If you send email information and newsletters to people on email address lists, you may wish to become aware of the requirements of Canada’s Anti-Spam Legislation (CASL). The date on which CASL comes into force and effect has not yet been stated. However, the Electronic Commerce Protection Regulations were published by the Canadian Radio-television and Telecommunications Commission (CRTC) on March 28, 2012, and a Compliance and Enforcement Bulletin providing guidance on certain aspects of the regulations was published October 10, 2012.
CASL defines a commercial electronic message (CEM) as follows: A CEM is:
an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that (a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land; (b) offers to provide a business, investment or gaming opportunity; (c) advertises or promotes anything referred to in paragraph (a) or (b); or (d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.
The principle underlying the regulation of CEMs is consent. Under Section 6 of CASL, a sender is prohibited from sending a CEM, or causing or permitting a CEM to be sent unless (a) the person to whom the message is sent has consented to receiving it, whether the consent is express or implied; AND (b) the message complies with the regulations. (Note that CASL also regulates the alteration of transmission data in electronic messages, and the installation of computer programs on another person’s computer system in the course of a commercial activity but these are not the focus of this writing.)
Each CEM is required to identify the sender of the message, or the person on whose behalf the message is sent, and contact information, including a valid mailing address, for such person(s). The contact information is also required to be included in the request for consent. Further guidance for these items is contained in the Bulletin.
An unsubscribe mechanism is required. It must be set out “clearly and prominently” in each CEM, and able to be “readily performed.”
Regarding consent, the Bulletin provides that consent is required to be sought by each recipient for the sender to send CEMs, and that the sender may not subsume or bundle the consent in other items such as general terms and conditions of use or sale. The Bulletin states that people “must be able to grant their consent to the terms and conditions of use or sale while, for instance, refusing to grant their consent for receiving CEMs”.
Consent may be oral, written or a combination.
With oral consent, the consent must be able to be verified by an independent third party or a complete and unedited audio recording. Written consent includes filling out a consent form at a point of purchase. If consent is obtained via a web page, the date, time, purpose, and manner of that consent is required to be stored in a database. The Bulletin informs that the following means of obtaining consent would be compliant:
- a separate tick-box for each consent, which must be proactively checked by the person whose consent is being sought in order to indicate consent;
- a separate icon for each consent, which must be proactively clicked by the person from whom consent is being sought; or
- any combination of the above.
The Bulletin appears to rule out default settings for consent, such as where the user is able to uncheck a box to exercise their choice rather than the user proactively checking a box. For example it indicates that a pre-checked box consenting to CEMs that is adjacent to a button that the user must click to signify agreement to a contract (for example to purchase a product) is not valid consent to the receipt of CEMs.
The onus of proof is on the sender, my friends, so it is in your best interests to take steps now to ensure compliance when CASL once it is in force and effect.Share