You may have thought you heard everything about Canada's anti-spam law (commonly known as
"CASL") since it came into effect this
past July, but CASL has additional rules coming into effect on
January 15, 2015 dealing with the commercial installation and use
of computer programs on another person's computer system.
The rules apply to almost any computer program installed on a
broad range of computing devices as part of a commercial activity.
The rules are not limited to malware, spyware or harmful
There are potentially serious implications for Canadian
businesses that distribute computer programs, including any
business that has created a mobile app for distribution. In
addition, foreign businesses that distribute computer programs to
computer systems located in Canada are also captured. Businesses
will now need to shift their focus from the rules for commercial
electronic messages and consider the implications of these other
rules under CASL.
Unfortunately, the rules are challenging to interpret and apply
because CASL uses ambiguous terminology (such as, the meaning of
"computer program", and "computer system"). For
example, it is unclear whether the rules would apply to an online
store for mobile apps where the app installation is initiated by
the user of the computer system and automatically downloaded using
an online process. Industry Canada and the CRTC have issued limited
guidance to address these challenges. However, the CRTC has
indicated that additional guidance would be provided for these
The general prohibition for the installation of computer
programs under CASL provides that, subject to limited exceptions, a
person must not, in the course of a commercial activity, either
install or cause to be installed a computer program on any other
person's computer system (or having so installed or caused to
be installed a computer program, cause an electronic message to be
sent from that computer system) unless the person has obtained the
express consent of the owner or an authorized user of the computer
system. Express consent must be obtained through an opt-in
mechanism and contain prescribed requirements set out under
CASL rules also apply to the installation of updates and
upgrades to a computer program. However, in particular
circumstances an additional express consent does not need to be
obtained under CASL.
There are significant monetary penalties for contravention of
the rules. Liability may also extend to employers and directors and
officers of a corporation.
As a result, businesses need to be aware of the breadth of
CASL's rules and of any guidance from regulators, consider the
implications the rules have on regular business activities and
implement appropriate compliance measures prior to the rules coming
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).