New Canadian Anti-Spam Rules to Take Effect July 1, 2014

by Pillsbury Winthrop Shaw Pittman LLP
Contact

Businesses that use “commercial electronic messages” to market to customers and prospective customers in Canada should be aware of Canada’s new anti-spam rules, which require, among other things, the sender to obtain consent from the recipient before sending the message and the message itself to identify the sender and provide instructions enabling the recipient of the message to withdraw consent to receive such messages.

Canada’s anti-spam law, which was originally passed in 2010 and is unofficially called “CASL,”1 will begin to go into effect on July 1, 2014. Those doing business in Canada should review and update their electronic communication practices ahead of the effective date to ensure that they have the consent required by the new law from individuals and businesses before sending emails, text messages, or instant messages to those “persons.” The law applies to messages sent or accessed using a computer system located in Canada, and penalties include administrative fines up to $1 million for individuals and $10 million for other persons. A private right of action lies to recover actual damages up to $200 for each violation (not exceeding $1 million for each day on which a violation occurred) provided the action is brought within three years.

Covered Communications
CASL applies to any “commercial electronic message” (CEM), which includes any communication that has as its purpose (or one of its purposes) to encourage participation in a commercial activity, including advertising or offering to purchase, sell, lease or barter goods or services or to provide a business, investment or gaming opportunity, regardless of whether there is an expectation of profit. A message that requests consent to send a message offering to provide a business, investment or gaming opportunity is also a CEM. The law covers more than just emails, extending to any communication transmitted to an instant messaging account, telephone account or other similar account.

Prohibited Conduct
CASL prohibits sending any CEM unless (1) the recipient has expressly or impliedly consented to receive it, (2) it contains an acceptable unsubscribe mechanism, and (3) it contains the following information about the sender: (a) name and mailing address, and (b) either (i) a telephone number providing access to an agent or voice messaging systems, (ii) an email address or (iii) a web address. If the CEM is sent on behalf of another, then the information should identify the person on whose behalf the message is sent and the message must include a statement identifying the message’s sender and the person on whose behalf the message is being sent.

Excluded Communications
The law applies to “commercial” communications. The following communications are excluded from the prohibitions of the statute:

  • Purely transactional messages, including quotes or estimates sent in response to a request. Unlike U.S. anti-spam rules that permit some “blended” transactional/advertising messages, CASL limits this exclusion to messages without any advertising or promotion.
  • Intra-company messages and messages between organizations concerning the activities of the recipient organization
  • Messages between those with a personal or family relationship
  • Messages from telecommunication service providers
  • Two-way voice communications
  • Law enforcement, public safety, national and international defense/security messages

Consent
Consent to receive CEMs can be express or implied. A request for express consent may be delivered orally or in writing, but the sender will need to be able to establish that consent was obtained for each type of CEM being sent. In order to obtain valid, express consent from an individual, the sender must clearly disclose:

  • The name, mailing address, and either (1) a telephone number providing access to an agent or voice messaging system, (2) an email address or (3) a web address of the sender or that of the person on whose behalf the message will be sent
  • If consent is being sought for another, then the name of the entity seeking consent must also be included, as well as who is seeking the consent and on whose behalf consent is sought (e.g., Company ABC is asking for your consent to receive electronic communications from Company XYZ).
  • The purpose or purposes for which the consent is being sought (e.g., to receive promotional offers, newsletters, or coupons)
  • A statement that the person consenting can withdraw that consent

Consent to receive CEMs is implied in the following limited circumstances:

  • The sender has an existing business or non-business relationship with the recipient. An “existing business relationship” (EBR) means (1) a purchase or lease of a product, good, service or interest in land, (2) acceptance of a business investment or gaming opportunity, (3) bartering of anything, or (4) a written contract in effect or having expired, each within 2 years before the date the message is sent; or an inquiry or application within 6 months before the message is sent. For ongoing accounts or subscriptions, the two-year EBR period begins on the day the subscription or account terminates. An “existing non-business relationship” means a donation, gift, membership, meeting attended or volunteer work performed by the recipient within 2 years before the date the message is sent where the sender is a registered charity, political party/organization or candidate for public office.
  • The recipient has conspicuously published his, her or its email address without an attending statement indicating a desire not to receive CEMs, and the message is relevant to the person’s business, role, functions or duties in a business or official capacity.
  • The recipient has disclosed the email address to the sender without indicating a desire not to receive CEMs, and the message is relevant to the person’s business, role, functions or duties in a business or official capacity.

Unsubscribe Mechanisms
CASL requires that the CEM must include an unsubscribe mechanism that enables the recipient to indicate—at no cost to the recipient—the wish not to receive any further CEMs from the sender or the person on whose behalf the message is sent. The unsubscribe mechanism must use the same electronic means by which the message was sent (i.e., email, text, etc.) or, if that is impractical, any other means that enables the recipient to opt out and specifies an electronic address or link to a web page to which the opt-out can be sent. The unsubscribe mechanism must remain valid and operable for at least 60 days after the message is sent. Opt-outs must be processed and given effect within 10 business days after the opt-out is sent. When an entity has received express consent, the sender must provide an electronic address to which the recipient can send notice of withdrawal of consent and must process and give effect to the withdrawal of consent within 10 business days after receipt of the withdrawal notice.

Click here to read a copy of CASL.


  1. The official title of the statute is: “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23).”

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury Winthrop Shaw Pittman LLP | Attorney Advertising

Written by:

Pillsbury Winthrop Shaw Pittman LLP
Contact
more
less

Pillsbury Winthrop Shaw Pittman LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.