Canada's New Anti-Spam Legislation Applies to All Entities Transmitting Electronic Messages to Canada
Canada has enacted a stringent anti-spam law that not only imposes strict compliance requirements, but also has a broad reach that extends to many businesses operating outside of Canada. Effective July 1, 2014, any person transmitting commercial electronic messages to a Canadian recipient is subject to Canada’s Anti-Spam Legislation (CASL). The CASL imposes significant financial penalties, makes employers liable for their employees’ violations, can expose corporate officers to personal liability, and opens the door to private claims.
A commercial electronic message is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit. Commercial electronic messages include email messages, messages to social networking accounts and text messages received by mobile phone.
The CASL generally prohibits the transmission of commercial electronic messages without the consent of the recipient. Unlike the American anti-spam laws that are based on an “opt-out” model, the CASL requires recipients to “opt-in” before commercial electronic messages can be sent to them. Once such consent is secured, the sender can transmit commercial electronic messages, but only if such messages meets the CASL’s other requirements, including providing the identity and contact information of the sender and a specific mechanism to unsubscribe from future messages.
There are some exclusions, such as business-to-business communications if the communication is between employees, representatives, consultants or franchisees of the same organization and the communication concerns the activities of the organization. This exclusion may also apply to communications between different organizations if the organizations have a relationship and the communication concerns the activities of the recipient organization. Other fact-specific exclusions may apply and a careful review of each circumstance is required.
The CASL also prohibits other commercial electronic activities, including the alteration of transmission data in an electronic message, which result in the message being delivered to a different destination, and the installation of computer programs on another person’s system without express consent. Unless an exception applies, specific requirements must be met when requesting consent, including a clear and simple explanation for the purpose of the consent.
The CASL imposes substantial penalties for violations. Financial penalties include up to C$1 million for individual violators and up to C$10 million for other violators. Corporate directors, officers and agents may be personally liable if they direct, authorize, assent, acquiesce or participated in the violation of the CASL. Employers also may be liable for violations committed by their employees. A person, however, is not liable if they exercised due diligence.
Businesses engaged in online commercial communications with potential Canadian recipients should carefully consider the CASL to determine whether their protocol is in compliance before the law becomes effective on July 1, 2014. The CASL may impact an organization’s day-to-day practices regarding electronic marketing, customer communications, and software and network management practices, whether the organization is based within or outside of Canada.
For more information please contact: