From November 10 to 12, 2014, the CRTC provided its
interpretation of the software provisions in Canada's anti-spam
law (CASL) in several presentations to industry. The CRTC also
posted a specific FAQ about their interpretation on their website
(CASL Requirements for Installing Computer
Programs) on Monday, November 10, 2014. As these particular
provisions will come into force on January 15, 2015, the CRTC has
endeavoured to provide timely guidance to those that may be
affected by same. However, even with the interpretations adopted by
the CRTC, many questions remain outstanding.
Broadly speaking, the CASL software provisions regulate the
installation of software on a computer system. Based on its
presentations, the CRTC appears to have currently interpreted the
CASL software provisions as follows:
generally speaking, the CRTC views the reasonable expectations
of the consumer as the guiding principle underlying its current
interpretation of CASL, and plans to take enforcement action
where a person self-installs software (for example, where a
person downloads an app from an app store to a mobile device the
person owns), CASL does not apply, with an
exception – CASL will apply where, without the
knowledge of the user, the software can perform one of the
functions listed in s 10(5) of the legislation (e.g.,
where the software can collect personal information, etc.);
if a person installs software on another person's computer
system, and the person installing the software is not an owner or
"authorized user" within the meaning of the legislation,
then CASL will apply;
in most cases, and recognizing that it will be dependent on a
case by case assessment, the CRTC contemplates that it is likely to
assign liability for violations of CASL to the software vendor, and
not to the software developer – they view the vendor as
having the closest nexus to the installation and is therefore
responsible, in many cases, for causing the installation of
software. They did note there may be cases where all parties may
automatic software updates will be subject to the CASL software
provisions – however, a person can seek to secure consent to
ongoing automatic upgrades in advance provided adequate disclosure
is provided; and
a user's action, for example disabling cookies or
activating "do not track" functionality, is contemplated
by the CRTC as being sufficient to negate such a user's deemed
express consent to the installation of cookies, HTML, etc. under s
10(8) of CASL.
We note that the above interpretation is non-binding on the
CRTC and that it may change its interpretation and/or policies at
any time. In that respect, we note that software developers and
vendors will likely face additional challenges in respect of
compliance, particularly with respect to disclosure of specified
functions under s 10(5), due diligence, and risk allocation. For
example, it remains unclear how much disclosure is required, if
generic disclosure of the existence of possible functionality might
be able to be utilized in advance as protective and, practically,
how foreign-based app stores will be able to comply with the
enhanced consent and disclosure requirements for computers located
in Canada at the time of the download.
Of course, the CRTC's non-binding interpretation of CASL
cannot replace direct consideration of the statute. Accordingly, we
are of the view that a CASL compliance plan should consider both
the CRTC's most current interpretations and the legislation
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Software license agreements generally require the customer to pay fees for the software license and related services, which fees are usually based upon the duration of the license and the manner in which the customer is allowed to use the software, together with applicable taxes and withholdings.
In less than nine months, on July 1, 2017, persons affected by a contravention of Canada's anti-spam legislation will be able to invoke a private right of action to sue for compensation and potentially substantial statutory damages.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).