Anti-Spam Update – Proposed New Exemptions on the Way

more+
less-

[author: ]

Today the Canadian Bar Association held an update session for members on Canada’s Anti-Spam Legislation (“CASL”). An oral presentation was provided by Andy Kaplan-Myrth, a Policy Advisor in the Digital Policy Branch at Industry Canada and a member of the team that developed and is implementing CASL.

Here’s what we heard from the discussion. [Please note that information and comments provided by Mr. Kaplan-Myrth and other participants are intermingled with my own below. The following is not intended as a verbatim report on the presentation.]

  • Industry Canada is targeting the release of further draft regulations for comment by the summer; however the ultimate timing depends in part on internal government processes including Treasury Board approval;
  • The regulations will reflect some concerns heard during and since last year’s comment process on the last draft regulations. As we noted in past posts, many industry stakeholder believed that the earlier draft regulations did not go far enough to clarify obligations and provide needed exemptions;
  • Industry Canada is focusing on exempting activities that clearly do not constitute “spam”, where a line can clearly be drawn to define permitted activities and exclude others;
  • Industry Canada welcomes comments on the regulations, and beyond that process, is also seeking input from stakeholders on what areas of CASL and definitions should be clarified in information bulletins;

More substantive questions discussed:

Q: Does it make sense for the “form and content” (ie. contact information and unsubscribe) requirements to apply to messsages: sent within businesses, to their employees? sent B2B, such as banking transactions? that must be sent by law? that are responses to an inquiry?

A: In some cases…not really. The forthcoming draft regulations may address these.

Q: How do you set up third-party referrals under CASL?

A: Referral marketing can be done with appropriate consent, but don’t forget that consent must meet both CASL and PIPEDA requirements.

If it’s a “refer a friend” scenario, and the person is truly a friend or family under the law, then CASL will not apply. (As some have suggested, CASL will legally define for us who our true friends are.) Under regulations to come, the definition of a “friend” may be broadened to include virtual friends met online.

Q: What’s required to get express consent, and document it?

A: Oral consent, and even a check-box is acceptable (perhaps even pre-checked, if the request for consent is clearly conveyed). Australia has provided some practical guidance for business under its Spam Act 2003 on obtaining consent, and a range of other topics. Although Canada’s legislation is different from Australia’s, the CRTC may provide similar forms of guidance on practices to obtain consent and related issues. As mentioned above, both Industry Canada and the CRTC are interested to hear from stakeholders on where guidance is most needed.

As for documenting consent: this will be up to clear internal policies and practices. These are intentionally not spelled out anywhere, to give organizations the latitude to find what works for them…while meeting the CASL requirements.

Q: Can organizations rely on PIPEDA consents under CASL?

Remember that CASL “overrides” PIPEDA, to the extent of any conflict (s. 2 of CASL). And that CASL expressly requires a high standard of consent to send commercial electronic messages. Therefore organizations can’t rely on “grandfathering” PIPEDA consents under CASL, broadly speaking.

If however, existing PIPEDA consent also meets the CASL requirements for implied consent – for example an “existing business or non-business relationship” – then that is sufficient. Many organizations can and will rely on implied consents to send many of their CEMs during the transition years, the first three years after CASL enters into force (see s. 66 of CASL).

What’s Next?

Although CASL won’t enter into force until 2013, there is a significant amount of preparation going on this year, as noted above, and here.

We have also heard reports that many organizations outside of Canada have not even heard of CASL, so clearly more needs to be done to raise awareness. For those organizations that are familiar with the U.S. Can-Spam Act requirements, our comparison of CASL to CAN-SPAM may assist.

 

Published In: Administrative Agency Updates, Communications & Media Updates, Consumer Protection Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »