Wednesday, June 11, 2014

A Perspective on the new Canadian Anti-Spam Legislation

If you are a business operating within Canadian borders and you are involved in sending electronic messages to your customers, you must take the time to read the following advice. There are actions that you MUST undertake prior to the new law coming into effect on July 1. 

A quick overview of Canada’s new Commercial Electronic Message (CEM) legislation. 

Canada has recently adopted a new anti-spam legislation. The law is described in detail on this page ( This new law goes into effect July 1, 2014.

We have prepared this brief overview of the new legislation as a service to readers and also as a public service to help those who seek an understanding of the new legislation. This article is not meant to be a substitution for proper legal advice and if you have any questions about the legal nature of this legislation, it is your responsibility to contact a legal professional.

What is the Anti-spam legislation? 

Canada’s new Anti-Spam law was passed in December, 2010 and comes into effect July 1, 2014. The CRTC has published final regulations related to Canada's anti-spam legislation. A copy of the regulations can be found on the CRTC website. The name of the law is the Telecom Regulatory Policy CRTC 2012-183. 

The Regulations prescribe the form and certain information to be included in commercial electronic messages (CEMs), and requests for consent with respect to the sending of CEMs, the alteration of transmission data in electronic messages, and the installation of computer programs.

The Regulations also define SPAM as “any electronic message” – text, sound, voice, image – sent to an electronic address for the purpose of encouraging participation in a commercial activity. It includes email, but also texts, tweets and instant messages.

It is not clear to Technoracle how Twitter or Facebook posts will be interpreted as spam.

How does it affect Canadians? 

All Canadian citizens or companies with a presence in Canada that send electronic messages as described above are subject to the laws starting July 1, 2014.

What is defined as “SPAM” under the new legislation?

Without diving into the specific text of the legislation, SPAM is defined as any Commercial Electronic Message (CEM) sent to an electronic address without consent of the recipient.

What are the legal remedies and penalties for violations?

Fines of up to $1 million for individuals and $10 million for corporations are possible. Additionally, the law will also allow those affected by a contravention of the law (such as getting spammed) to launch an action in court against those who have violated the law. Once into force, the private right of action will allow an applicant to seek actual and statutory damages.

Who will enforce it? 

There are three federal agencies that will enforce the new legislation. The Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner of Canada will be responsible for enforcement.

What does the regulation specifically prescribe? 

First and foremost, the Regulations prohibit sending Commercial Electronic Messages (CEMs) unless the recipient has given express consent, or falls into a category where there is implied consent or one of the exemptions applies. It also prescribes the form and certain information to be included in commercial electronic messages (CEMs), and requests for consent with respect to the sending of CEMs, the alteration of transmission data in electronic messages, and the installation of computer programs. Most importantly, an unsubscribe mechanism must be in place that allows any recipient to unsubscribe and stop receiving any further CEMs.

What constitutes express consent?

The recipient has to opt-in, not opt-out. The request must be clearly identified. A pre-checked opt-in box or an unchecked opt-out box will not do. The recipient must take a positive step to opt-in. Silence does not mean consent. The onus to prove consent is on the sender.

NOTE: Technoracle has a Consent Module (an HTML5 module) that can link an individual to an express consent event.  The entire transaction is hash-tied to you can prove later that your customer opted in.  If you wish to get an overview of this technology, it is available from duane (AT) technoracle (hyphen)

What are the other requirements for getting express consent?

  • Explain the purpose for the request. 
  • Name the person or organization, or on whose behalf, you are seeking consent. 
  • Give your name, mailing address and phone number, email or website address. 
  • Provide an unsubscribe option which is readily performed and will take effect within 10 days. 
Are there any exceptions where consent is not required?

There are certain conditions that provides for exemptions under the new law. Briefly, these are:

  • If consent of the recipient can be implied 
  • For communications that are within the domain of a business 
  • Where there is an existing business relationships and/or the CEM is relevant to the recipient’s role, function or duties. 
  • If the electronic messages is sent in response to a direct request for information. 
  • To enforce a legal right or obligation. 
  • If it relates to an existing transaction. 
  • If you are a customer inquiring about a business activity. 

Is there a time limit on consent? 

  • Express consent does not expire but can be withdrawn. 
  • Implied consent often depends on a specific relationship between the parties and therefore ends when that relationship ends. It can also be withdrawn at any time. If you are relying on this, it would be a good idea to seek legal advice from a qualified attorney. 
  • CEMs to which an exception applies may only be sent within the time limits set out in the Act.  
These vary depending upon the type and nature of the communication.

What qualifies as an ‘existing business relationship’? 

Recipients are considered as having an existing business relationship for purposes of the legislation, if the recipient of the communication has:

  • Bought or leased goods or services from you within the past twenty four months; and/or 
  • Made an inquiry about a contract, purchase or other financial transaction within the past 6 months.
When may consent be implied?

Some message recipients have an implied consent to receive messages. The exact nature of this consent has not been interpreted within the courts and individuals relying on this exception are urged to seek legal advice. Consent may be implied, as defined within the legislation, where the recipient is:

  • an individual with whom the sender has a personal or family relationship; and/or
  • the recipient is an individual or entity engaged in a commercial activity and the CEM is solely related to that activity. 
  • the recipient has conspicuously published an email address or given you one and the CEM is relevant to the recipient’s business role (the ‘publication’ exception); and/or 
  • the recipient has disclosed his or her electronic address to you, has not indicated any wish not to receive unsolicited CEMs and the CEM is relevant to the recipient’s business role (the ‘business card’ exception). 

In all the above cases, if the recipient requests that you not send further messages, such requests supersede any implied consent and consent will have been deemed as withdrawn on a permanent basis or until the recipient sends communications to the contrary.

Are any non-business relationships exempted? 

The following situations may be considered exempt, as long as the recipient has not expressed a communication that you stop sending them messages.
  • if the recipient has made a donation or gift or volunteered or been a member of your club, association or voluntary organization within the past 2 years; or 
  • if the CEM is sent by or on behalf of a registered charity and the message is primarily for raising funds for the charity.

Any other notable exceptions?

You can send a CEM to someone who has been referred to you by a third party, provided the third party has a family, personal or business relationship with both you and the recipient.

What do I need to do before July 1, 2014?

If you are a customer of Technoracle, you are entitled to a free consultation for thirty minutes to ask any other questions. Customers also may have their consent-linking module installed on their website for an introductory price before July 1.

NOTE: Remember that Technoracle Advanced Systems Inc. is not a firm practicing law in the Province of British Columbia and is not a substitute for any legal opinions you should seek if you have outstanding questions. All the information provided hereinafter is strictly provided as a non-legal practitioner perspective and our interpretation of the new legislation.

We use two local law firms that we recommend:

- Venture Law Corporation (contact Alixe Cormick)
- Boughton Law Corporation (Contact Claudia Losie)

Without limiting the generalities of the foregoing,  Technoracle would advise that any persons or other entities engaged in the dissemination of electronic communications to review the following:

  • Review your current internal practices and guidelines for sending CEMs and which ones will comply with CASL. Ensure that any staff involved with these activities is informed of the changes and has a chance to ask any questions they might have to clarify their understanding. 
  • For all existing email lists, you should assess whether or not you have valid consent, either express or implied, from any recipients. If you do not, it is recommended that you refrain from sending further emails until you can obtain such consent. 
  • If you don’t have consent, decide if you fall within one of the exception, and when they lapse. You should set reminders to ensure you comply with the time constraints on any limitations. 
  • Decide whether you should try to get an express consent, which remains valid until withdrawn, before July 1, 2014. 
  • Make sure your form of consent meets the requirements. If you require help with this, Technoracle or Hot Tomali can set up the proper email channels and forms of email that comply with the legislation. 
  • Ensure that your policies and procedures are in compliance. Once more, we are here to assist you with compliance and can configure your email marketing to meet the requirements. To find out more, contact duane at technoracle-systems dot com.

No comments:

Post a Comment

Do not spam this blog! Google and Yahoo DO NOT follow comment links for SEO. If you post an unrelated link advertising a company or service, you will be reported immediately for spam and your link deleted within 30 minutes. If you want to sponsor a post, please let us know by reaching out to duane dot nickull at gmail dot com.