On November 10, 2014, the Canadian Radio-Television and Telecommunications Commission (CRTC) released guidance on the installation of computer programs under Canada's anti-spam legislation (CASL). Notably, the guidance sets out when the Act applies to the installation of computer programs and states that "self-installed software is not covered under CASL."

Among other things, the guidance sets out:

  • When consent is required for the installation of computer programs;
  • What computer program functions require the disclosure of additional information when seeking consent;
  • When certain exceptions to express consent requirements apply; and
  • How updates and upgrades are treated under the Act.

While the guidance helps to clarify the CRTC's interpretation of some key issues, there are many issues that remain unsettled. For example, it remains unknown whether the existence of an undisclosed feature in a program will result in CASL applying, even in the case of a self-installation.

CASL's computer program provisions come into force on January 15, 2015. The new rules will impose an express consent regime on the installation of a computer program on another person's PC, smartphone or other computer-based device. As a result, virtually all organizations that operate a website, offer mobile applications, incorporate software into their products or otherwise make software available to customers will need to undertake a careful review of their current practices for installing programs. For most of these organizations, changing current practices will be necessary to comply with CASL.

For more information on CASL's computer program rules, please refer to our article, CASL's Computer Program Rules Cover Much More than Spyware or visit Osler's CASL Compliance page.

AccessPrivacy Monthly Call

We will be discussing this new development during Osler's AccessPrivacy Monthly Call on November 19, 2014.  If you are not currently a subscriber to our calls, please register here.

You may also be interested in our Advanced Currency Training for Seasoned CPOs on November 28, 2014. This full-day session is aimed at enabling experienced CPOs to maintain their currency and be aware of emerging themes and developments in the privacy arena. It focuses on new compliance expectations, emerging challenges and best practices as well as a strategic approach to achieving a best-in-class and demonstrably compliant privacy program.  

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.