By now, you have probably heard of, or been warned about, the
soon-to-be-in-force Canada Anti-Spam Legislation
("CASL"). Most people who hear about CASL assume it deals
with the regulation of spam email. This is a misconception of
CASL's breath. As I discussed in previous posts (here and here), CASL regulates much more than what one
would consider traditional spam email. It prohibits the sending of
any commercial electronic messages ("CEMs") without
having obtained the prior consent of the receiver of that message
(with some exceptions). Additionally, CASL regulates many other IT
related practices, including the installation of computer programs
and the unauthorized electronic collection of personal information
and email addresses.
CASL's computer program requirements
Beginning on January 1, 2015, it will be prohibited for anyone
to install, update, or upgrade a computer program (e.g., software,
mobile apps, video games, etc.) on any computer or device in Canada
(i.e., tablet, phone, video game consoles, etc.), without first
obtaining the express consent of the owner of that computer or
In very limited circumstances, express consent may be
If consent (for the update or upgrade) was expressly provided
at the time the program was installed;
for telecommunication service providers;
to address a failure in the system's software or hardware;
for specific types of programs (e.g., cookies, HTML code, Java
scripts, operating systems etc.);
If the computer program performs any of the following specific
collects personal information;
interferes with owner's ability to control his/her
changes settings or preferences without the owner's
interferes with data, preventing the owner from accessing
causes the device to communicate with another without the
knowledge of the owner; or
installs any software that can be activated remotely by a third
then specific express consent for performance of these functions
must be sought and clearly explained to the owner
(separate and apart from the consent to the license agreement and/
terms and conditions of use of the program). In other words, if the
computer program you sell or provide performs any of these
functions, you must ensure that the person who downloads/installs
that program knows and understands what the program is doing (in
What does this mean for you?
If your business operates in the technology, IT and/or online
industries you need to pay close attention to CASL. For example, if
you sell or develop an app, you should obtain express consents for
all current and future downloads, and ensure that consent is worded
in a manner that complies with CASL's specific requirements. If
you sell, develop, or manufacture software, or hardware that
contains software, you need to obtain consent from all existing and
future Canadian customers, with language that complies with
If you are not in the IT business, you may still require
compliance, as you may unknowingly be causing a computer program to
be installed. For example, if your business provides its employees
with remote access to the office, that function may require the
installation of a computer program that requires CASL
You should therefore conduct an internal audit of your IT
functions and systems and determine whether compliance is needed.
If so, requests for express consents must be sent out to customers
before July 1, 2014. That is because emails
requesting consents to comply with CASL constitute CEMs and will be
prohibited after July 1, 2014.
Address harvesting and electronic collection of personal
CASL prohibits the electronic (online) collection and use of
personal information and email addresses, without the express
consent of the person who owns the information and address.
These days, most business' online marketing and advertising
strategies includes the use of email addresses and other personal
information for the purpose of target marketing. In fact, many
online platforms and websites, such as Google and Facebook, provide
businesses with the option of tracking users' online activity.
This is often done through the use of computer code that collects
and/or uses email addresses. Indeed, we have all received emails
from online retailers that "surprisingly" offer us deals
on items we had been researching online. This form of target
marketing uses computer code that collects and/or uses personal
information and/or email addresses and may be captured by CASL.
I recommend conducting an audit of your business' online
marketing and advertising strategies to determine whether
compliance with CASL is required. Once again, any requests for
express consent must be sent out before July 1,
2014 to ensure CASL compliance.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Software license agreements generally require the customer to pay fees for the software license and related services, which fees are usually based upon the duration of the license and the manner in which the customer is allowed to use the software, together with applicable taxes and withholdings.
In less than nine months, on July 1, 2017, persons affected by a contravention of Canada's anti-spam legislation will be able to invoke a private right of action to sue for compensation and potentially substantial statutory damages.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).