Canada: Canada’s Anti-SPAM Legislation Will Come Into Force July 1, 2014

The Federal Government has announced that Canada's anti-spam law (CASL) will come into force on July 1, 2014.

The final regulations have been published: http://fightspam.gc.ca/eic/site/030.nsf/eng/00273.html. 

In short, CASL requires a sender to obtain consent to send a commercial electronic message (CEM). Subject to certain exemptions set out in the act and the regulations, such as exemptions for existing family and business relationships, organizations will be prohibited from sending CEMs. In addition, express consent is required for software installed on another person's computer system in the course of a commercial activity. CASL gives regulatory oversight and enforcement powers to the CRTC and confers a private right of action.

Important new information in this announcement includes a phasing-in plan. The provisions in CASL related to computer programs will come into force on January 15, 2015. Further, to help organizations understand CASL compliance and reduce uncertainty in application, the private right of action will not be enacted until July 1, 2017 (three years from the initial enactment of CASL).

In addition, Industry Canada has stated an intention to issue compliance guidelines. One noted example that requires further interpretation is what lies at CASL's heart, namely the definition of a CEM. Industry Canada has indicated that CEMs will be interpreted to exclude surveys, polling, newsletters, and messages soliciting charitable donations, or political activities that do not encourage participation in a commercial activity. However, it is a CEM if it is reasonable to conclude that one of its purposes is to encourage the recipient to engage in additional commercial activities. This could be based on other commercial content, hyperlinks or contact information in the communication. If it is reasonable to conclude that one of the purposes of the message is to advertise, promote, market or otherwise offer a product, good, service, business, gaming opportunity or interest in land, these messages will be CEMs. Under the regulations, a message sent by a charity for the primary purpose of raising funds for the charity is not a CEM. 

The Government is promising a "Spam Reporting Centre", as well as education and awareness campaigns before the law comes into effect.

What should businesses be doing to get ready for a SPAM-free Summer?

• Identifying and assessing the sorts of CEMs the organization sends, their purposes, form, and the intended recipients.
• Establishing data management systems appropriate for the organization that will manage and preserve a record of the various consents that may be required and/or apply to the businesses' relationships and CEMs.
• Obtaining and confirming CASL compliant consents, if necessary. Existing opt-out consent regimes that may currently satisfy privacy requirements will probably not be sufficient.
• Identifying exceptions that may apply and how to put them to use.
• Reformatting CEMs to ensure they are CASL compliant. For example, unsubscribe mechanisms and sender information must be compliant.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.