The communications provisions of Canada's Anti-Spam
Legislation (CASL) came into force on July 1, 2014. Generally
speaking, CASL prohibits a person from sending a "commercial
electronic message" without the consent of the recipient.
On January 15, 2015, further prohibitions relating to the
installation of computer programs will come into force.
Considerable uncertainty remains with respect to the application of
these provisions. We expect that CASL will impose significant
compliance hurdles for traditional software providers due to its
regulation of programs "installed" on a computer system.
Because it does not appear to regulate software-as-a-service to the
same extent, CASL may favour cloud-computing products and catalyze
the expanded adoption of cloud computing in Canada.
Broadly, the new prohibitions in CASL require that a number of
specialized formalities be followed in obtaining consent for the
installation of computer software, updates to software (including
automatic updates), or other computer code on another's
computer system. A computer program that performs certain functions
will attract additional scrutiny and more onerous disclosure
requirements. These functions include, among other things, the
collection of personal information, interfering with the control of
the computer system and using the system to communicate with other
systems without authorization. Under CASL, such software may only
be installed on another's computer system with separate express
notice and specific consent to such functionality.
Once these restrictions come into force, distribution of
traditional enterprise and consumer software products will attract
consent requirements at most stages of rollout and maintenance.
Prudent IT departments, software developers, licensors, vendors
(including app stores), and applicable service providers should
review their compliance obligations and procedures in respect of
these CASL requirements.
The scope of CASL is broad – it captures virtually any
computer program or executable code with "instructions or
statements that, when executed in a computer system, causes the
computer system to perform a function". Downloading,
installation, and updating (however minor) of computer programs
will require consent.
Without an exemption, all web pages, online resources and
executable files would appear to require consent before such code
is transmitted to a user's computer – for example, to the
extent that HTML code causes a computer system to perform a
function, it would require the pre-emptive consent of the user. To
obviate these practical issues, CASL deems users, in the absence of
reasonable evidence to the contrary, to consent to the following
any other program that is executable only through the use of
another computer program whose installation or use has previously
been consented to; and
any program that is necessary to correct a failure in the
operation of a computer system or program.
By contrast, depending on their structure and implementation,
cloud products that do not involve installation of computer
programs on another's computer system may not trigger
substantive portions of the incoming prohibitions under CASL.
Rather the cloud-based products are typically operated on the
vendor's (or other) server and provide services to the end
user. While distribution of traditional computer programs will
require consent and ongoing regulatory compliance, customers of
many cloud-based services may not need to consent to the use or
update of such software.
Developers and users of cloud-based programs may therefore be
spared the onerous compliance effort of more traditional software
delivery, and as a result, be in a position to save time and money
beginning in January 15, 2015.
In the longer-term, we expect CASL to create a regulatory
environment supportive of further adoption and migration to
cloud-computing solutions. Legitimate software, managed and
delivering services from remote servers, may gain a competitive
edge in regulatory compliance costs and speed of delivery and
This is expected to accelerate existing developments as the
economic advantages of cloud-based delivery encourage many
functions and even entire products to migrate to the cloud.
Although the incoming computer program provisions of CASL are
likely to be burdensome for some computer industry participants,
Canadian cloud-based service providers and users may be in a better
position to avoid the ambiguity and complexity of the new
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).