Canada: More Updates On Anti-Spam: Cookies And Social Media

On January 14, the CRTC hosted another roundtable discussion about Canada's anti-spam legislation ("CASL") with IT.CAN, a Canadian IT association. They reiterated that once the regulations are finalized (deadline to submit a comment is February 4), the government will set a date for CASL to be proclaimed into force – likely later in 2013.

The key take-aways from this meeting include:

• Certain kinds of social media messages, like wall posts on Facebook or tweets (assuming the user is following the sender's Twitter feed) do not fall under CASL. The recipient must own the electronic address to which the message is sent – e.g., an email account or telephone number. This means that Facebook messages would count.
• Cookies are a form of computer program for which consent must be given before they can be installed on someone's computer. This is important for IT and web hosting companies to know. Not only must they request consent before they send a cookie, they have to be able to remove the cookie if the person declines.
• The CRTC took the position that if express consent was obtained prior to CASL coming into force, you do not need to re-obtain consent. Under CASL there is a transition period whereby prior consent will continue to be effective for three years after the date CASL comes into force. However, what if the prior consent is inadequate in some way – for example it was not very specific about the kinds of messages that will be sent, or did not contain the information about the sender that is required under CASL – does this still apply? Would businesses not be safer obtaining express consent from everyone that they already send messages to?

The mere presence of a link to a company website can make an email a commercial electronic message ("CEM") that is subject to CASL. This is because the definition of CEMs broadly includes any message that has, as its purpose or one of its purposes, to encourage commercial activity. If a business treats some messages as purely informational (e.g., warnings about data usage limits) and does not want it to be subject to CASL, it needs to ensure there is nothing in the message that would make it fall under the CEM definition.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.