations are having very difficult times adapting to CASL’s confusing and prescriptive rules. According to a recent mini-survey conducted by the Canadian Chamber of Commerce of over 160 of its members, from responses to questions answered over 90% of Canadian organizations believe that CASL should be scrapped, amended, or at least be subject to a Parliamentary review before it becomes law. Over 80% believe it will not be effective against the most harmful sources of spam. 63% believe that it will make business more difficult for them. Most believe CASL’s consent, disclosure and unsubscribe requirements are disproportionate and unreasonable. 56% believe CASL will impede the creation of a business environment driven by entrepreneurs that encourages jobs, growth and long term prosperity for Canadians.
In spite of all this, CASL will become law and organizations need to comply with it to avoid the completely excessive AMPs that theoretically can be $10 million for each CASL violation and the personal vicarious liability of officers and directors. Moreover, contrary to what some have suggested, CASL compliance is not straight forward. The law and regulations are confusing and in some cases are technically or commercially impossible or impractical to comply with, at least without making costly investments in new technologies and platforms or renegotiating existing partner and service provider relationships.
The CRTC and Industry Canada have published materials to help guide CASL compliance including to help under understand the Act, the CRTC Regulations (the CRTC regs) and the Industry Canada Regulations (the GIC regs). When the Industry Canada regulations were finalized, Industry Canada published a Regulatory Impact Assessment Analysis Statement (RIAS) providing helpful guidance on some points of confusion. The CRTC published a General Compliance Guideline and the Toggling Guidelines. After publishing them, the CRTC clarified that the guidelines are “best practice” guidelines and do not necessarily have to be followed to be CASL compliant. The CRTC also published and later revised a short FAQ on CASL. More recently, it published some slides and a transcript from recent public information sessions on CASL as well as a Compliance and Enforcement Bulletin. It also just published guidance on the grandfathering of existing CASL consents.
The advice offered to date by Industry Canada and the CRTC does not address many of the thorny CASL compliance issues. Also, because much of the advice, especially from the CRTC is “best practice”, little guidance is available on what practices short of “best practices” would comply with the law.
To help organizations continue to think through CASL compliance issues and the impacts of the law, I offer below an unofficial FAQ and compliance guideline. I also illustrate below some of the real impacts CASL will have on organizations conducting activities in Canada and some of its impacts on consumers. This post takes into account advice offered by Industry Canada and the CRTC. However, unlike other blogs and compliance documents, this FAQ does not purport to be consistent with those documents where I believe them to be either wrong or not required to meet the only binding obligations: those set out in CASL, the GIC regs and the CRTC Regulations.
Interpreting CASL
How will CASL and the Regulations be construed? Like any legislation, under the Interpretation Act, CASL will be deemed to be remedial legislation and will “be given such fair, large and liberal construction and interpretation as best ensures the attainment of its objects”. CASL’s pre-amble and statements made about CASL’s objectives by the Government, as well as constitutional limitations on how freedom of commercial speech can be impinged upon under the Canadian Charter of Rights and Freedoms, all play important roles in determining how CASL will be construed. As I argued in a prior blog post that addressed the principles for establishing regulatory exceptions to CASL, the principles to be used in construing CASL should be the following:
CASL should deter and protect consumers and businesses from the most damaging and deceptive forms of spam and malware from occurring in Canada and help drive spammers out of Canada.
CASL should promote the efficiency and adaptability of the Canadian economy and encourage reliance on electronic means of carrying out commercial activities.
CASL should not impair the availability, reliability, efficiency and optimal use of electronic means to carry out commercial activities.
CASL should not impose unreasonable additional costs on businesses and consumers.
CASL should not compromise or impair, but should promote, the protection of privacy and the security of confidential information.
CASL should not undermine, but should foster, the confidence of Canadians in the use of electronic means of communication to carry out their commercial activities in Canada and abroad.
CASL should be technologically neutral.
CASL should not disadvantage or make Canadian businesses uncompetitive in domestic or foreign markets.
CASL’s prohibitions should comply with the values and constitutionally protected rights of commercial speech under the Charter of Rights and Freedoms. In particular, the limits on commercial speech must be reasonable and justified, minimally impair the free speech right, and be proportionate to the harm that is being targeted by CASL’s prohibitions.
It is likely that a plain reading of CASL and the regulations would violate many of the above principles. I explained why I believe this to be the case in a serious of other blog posts that are collected here. It is almost certain that CASL will not survive a Charter challenge. Nevertheless, until CASL is declared to be unconstitutionally overbroad, the principles set out above should be considered in interpreting some of CASL’s ambiguous provisions.
CEMs
What is a CEM? Unfortunately, almost every electronic message or category of message must be examined to determine if a message is a CEM. From having sat in endless meetings and having reviewed hundreds of “law school exams” trying to decide what are and what are not CEMs, I can only say that this is one of the most challenging parts of CASL. The importance and difficulties in distinguishing message categories has implications for when messages can be sent without consent and when the identification and unsubscribe options have to be provided.
What messaging systems are covered? An electronic message must be sent to an “electronic address” for it to be a CEM. Messages sent to e-mail, SMS or IM or “similar accounts” can be CEMs. Messages that are not sent to these types of accounts cannot be CEMs. Based on this, messages posted to blogs, messages sent to “timelines” like Facebook, LinkedIn or Twitter timelines, content sent to subscribers through RSS feeds are not CEMs. Some messages sent using social networks such as direct messages or email or IM messages sent to individuals on social networks can be CEMs. However, if users set up their profiles appropriately on social networks to display the identification information required by the CRTC Regs, then these messages can be exempt under the GIC Regs.
Must a message promote buying or selling a product to be a CEM? CASL’s definition of CEM is broader than messages that promote buying or selling products. The definition of CEM has a non-exclusive list of message types that are deemed to be CEMs. Other messages may be CEMs if they encourage participation in a “commercial activity”. This is defined in CASL as being “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit”.
The term “commercial character” is a term that is also ambiguous. At its broadest construction it could include messages that promote transactions where there is any exchange of consideration. However, given CASL’s potential impingement of commercial speech and in light of the noscitur a sociis principle, the phrase “commercial activity” should be construed by its association with other terms in the list of deemed commercial activities. The listed items in the definition of “commercial electronic message” include “offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land”, “offers to provide a business, investment or gaming opportunity”, and messages that advertises or promotes those activities, or promotes a person who does those things. The term “commercial activity” should be confined to acts, transactions, or conduct that have attributes that are common to these examples.
Are transactional messages CEMs? Section 6(6) of CASL exempts various classes of messages from the consent requirements of CASL. Where it applies the identification and unsubscribe formalities still apply. The wording of the section is tortured. Only CEMs that fall within the list are exempted from the consent requirement. However many of the listed messages would not otherwise be considered CEMs including messages that facilitate, complete or confirm a commercial transaction; provide warranty information, product recall information or safety or security information about a product, goods or a service; provide notification of factual information about the ongoing use or ongoing purchase of a product, goods or a service offered under a subscription, membership, account, loan or similar relationship, or the ongoing subscription, membership, account, loan or similar relationship of the person to whom the message is sent; provide information directly related to an employment relationship or related benefit plan; or deliver a product, goods or a service, including product updates or upgrades.
It is hard to understand why many of the message types listed in s6(6) need to be exempt from the consent requirement and why inferentially these messages need to contain identification and unsubscribe information. Further, if these messages are only deemed to be CEMs even if they wouldn’t otherwise be, it is harder to see how these restrictions on communications can be justified under the Charter or under the Federal Trade and Commerce power.
The better view is that the messages listed in s6(6) are not subject to CASL unless they encourage participation in a commercial activity and are thereby CEMs. If the messages listed in s6(6) are CEMs and are CEMs only by being those message types, they get the benefit of the implied consent exemption.
Is a message with a link to a website home page a CEM? The content available at a link is considered in determining if a message is a CEM because of the way “commercial electronic message” is defined. In this respect, CASL departs from the teachings of the Supreme Court in Crookes v. Newton 2011 SCC 47 which held that content that is accessible by clicking on an ordinary hyperlink is not published by the person making the hyperlink available. Some web pages serve a pure marketing or promotional purpose. Links to these pages run a higher risk of making the message a CEM, particularly if the link is prominent and the message encourages readers to access the content at the link. A home page can serve multiple purposes. It often contains important information identifying the message sender as well as information that describes the business lines and products of the business and links to other pages with more details about those products and services. Undoubtedly, one of the purposes of this information is to encourage participation in commercial activities. However, because of the importance of commercial speech on the Internet, even though the language of CASL might be broad enough to make messages containing links to home pages CEMs, that broad reading of CASL would almost certainly be ruled to be in violation of the Canadian Charter of Rights and Freedoms. Hence, a message containing a hyperlink to a home page that does not have as its main purpose the promotion of products or services so as to encourage participation in a commercial activity should not, as a result of that link, be considered a CEM.
Are surveys and market research CEMs? Surveys that have as their sole purpose collection of information or obtaining feedback are not CEMs. Messages intended to help gather information, even about a company’s products or services or even future products should also not be CEMs. Surveys and market research that are mere covers for promoting a product or service or which also promote a company’s products or services in a way that encourages recipients to buy them are CEMs.
Must a message directly encourage participation in a commercial activity? The definition of CEM is open ended and by itself could include electronic messages that are indirectly intended to encourage someone, even someone other than the recipient, to buy a product or service or participate in a commercial activity. In theory, news and press releases sent to traditional media, blogs or to other public relations influencers to encourage them to write about a product or service could be a CEM. This is another example of CASL’s potential over breadth, especially here as it would indirectly impact the freedom of the press. Messages sent to these types of persons who are not being encouraged to engage in a commercial activity should not be CEMs. CEMs should be limited to electronic messages that encourage the recipient (or the recipient’s organization) to engage in a commercial activity.
Are invitations to corporate events CEMs? It depends on what the purpose of the invitation is. If the purpose is to provide information such as information about market developments or to provide professional development opportunities, the messages should not be regarded as CEMs. It shouldn’t matter if indirectly the host or promoter of the event is a business. However, messages to promote an event to tout the products or services of a business would be CEMs.
Can a single message be a CEM? Yes, unlike more reasonable legislation in other countries, even a single message can be a CEM. There is no requirement that messages be sent in bulk and there is no de minimis exception for single emails in CASL.
Must a message be false or misleading to be a CEM? No, unlike legislation in other countries, completely accurate messages can be CEMs.
Does CASL apply to electronic messages that are accessed in Canada that re stored on or are sent from foreign servers? Yes, CASL applies extra-territorially to every country worldwide from which messages might be sent to or accessed by someone in Canada. It applies even if the message sender has no way of knowing that the message recipients are located in Canada. For example, if a foreign organization has hundreds of thousands of email addresses from individuals around the world in its database including email addresses without any geographic domain identifiers, e,g. gmail.com or hotmail.com, it cannot send any messages out that might be accessed or received by Canadians without risking violating CASL. To avoid liability it would have to use due diligence to purge potential Canadian residents from its email database.
Does CASL apply to CEMs sent from Canada into other countries? Yes. The GIC regs exempt messages, however, if the sender believes the message will be accessed in a foreign state that is listed in the schedule to the GIC regs and the message conforms to the law of the foreign state that addresses conduct that is substantially similar to conduct prohibited under section 6 of the Act. This requires Canadian organizations to know the anti-spam laws in each country in which CEMs are sent in order to avoid the double jeopardy of liability in both Canada and the foreign countries in which the messages are sent.
Does CASL applies to charities? Yes. There is an exemption for a registered charity as defined in subsection 248(1) of the Income Tax Act if the message has as its primary purpose raising funds for the charity. Therefore, charities, like all other organizations, will have to expend resources to comply with CASL for any other activities that have a commercial character. Ad supported newsletters will be affected. Since opt out and other PIPEDA compliant consents are not grandfathered under CASL and because it will be illegal to send out electronic messages to get express consents, one may expect that many individuals will cease receiving newsletters they rely on from charitable organizations including those that provide information related to new products or services that can help people deal with disability or health problems or to stay healthy.
Does CASL apply to politicians seeking campaign contributions? Yes. CASL will impact the ability of some politicians and parties to raise money. It thus will negatively impact our democratic institutions by making it harder for parties and candidates to raise money in order to participate in the free exchange of ideas. The GIC regs contain an exemption for federal and provincial parties and organizations and candidates for publicly elected office if the message has as its primary purpose soliciting a contribution as defined in subsection 2(1) of the Canada Elections Act. It thus discriminates against municipal and regional parties and candidates who do not get the benefit of the exemption. It is telling that the Federal politicians recognized the burdens imposed by CASL and gave themselves an exemption, leaving virtually the rest of the public subject to its burdens.
Express Consents
What is express consent? An express consent is a consent that is clearly and unmistakably stated. The term has the same meaning as “express consent” under PIPEDA which is interpreted as giving “an opportunity for the individual to express positive agreement to a stated purpose”. An opt in consent can be an express consent. An opt-out consent is not.
Can an express consent be obtained by pre-checking a toggle box? The CRTC contends that an express consent requires some affirmative action by the person consenting. It has consistently taken the position that a pre-checked box can never result in an express consent. A pre-checked box by itself that is never affirmatively accepted by a person is not an express consent. However, where the express consent obtained clearly incorporates a choice in a pre-checked box, there would be consent for that choice. An example is a clickwrap agreement where the user by clicking agree also clearly manifests consent to the pre-checked toggle box.
Are prior express consents recognized under CASL even if the request for consent was not obtained by following s10 of CASL and the CRTC Regulations? Yes. The CRTC recently confirmed this in the information sessions.
Implied Consents
Are prior PIPEDA compliant implied consents valid under CASL? No. Despite the extensive submissions made to industry Canada for these consents to be grandfathered including by the now retired former chief drafter of the legislation, regulations were not in place that would have made this happen.
Does the term “implied consent” have its usual common law meaning? No. The term “implied consent” is used to refer to a restricted list of exemptions where implied consent is deemed to exist. It does not have the same meaning as “implied consent” under PIPEDA. It also doesn’t include “inferred consent”, an exemption that is available in other countries such as Australia. The only situations in which a person can have an implied consent is where the sender has an “existing business relationship” or an “existing non-business relationship” with another person (as those terms are defined in CASL), or solely in connection with messages that are sent to a person in a business or official capacity, where the “conspicuous publication” or “business card” exemptions apply.
If an individual gives you his or her email address including by giving you a business card, can you send that person a CEM relying on the “business card” implied consent exemption? Incredibility, the answer is no in many circumstances. The exemption only applies if the email or other electronic address relates to a person in a business or official capacity and the message relates to those situations. This another example of CASL’s over breadth. For example, if an individual meets a real estate agent at a party and they discuss potential properties the individual might be interested and then following the discussion the person gives the real estate agent his email address on a napkin without more, the real estate agent could not send the individual information including information that the individual would probably want or receive under this exemption. Of course, the real estate agent could ask the individual at the party for express consent to send information, but also incredibly, the real estate agent would at the time of making the request have to provide all of the identification and unsubscribe information required by the CRTC regulations. You can imagine the individual’s incredulity about any need to receive such information. The real estate agent would, however, be able to send a CEM to the individual if it is sent in response to a request, inquiry or was otherwise solicited by the individual, relying on an exemption in the GIC Regs.
Can you email a business person using an email address you found published on the Internet or in a trade publication? Incredibly, the answer is no in many circumstances. The email address has to have been conspicuously published or caused to be so published by the recipient. One can probably assume that CASL’s drafters intended that a person’s email address published on his/her employer’s website would fit within the exemption, even though the employee may never have taken any steps to publish it or cause it to be published. Publication of an email address by a person on the person’s LinkedIn or Twitter profile would probably also be ok. One would hope that email addresses published by professional bodies such as law societies, medical, engineering, industrial, and other trade associations in directories would be covered, at least where the member consents either expressly or implicitly to such publication. However, the wording of the exemption which requires the person to publish the email address or to cause it to be published, raises questions about this and CASL’s over breadth. The public including consumers of products and services and new businesses need to be able to easily locate those with whom they want and need to communicate with.
Exemptions from CASL
Can a person email his her grandparent, uncle or aunt, or cousin asking for a loan to pay medical expenses or to help them with tuition fees without getting a prior express consent to e-mail them? No. Incredibly, CEMS to family members are exempt from CASL only if the recipient falls within the narrow exemption for family relationships. This is confined to individuals who are related to one another through “a marriage, common-law partnership or any legal parent-child relationship and those individuals have had direct, voluntary, two-way communication”.
Can a child send an email to all of his class schoolmates using email addresses supplied by the school offering to sell a baseball mitt or a used bike? Can a child email his parents’ friends offering to mow their lawn or shovel their snow for school money? Can a child send emails out to his/her sister’s friends offering to sell them girl guide cookies or chocolates to raise money for a school trip? Can a person email his/her high school or university acquaintances to ask them to tell their friends and family about a business just started up? No, these massages can only be sent to close friends, without express consent; to do otherwise will be illegal. There is an exemption for “personal relationships”. Yet despite submissions to Industry Canada to broaden it out to not make these kinds of activities legal, it did not do so. A “family relationship” is defined narrowly to be, essentially, close friends. The individuals must “have had direct, voluntary, two-way communications and it would be reasonable to conclude that they have a personal relationship, taking into consideration any relevant factors such as the sharing of interests, experiences, opinions and information evidenced in the communications, the frequency of communication, the length of time since the parties communicated or whether the parties have met in person”.
Can a person write to a charity or a not for profit organization to make an application to work for the charity? There is an exception in CASL to send a message to a person who is engaged in a commercial activity if it consists solely of an inquiry or application related to that activity. If a charity is not engaged in a commercial activity, then the exemption would not apply. This exemption was in CASL to ensure that individuals could reach out to businesses to apply for jobs. Assuming these messages are CEMs, then it would be legal for a person to apply for a job at a business, but not for a charity that does not also engage in commercial activities.
Can an employee of an organization send a CEM to other employees of the organization without obtaining express consent? Yes, under an exemption in the GIC regs, the Act does not apply to a commercial electronic message that is sent by an employee, representative, consultant or franchisee of an organization to another employee, representative, consultant or franchisee of the organization and the message concerns the activities of the organization.
Can businesses send any messages they want to other businesses under the B2B exception in the GIC regs? In particular, under the B2B exemption, can a business with no prior relationship with another business send the business an email letting the business know about its goods and services and propose to do business together? No. Under the GIC regs, CASL does not apply to a commercial electronic message that is sent by an employee, representative, consultant or franchisee of one organisation to an employee, representative, consultant or franchisee of another organization, only if the organizations have a relationship and the message concerns the activities of the organization to which the message is sent.
There are thus three key limitations to using this exemption. First, the two businesses must have a “relationship”. That term is not defined in the GIC regs. In its ordinary meaning it would include a level of association, involvement, or connectedness, between two people. Accordingly, it could include, but is not limited, to legal relationships such as any legally recognized legal relationship and other relationships that have a level of association, involvement, or connectedness, between two people. CASL defines categories of relationships such as existing business and non-business relationships. Presumably, as term “relationship” is not restricted to any particular kind of relationship, the indicia that can give rise to other relationships can be relevant in determining if a relationship exists.
Second, CEMs must relate to the activities of the recipient organization. It is unclear how the term activities is to be construed. Organizations, generally carry on multiple activities including research, development, manufacturing, distribution, finance, cash management and investments, marketing, advertising, public relations, procurement, audit, and legal. There is no reason not to recognize all of these as being “activities” of the organization.
Third, the only persons who can take advantage of the exception are organizations. Many individuals carry on business as sole proprietorships. It is unclear if these business people qualify for the exception or if other organizations can send them CEMs relying on the B2B exemption. There is no good policy reason for discriminating against small businesses and hopefully the CRTC and the courts will give the term a broad enough construction so this doesn’t happen.
Can an organization send marketing and promotional materials to a person who was asking about a product even if the two persons don’t have an existing business relationship? Probably, but only certain materials can be sent. The GIC regs has an exemption that permits sending a CEM that is sent in response to a request, inquiry or complaint or is otherwise solicited by the person to whom the message is sent. If the person expressly asked for the materials, then there is no doubt that promotional materials reasonably related to the request could be sent. The exemption does not state that that a request must be an express consent. Accordingly, in appropriate circumstances if it can be inferred from conduct or implied that a person made a request or otherwise solicited materials, they can be sent to the person asking about them.
If a person has unsubscribed from receiving CEMs from an auto leasing company, can the company send the lessee an unsolicited notice that the person’s car lease is expiring that also gives the lessee information about renewal options? The renewal option is likely a CEM. Although the lessee would unlikely not have intended to have elected not to receive information about end of term options, surprisingly the lessor cannot send the information unless an exception applies. The GIC regs contain an exception that permits sending a CEM (i) to satisfy a legal or juridical obligation, (ii) to provide notice of an existing or pending right, legal or juridical obligation, court order, judgment or tariff, (iii) to enforce a right, legal or juridical obligation, court order, judgment or tariff, or (iv) to enforce a right arising under a law of Canada, of a province or municipality of Canada or of a foreign state. If the lessee had a right of renewal or a pending right to receive the notice, then the lessor can send the lessee his/her renewal options, something that undoubtedly the consumer would want to receive. Otherwise, the lessor would have to send the notice by mail or some other inefficient means.
Can a sole proprietor send messages to his/her “LinkedIn Connections” over LinkedIn telling them about a new business without obtaining an express consent? Unless the LinkedIn connections are the person’s close friends, the “personal relationship” exemption would not apply. A message sent to a LinkedIn account would be sent to an electronic address and would be a CEM. But, under the GIC regs, if the message sender configures his or her profile in such a way that the social network conspicuously publishes the prescribed sender information (and the social network interface has a readily available means of enabling the recipients to unsubscribe from receiving CEMs), then the messages can be sent. However, the sole proprietor will be forced to publically disclose his/her address (or spend extra money to rent a P.O. box) on LinkedIn in order to comply with the CRTC regs.
Can a bank send CEMs to customers without complying with any CASL formalities in a bank portal in which only the bank can send the customers CEMs if the customers can send the bank messages back about their banking or other needs? The CRTC says no. It contends that the highly desirable two way functionality takes the banking portal outside of the exemption in the GIC reg which applies to CEMs “sent to a limited-access secure and confidential account to which messages can only be sent by the person who provides the account to the person who receives the message”. The “one way” restriction interpretation of the CRTC belies the policy behind the exemption, which was to remove restrictions on commercial speech where they served no useful purpose and to not regulate secure and confidential banking portals. There is no useful purpose served by preventing the exemption from applying where the portal functionality permits the consumer to communicate with an organization with which it does business.
Can a real estate agent working for a broker send out a CEM based on a referral from a customer to an acquaintance of the customer who is looking for a good real estate agent? No. The GIC regs contain a one time referral exemption. However, it is so narrowly crafted it doesn’t work in many situations in which it would be expected to. To work, the referrer and the intended recipient must be individuals. The GIC regs thus appear to distinguish between persons which include organizations and their employees and individuals. Thus a person acting as an employee may not be an individual who can make a referral or be entitled to get one. The GIC reg requires that the person making the referral have an existing business relationship, an existing non-business relationship, a family relationship or a personal relationship with the person who sends the message as well as any of those relationships with the individual to whom the message is sent. Since those categories are also narrowly drafted they won’t always apply, including in the question above where the recipient is merely a friend, but not a close friend, of the person making the referral.
Getting consents, unsubscribe, and message information requirements
If you are speaking to a person over the phone and you ask for his/her express consent to send him/her promotional materials about your products or services have you complied with CASL? No. Under the CRTC regs you have to do much more. CASL recognizes that consents can be given orally or in writing. However, for each, the person requesting consent has to tell the person being asked for the consent, the name by which the person seeking consent carries on business and provide the person’s mailing address, and either a telephone number providing access to an agent or a voice messaging system, an email address or a web address of the person seeking consent. The customer also has to be told that the consent can be withdrawn at any time. This is not a good customer experience.
If a company asks for consent to send people CEMs does the consent extend to your affiliates? No, unless the consent is also requested for the affiliates. If this request is made, then the person seeking consent also has to identify all of the affiliates by name, provide all of the same information about the affiliate that the person has to provide about itself, and tell the person whose consent is being sought that the consent is also being obtained on behalf of the affiliates. Can you imagine the consumer experience if this is done over the phone or in person? An organization can also seek consent on behalf of unnamed affiliates or third parties. But, if they do then Section 5 of the CRTC regs are applicable and they are very onerous and should be avoided if possible.
Must an individual or business have a website to send SMS messages that are CEMs? Yes. The CRTC regs set out the extensive information that must be included in each message that is sent out. The same rules apply, regardless of the medium used. It includes virtually the same information that must be included in every request for consent to send a CEM including the name of the business sending the message, and the sender’s the mailing address, and either a telephone number providing access to an agent or a voice messaging system, an email address or a web address of the person sending the message or, if different, the person on whose behalf the message is sent. An unsubscribe mechanism must also be provided. If it is not practicable to include the information and unsubscribe information in the CEM, that information may be posted on a web page that is readily accessible by the person to whom the message is sent at no cost to them by means of a link that is clearly and prominently set out in the message. Since it is impossible to include the required information in an SMS message, the message sender must have a web site. Many sole proprietors and small businesses do not have web sites. It is therefore illegal for them to send out CEMs in SMS messages. Since it is also impractical to include message content and information about the message sender and how to unsubscribe in 140 characters, it makes SMS messaging almost unusable, except where the sender has a complete exemption under CASL to send the message.
Does a retailer sending out an online flyer about the products and services of a third party have to identify the sender as the retailer or the third parties as the senders and who must provide the unsubscribe mechanism? Under CASL, if a message is sent on behalf of another person, the message must state who the message sender is and on whose behalf the message is sent. Further, the message recipient has to have a right to unsubscribe from receiving CEMs “from the person who sent the message or the person — if different — on whose behalf the message is sent”. The CRTC stated in the FAQ that “only the persons who play a material role in the content of the CEM and/or the choice of the recipients must be identified”. This suggests that if the retailers provided copy for the online flyer they have to be identified as persons on whose behalf the CEMs are sent and must also provide an unsubscribe mechanism. This can’t be right. Consider online flyers from a retailer that contain advertisements for 50 “products on sale that week” of third parties. It would be unreasonable to conclude that the messages are being sent on behalf of all of those third parties. If they were, then all of these entities would have to be identified as the senders along with all of the CRTC prescribed information and each of them would have to make an unsubscribe mechanism available to consumers receiving the flyers. It is apparent that this would be hugely confusing and impossible to administer.
More information about CASL
In the last few years, I have published numerous blog posts about CASL. Many of them are listed below for your reference.
CASL’s effect on small business, June 21, 2014
CASL clarified by CRTC at information sessions, June 8, 2014
CRTC releases new CASL FAQs, May 8, 2014
CASL: insights into Canada’s anti-spam law at the Lexpert conference, May 6, 2014
CASL and Freedom of Expression –The Writing Is on the Wall, May 2, 2014
CASL don’t forget about the computer program “malware” and “spyware” provisions, Apirl 7, 2014
Canada’s anti-spam law CASL applies to you even if you aren’t in Canada, March 2, 2014
McCarthy Tétrault releases CASL compliance toolkit, February 10, 2014
CRTC FAQ on CASL, December 18, 2013
The Industry Canada CASL regulations and RIAS: a lost opportunity, December 16, 2013
Legislative and Judicial Approaches to Internet Regulation: CASL as a case study, December 14, 2013
CASL Industry Canada regulations: summary and comments, December 4, 2013
Industry Canada CASL Regulations published, December 4, 2013
CASL marches towards starting gate, November 13, 2013
CASL – An FAQ, November 7, 2013
CASL flaws not Festivus grievances, September 16, 2013
•NSA spying, cyber security and liability under Canada’s anti-spam spyware law CASL, September 9, 2013
Implications of Canada’s Anti-SPAM Legislation (CASL) for IT Business, June 18, 2013
CRTC reports on CASL consultation, April 16, 2013
Charities, non-profits and CASL, February 21, 2013
The submissions to Industry Canada on CASL, February 19, 2013
Has the CRTC compromised its judicial independence on CASL?, February 18, 2013
Evaluating the Industry Canada CASL regulations: my submission to the consultation, February 5, 2013
Will CASL Hurt Charities? Let Us Count The Ways, February 4, 2013
Evaluating the Industry Canada CASL regulations: countering cyber-security threats, February 1, 2013
Evaluating the Industry Canada CASL regulations: defining commercial electronic message, January 30, 2013
Evaluating the Industry Canada CASL regulations: jurisdictional overreach, January 25, 2013
Evaluating the IC CASL regulations: the B2B exception (Part II-Non-business entities), January 22, 2013
Evaluating the Industry Canada CASL regulations: the B2B exception (Part I-SMEs), January 21, 2013
Evaluating the Industry Canada CASL regulations: family relationships and personal relationships, January 18, 2013
Evaluating the Industry Canada CASL regulations: how to assess them, January 16, 2013
•CRTC guidance on interpreting its CASL regulations and guidelines at the IT-Can/TCLG meeting, January 15, 2013
Evaluating the Industry Canada CASL regulations: why they are needed, January 14, 2013
Industry Canada CASL draft regulations now available, January 4, 2013
Industry Canada CASL regulations coming, December 20, 2012
CRTC clarifies questions about CASL, December 11, 2012
CRTC Issues CASL (Canada’s Anti-Spam Law) Guidelines, background and commentary, October 16, 2012
New CASL regulations coming but will they fall short?, May 22, 2012
CASL in force in 2013, April 27, 2012
Reflections on the new CRTC CASL regulations, March 29, 2012
CRTC finalizes CASL regulations, March 14, 2012
Will it be illegal to recommend a dentist under Canada’s new anti-spam law (CASL)?, January 3, 2012
Fixing CASL: comments on the draft CRTC and Industry Canada regulations, September 7, 2011
Rethinking FISA (now CASL), May 25, 2011