Over the past months, I have been writing, lecturing and advising on Canada’s anti-spam legislation (CASL). In discussing the legislation, I have encountered many myths and misconceptions about CASL and its implications. This is not surprising. The legislation and accompanying regulations create a complex and often confusing regulatory regime that contains more questions than answers.
In an effort to debunk some of those myths and misconceptions, I will address some of the more common ones:
Myth #1: CASL only applies to “Spam”
Because it is commonly referred to as “Anti-Spam Legislation”, there is a broad misconception that CASL only applies to spam emails, like those sent by a Nigerian prince offering opportunities to invest in his business scheme.
CASL does not only regulate what is traditionally considered “spam”. CASL regulates all Commercial Electronic Messages (“CEMs”) sent to anyone in Canada. A CEM is basically any electronic message (email, text etc.) that has, as one of its purposes, the encouragement of participation in a “commercial activity”, or the promotion of the person or organization sending the CEM. Examples of potential CEMs include:
- Emails / texts marketing or advertising a service, person, or product
- Newsletters, e-bulletins and other informative emails containing links to the sender’s website or promoting the sender and/or his/her products / services
- Emails / texts inviting the recipients to events
- Electronic messages sent for networking purposes
- Offers of contests, discounts, specials etc.
Myth #2: CASL will not be enforced until 2017
CASL’s requirements respecting CEMs come into force on July 1, 2014. After that date, the regulators may enforce it and may impose penalties (which, at their extreme, are $1,000,000 for individuals and $10,000,000 for corporations).
There is a three year transitional period, but that transitional period only applies in very specific circumstances. It should not be interpreted as meaning that CASL will not be enforced before July 1, 2017, because that is simply not the case.
The only parts of CASL that come into force in 2017 are the sections dealing with private rights of action. Basically, CASL allows plaintiffs to issue a civil claim against an offender, but those actions may only be commenced after July 1, 2017.
Myth #3: CASL does not apply to non-profit organizations and charities
CASL applies to non-profit organizations in the same manner as to for-profit businesses.
Registered charities are subject to CASL’s requirements, except for CEMs that are sent for the “primary purpose” of raising funds for the charity. Since not all CEMs sent by charities are for the “primary purpose” of raising funds, charities must ensure that they comply with CASL’s requirements.
Myth #4: If all I need is consent, I can simply email the recipient a request for his / her consent
CASL prohibits the sending of a CEM to anyone, without having first obtaining the recipient’s consent in a specified form (with limited exemptions). However, obtaining consent may not be as simple as sending an email asking for consent. That is because CASL states that an email sent for the purpose of seeking consent is prohibited.
Myth #5: My business can rely on the business to business exemption
The “business to business” exemption allows a business to send a CEM to another business with having to obtain consent, but only if the businesses have an existing relationship and the content of the CEM is relevant to the recipient’s role within the business.
Because this exemption is narrowly construed, it is presumptuous to rely on it for all CEMs sent between businesses.
Myth #6: I can rely on previously obtained consent under privacy legislation
It is unlikely that previously obtained consent to collect and use personal information under privacy legislation will be considered acceptable for CASL purposes.
Myth #7: CASL’s computer program requirements are only relevant to IT businesses
It is true that, if you are in the information technology industry, you are likely going to be subject to CASL’s requirements regarding the installation of computer programs. However, many consumer products contain computer code that would be captured by CASL’s requirements as well (e.g., vehicles, electronics, toys etc.). The manufacturers, distributors and retailers of those products should ensure that they are complying with CASL.
- Swinging the privacy rights pendulum – The recent proposed amendments to Canada’s privacy law regime - November 28, 2023
- Breaking the “glassdoor” – Dealing with online reviews by employees - August 29, 2023
- The unreliability factor of using AI in the workplace - June 27, 2023