I. Scope of Application1

  • Subject to limited exceptions, CASL prohibits the sending of a commercial electronic message (“CEM”) to an electronic address unless the recipient has consented to receiving it and the message meets certain form and content requirements (s. 6(1))2 including by providing prescribed information about the sender and an unsubscribe mechanism, which itself must meet certain requirements (s. 6(2)).

  • It is also prohibited to aid, induce, procure or cause to be procured the sending of a CEM in violation of section 6(1) (s. 9).

  • “Electronic message” is defined as a message sent by any means of telecommunication, including a text, sound, image or voice message (but for now3 not two-way voice, pre-recorded one-way voice and fax).

  • “Commercial electronic message” is defined as an electronic message that has as one of its purposes to encourage participation in a commercial activity, including an electronic message that: (i) offers to purchase, sell, barter or lease a product, service, land or interest in or right to land or to provide a business/investment opportunity; (ii) promotes or advertises any of the foregoing; or (iii) or promotes a person as doing or intending to do any of the foregoing, in each case whether or not there is an expectation of profit.

  • Applies if a computer system located in Canada is to send or access the CEM.

  • The sender of a CEM has the onus of proving that appropriate consent has been obtained.

II. Exempt Messages4

These prohibitions/requirements will not apply to the following types of CEMs (“Exempt Messages”), which means that these Exempt Messages may be sent without consent and without complying with CASL’s form and content requirements:

  1. A CEM sent by or on behalf of an individual to another individual with whom they have a personal or family relationship, as defined in s. 2 of the Industry Canada Regulations (“IC Regulations”) (s. 6(5)(a));

  2. A CEM that is sent to a person who is engaged in a commercial activity and the CEM consists solely of an inquiry or application related to that activity (s. 6(5)(b));

  3. A CEM that is sent by an employee, representative, consultant or franchisee of an organization to another employee, representative, consultant or franchisee of the organization (i.e. intra-business) and the message concerns the activities of the organization (s. 3(a)(i) of the IC Regulations);

  4. A CEM that is sent by an employee, representative, consultant or franchisee of an organization to an employee, representative, consultant or franchisee of another organization (i.e. inter-business), if the organizations have a relationship (“relationship” is not defined) and the message concerns the activities of the organization to which the message is sent (s. 3(a)(ii) of IC Regulations);

  5. A CEM that is sent in response to a request, inquiry or complaint or where the CEM was otherwise solicited by the person to whom the CEM is sent (s. 3(b) of the IC Regulations);

  6. A CEM that is sent to a person to satisfy a legal or juridical obligation (s. 3(c)(i) of the IC Regulations);

  7. A CEM that is sent to a person to provide notice of an existing or pending right, legal or juridical obligation, court order, judgement or tariff (s. 3(c)(ii) of the IC Regulations);

  8. A CEM that is sent to a person to enforce a right, legal obligation, court order, judgment or tariff (s. 3(c)(iii) of the IC Regulations);

  9. A CEM that is sent to a person to enforce a right under the law of Canada, of or a province or municipality or a foreign state (s. 3(c)(iv) of the IC Regulations);

  10. A CEM that is sent and received on an electronic messaging service if the information and unsubscribe mechanism required by section 6(2) of CASL are conspicuously published and readily available on the user interface through which the message is accessed and the person to whom the message is sent consents to receive it either expressly or by implication (s. 3(d) of the IC Regulations);

  11. A CEM that is sent to a limited-access secure and confidential account to which messages can only be sent by the person who provides the account to the person who receives the message (e.g. message within an on-line banking portal) (s. 3(e) of the IC Regulations);

  12. A CEM that is sent by a person who reasonably believes that the CEM will be accessed in a foreign state listed in a schedule to the IC Regulations, the foreign state has anti-spam laws and the CEM conforms with the law of the foreign state that addresses conduct that is substantially similar to conduct prohibited under s. 6 of CASL (s. 3(f) of the IC Regulations);

  13. A CEM that is sent by or on behalf of a registered charity and the CEM’s primary purpose is raising funds for the charity (s. 3(g) of the IC Regulations); and

  14. A CEM that is sent by or on behalf of a political party, organization or candidate and the CEM’s primary purpose is soliciting a contribution (s. 3(h) of the IC Regulations).

III. Exemptions from the Consent Requirement (note that, a CEM that is exempt from the consent requirement must still comply with CASL’s form and content requirements.)

A CEM is exempt from the consent requirement if it solely:

  1. Provides a quote or estimate requested by recipient (s. 6(6)(a));

  2. Facilitates, completes or confirms a commercial transaction that the person to whom the message is sent previously agreed to enter into with the sender of the message or the person on whose behalf the message is sent (s. 6(6)(b));

  3. Provides warranty, recall, safety or security information about a product or service that the recipient uses, has used or purchased (s. 6(6)(c));

  4. Provides factual information about ongoing use or ongoing purchase under a subscription, membership, account, loan or similar relationship (s. 6(6)(d));

  5. Provides information directly related to an employment relationship or related benefit plan in which the recipient is currently involved (s. 6(6)(e)); or

  6. Delivers a product, good or service, including an update or upgrade, that the recipient is entitled to receive under the terms of a transaction previously enterered into with the sender or the person on whose behalf the message is sent. (s. 6(6)(f)).

Also, no consent is required for the first CEM that is sent to a recipient based on a referral from a third party, as long as (i) the person who sends the message and the individual providing the referral have an existing business relationship, an existing non-business relationship, a personal relationship or a family relationship; (ii) the individual to whom the message is sent and the individual providing the referral have an existing business relationship, an existing non-business relationship, a personal relationship or a family relationship; and (iii) the sender provides the recipient with the full name of the individual who gave the referral and states that the message is sent as a result of the referral (s. 4 of IC Regulations).

IV. Conditions for Relying on “Implied Consent”

Consent may be implied in the following circumstances (note in all other circumstances where consent is required, consent must be express); form and content requirements still apply:

  1. Where the recipient and the sender have an "existing business relationship" or an "existing non-business relationship" (s. 10(9)(a)).
    1. An existing business relationship exists where the sender and recipient have engaged in certain specified types of business together in the two years preceding the date on which the CEM is sent (for example, a purchase or lease of a product, or entering into or continuing a written contract) or where the recipient of the CEM has made an inquiry to the sender in the previous six months (s. 10(10)).
    2. An existing non-business relationship exists where an individual has made a donation or gift in the last two years, or performed volunteer work in the last two years, to or for a registered charity or political party, organization or candidate or where the individual was a member of a type of club, association or voluntary organization prescribed by s. 7 of the IC Regulations in the last two years (s. 10(13)).
  1. Conspicuous publication of electronic address (s. 10(9)(b)):
    • Message recipient has conspicuously published or has caused to be conspicuosly published his or her electronic address, has not indicated he/she does not wish to receive unsolicited CEMs and the message is relevant to recipient’s role in a business or official capacity.
  2. Business card exemption (s. 10(9)(c)):
    • Message recipient has disclosed his/her electronic address to sender, has not indicated that he/she does not wish to receive unsolicited CEMs and the message is relevant to recipient’s role in a business or official capacity.

V. Requirements for Obtaining Express Consent

A request for consent may be obtained orally or in writing and must include (s. 10(1) and s. 4 of the CRTC Regulations):

  1. Purpose(s) for which consent is sought;

  2. Name (or business name if different) of person seeking consent and the person, if different, on whose behalf consent is sought;

  3. If different, which person is seeking consent and which person is the person on whose behalf consent is being sought;

  4. The mailing address, and one of a telephone number answered by an agent or a voice messaging system, an email address or a web address (“Contact Information”) of the person seeking consent or, if different, the person on whose behalf consent is sought; and

  5. Statement that the person whose consent is sought can withdraw their consent;

Express consent for sending CEMs must be sought separately from a request to install a computer program on an individual’s device, or to alter transmission data (other activites regulated under CASL) (s. 4 CRTC Regulations).

The Canadian Radio-television and Telecommunications Commission (“CRTC”) has published non-binding guidelines (the “CRTC Guidelines”) regarding practices for obtaining express consent. These Guidelines provide that:

  • Express consent cannot be obtained through an opt-out consent mechanism. A positive or explicit indication of consent is required. This includes actively checking a box to indicate consent or actively entering in an email address to an electronic field where it is explicit that the individual is entering his or her address for this purpose. A “pre-checked” box is not acceptable.

  • Requests for consent must not be subsumed in, or bundled with, requests for consent to the general terms and conditions of use or sale.

  • Following receipt of express consent, confirmation should be sent to the person whose consent was sought.

  • Oral consent can be established where (i) verification can be made by an independent third party or (ii) a complete and unedited audio recording of the consent is retained by the person who is seeking consent.

  • Written consent may be electronic provided that it can be subsequently verified, for example by recording the date, time, purpose and manner of the consent in a database.

VI. Required Form and Content for CEMs

Form and content requirements apply even if the sending of the CEM does not require consent (s. 2(1) and s. 3 of CRTC Regulations). However, these requirements do not apply to Exempt Messages.

  • The CEM must clearly and prominently:
    1. Identify sender and, if different, their business name;

    2. Name (or business name if different) of person sending CEM and the person, if different, on whose behalf the CEM is sent;

    3. If different, which person is sending the messsage and which person is the person on whose behalf the message is being sent;

    4. Include the Contact Information (see above under Requirements for Express Consent) for sender, or if different, the person on whose behalf the message is being sent;

    5. Include an unsubscribe mechanism that is valid for at least 60 days and given effect within 10 business days without any further action from the person. The unsubscribe mechanism must be able to be readily performed and meet other requirements of CASL (s. 11). Examples in the CRTC Guidelines of unsubscribe mechanisms that can be readily performed are: (i) for emails, a link that takes the user to a web page where he or she can unsubscribe, and (ii) for SMS texts, users should have the choice between replying “unsubscribe” or “STOP” to the text message or clicking a link that will take the user to a web page where he or she can unsubscribe.

  • Where it is not practical to include the above in a CEM, that information may be provided via a clear and prominent link to a web page containing this information; must be readily accessible by the person to whom the message is sent at no cost to them (s. 2(2) of CRTC Regulations).

VII. Frequently Asked Questions

1. Is the Act Retroactive?

  • Not expressly retroactive.

  • Will apply to CEMs sent after it comes into force even if the recipient’s information was collected before it comes into force. 

2. Does CASL Apply to Social Media?

  • Yes, in many instances.

  • There has been some indication from Industry Canada that CASL will apply to the following:

    • Sending a private message on Facebook.
    • Posting on someone else’s wall on Facebook.
  • Industry Canada has publicly stated that CASL will not apply to the following:
    • Posting on your own wall on Facebook.
    • Posting on Twitter.
    • Web page content, such as banner ads.

3. What can Organizations do Before CASL Becomes Effective on July 1, 2014?

  • Obtain express (opt-in) consent where possible including via email (email will not be allowed as a mechanism to obtain consent after CASL in force, unless consent for such email has already been obtained or consent can be implied), but consider existing restrictions on such communications, including under organization’s privacy policy and/or Canadian privacy legislation or under telemarketing rules.

  • Implement a compliance program.

4. How Can Organizations Begin Implementing a Compliance Program?

  1. Create an implementation team - include a senior member of the organization who is committed to this endeavour and representatives from operational units that may be affected (err on the side of including all units).

  2. Appoint a designated compliance officer who will organize the organization’s activities and be responsible for compliance.

  3. Create an organizational chart with the location of each office/entity.

  4. Assess current practices involving CEMs.

  5. Establish an implementation plan.

  6. Create policies, procedures and guidelines and maintain evidence of consistent practices with respect to collecting and documenting consents.

  7. Develop a compliance manual.

  8. Train staff about the organization’s policies and procedures.

  9. Review and update practices as required.

5. How Can Organizations Conduct an Assessment of Current Practices Regarding CEMs?

  1. Describe your organization’s business activities and industry.

  2. How does the organization collect electronic addresses?

Telephone

In Person

Paper Forms

Mobile/Text Messaging

Email

Internet

Social Media

Agent

Purchase (lists)
  1. How does the organization send CEMs?

Mobile/Text Messaging

Email

Internet

Social Media

Agent

Telephone (Note: CASL will not initially cover most telephone messaging, but this may be subject to telemarketing rules.)
  1. What third parties provide CEM services to your organization? Is there language in these contracts that ensures third parties that are acting on your behalf will comply with CASL?
  2. Are there existing policies, practices and procedures regarding CEMs?
  3. If the company is a subsidiary, does the parent company have a policy in place?
  4. Who is responsible within the organization for CEMs?
  5. Does your organization have insurance to cover electronic messages? (Identify the policies and coverage amounts)

1This checklist deals only with CEMs. CASL also regulates altering transmission data and installing computer programs on another person’s computer and amends the Competition Act and the Personal Information and Electronic Documents Act.

2References to section numbers herein are references to sections of CASL, unless otherwise specified.

3An amendment to CASL to remove this exemption is not yet in force.

4Not all of the nuances of CASL and its regulations are set forth in this checklist. Reference should be made to the legislation for specific requirements.

©2014 Blake, Cassels & Graydon LLP. All rights reserved. This is intended for informational purposes only and does not constitute legal advice or an opinion on any issue. We would be pleased to provide additional details or advice about specific situations if desired.