News

What Constitutes Implied Consent?

In my January 29th post on Canada’s new Anti-Spam Legislation (CASL), which will likely come into force sometime this year, I mentioned that there will be new requirements for sending certain types of emails and other electronic communications, and new regulatory requirements for installing software, including updates and upgrades.

In the February 14th post I provided a commentary on what electronic messages are governed by the statute. As mentioned in that post, unless exempted (which will be the subject of a subsequent post) commercial electronic messages (known as CEMs), which are defined in the February 14th blog post, may only be sent where: (a) the recipient has consented to receiving it, whether by express or implied consent, and (b) the message complies with the identification and unsubscribe mechanism requirements.

The March 3rd post discussed what constitutes express consent under CASL, for the purpose of sending CEMs and for installing software.

In this post I will discuss another form of consent for receiving CEMs – “implied consent”. I will also comment on the unsubscribe mechanism requirements.

What Constitutes Implied Consent under CASL (as it relates to CEMs)?

Consent for sending CEMs may be implied in the following situations:

1. Where the sender and recipient are in an “existing business relationship” or “existing non-business relationship:

(a) “existing business relationship”. An existing business relationship is defined as a business relationship that involves or arises from the purchase, lease or bartering of product, goods or services, a contract, or inquiry of a recipient within two (2) years immediately preceding the date the CEM was sent.

(b) “existing non-business relationship”. An existing non-business relationship is defined as a relationship arising from the recipient’s activities as a donor or volunteer for a registered charity, political party or political candidate, a member of a club, association or voluntary organization, within the two (2) years immediately preceding the date the CEM was sent.

At the moment, educational institutions, hospitals, charities, clubs and other organizations and interest groups who provide products or goods and services are not entitled to automatically claim implied consent, unless the relationship is an existing business relationship or existing non-business relationship, as those terms are defined in CASL. Newsletters from these organizations that include advertising, or which encourage subscribers to purchase goods or services may require express consent of the subscribers, since that part of a newsletter may be considered a CEM.

2. The “business card” consent: Where the recipient has provided an email address, including as part of a business card that contains an electronic address, has not indicated that the recipient does not want to receive unsolicited CEMs, and the message is relevant to the recipient’s “business, role, functions or duties in a business or official capacity”, consent will be implied.

This implied consent may also be limited in practice since the consent is limited to the recipient’s “business, role, functions or duties in a business or official capacity”. Any electronic communication related to personal, business or organizational endeavours that are not related to the business on the business card may require express consent. In that case, one may wish to obtain a personal email address.

3. The recipient has conspicuously published the electronic address to which the message is sent, the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person’s business, role, functions or duties in a business or official capacity.

The Unsubscribe Mechanism

Each CEM is required to provide an unsubscribe mechanism (either through an electronic address or a link to a web page) that is valid for a minimum of sixty (60) days after the message has been sent, at no cost to the recipient. Any request to unsubscribe must be honoured within ten (10) business days after the request was sent.

For computer programs, the unsubscribe function must be valid for one (1) year after the computer performs any of the functions consented to.

The unsubscribe mechanism must able to be “readily performed”. This means that it can be “accessed without difficulty or delay, and should be simple, quick and easy for the consumer to use”. The following are examples of acceptable unsubscribe mechanisms:

1. An email address where a recipient may reply with the word “Stop” or “Unsubscribe”, or a link in an email to a website where users can unsubscribe from some or all of the sender’s CEMs;

2. An SMS providing users the option of either replying with the word “Stop” or “Unsubscribe”, or by clicking on a link to a website where users can unsubscribe from some or all of the sender’s CEMs.

The CRTC recommends that users be given the opportunity to unsubscribe from all messages from the sender, not merely CEMs, however this is not a requirement.

In my next post I will comment on CEMs that are excepted from the consent, identification and unsubscribe mechanisms of CASL.

-Eve

 

Share