On February 25, 2013, the CRTC held an informal consultation
session with industry and consumer groups about Canada's
legislation ("CASL" for short). The session was a
response to all of the questions that have arisen following the
CRTC's publication of information bulletins about CASL and its
regulations. They have now released a report summarizing the
results of the consultation (the "Report").
If you have been following CASL and all the developments,
the topics in the Report will be of no surprise. It demonstrates
that there is still a real need amongst businesses and
organizations for clarity on how they can or are expected to comply
with CASL. The CRTC has been asked to provide a framework of
"guiding principles" that would assist with
Some of the issues discussed in the Report are:
Means of obtaining express consent –
participants balk at having to provide multiple check-boxes –
(1) check-boxes required under CASL, for users to consent to
receiving commercial electronic messages or CEMs, and (2)
check-boxes required under other laws, such as PIPEDA. Marketers
know that the more check-boxes there are, the less likely a user is
to check them. Participants want the CRTC to be more innovative in
what counts as express consent. It does not look like the CRTC will
change its position, however, because it has been steadfast in
insisting that CASL must be an opt-in regime, not opt-out.
Proof of consent – participants asked
whether oral consent can be demonstrated by reading a script and
then recording the user's consent in a database. This could
apply in a call-center situation where there is no audio recording
of the call. Others suggest that process-based consent should
suffice – for example, a user consented to receiving CEMs
because if he did not check the box to indicate such consent, he
would not have been able to download the program.
Transition period – the CRTC has stated that
express consents obtained prior to CASL coming into force do
not need to be re-obtained, but what if that consent did not meet
all the requirements prescribed by CASL? Industry members would
prefer that grandfathering all prior consents would be simpler,
both for businesses and consumers.
Obtaining consent for affiliates/by
intermediaries – participants do not like the
requirement to disclose every affiliate on whose behalf the
CEM is sent, because there may be only one brand that the
recipient associates with the sender, and it may be confusing to
list all the corporate entities that are technically sending the
message. When it comes to intermediaries, such as email service
providers (ESPs) or direct marketers, participants want to know
whether these parties need to be identified in the CEM,
particularly if the marketer is sending the CEM on behalf of
another business and does not otherwise deal with the recipient. If
the recipient was interested in the product or service being
promoted in the CEM, he or she would deal directly with the
Computer programs – more clarity is needed with
respect to when it is reasonable to believe a person has consented
to the installation of a computer program on his or her computer.
For example, does the purchase of a new computer with pre-installed
software constitute consent?
We continue to wait for final regulations from the CRTC and an
announcement on when CASL will come into force.
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).