With only five weeks left before Canada’s Anti-Spam Legislation’s (CASL) main requirements come into force, one of CASL’s regulators, the Canadian Radio-television and Telecommunications Commission (CRTC), has released a series of much anticipated “FAQs” . Many have hoped (including yours truly) that this publication would provide answers to the many questions that arise from CASL’s complex and sometimes contradictory provisions. Unfortunately, the CRTC fell short of giving us these answers. If anything, the FAQs have raised additional questions and concerns for those of us practicing in the area.
Despite the many questions left unanswered, one thing remains clear—the CRTC is taking CASL seriously and intends to enforce it.
Email service providers beware – the CRTC has cast its net and you are big fish!
Email service providers (such as Google, Yahoo, Microsoft and countless others), would be surprised to learn that the CRTC considers them responsible for violations of CASL by their subscribers. According to the CRTC’s FAQs: “the email service provider—still shares its responsibilities with its clients in terms of ensuring that the CEMs are sent with valid consent (either express or implied) and contain an unsubscribe mechanism. Both the email service provider and its clients are sending, causing or permitting to send [commercial electronic messages], and as such, they both have obligations under CASL.”
Of all of the FAQs, this is the most surprising and concerning of all. Surely, Parliament could not have intended CASL’s scope to extend that far, and this interpretation may not survive a court challenge. Nonetheless, email service providers should consider including CASL compliance requirements in their terms and conditions of use. Otherwise, the CRTC may come knocking.
The CEM requirements will be enforced by the CRTC as of July 1, 2014
Contrary to widespread misconception about CASL, there is no “grace period” after CASL comes into force. CASL’s requirements regarding the sending of commercial electronic messages (CEMs) come into force on July 1, 2014 and will be enforced by the CRTC from that date forward.
Directors and officers liability
According to the CRTC, directors, officers, agents and “mandataries” of a corporation can be held personally liable for the organization’s violation of CASL, if they “directed, authorized, assented to, acquiesced in, or participated” in the commission of the violation.
CASL’s application to social media
CASL defines CEM as an electronic message sent to an “electronic address”. Obviously, that would include an email or a text. But what about a message sent through social media, such as a tweet, or a message sent though LinkedIn or Facebook?
According to the CRTC: “whether communication using social media fits the definition of “electronic address,” must be determined on a case-by-case basis, depending upon, for example, how the specific social media platform in question functions and is used. For example, a Facebook wall post would not be captured. However, messages sent to other users using a social media messaging system (e.g., Facebook messaging and LinkedIn messaging), would qualify as sending messages to “electronic addresses.”
Unfortunately, this statement does not go far enough in clarifying the extent to which CASL’s requirements apply to social media communications. What it suggests is that the CRTC considers messages sent through social media to be subject to its consent and information requirements.
For more information about CASL and its complex regulatory regime, check out my posts here and here, or contact a lawyer with expertise in the area.
- Swinging the privacy rights pendulum – The recent proposed amendments to Canada’s privacy law regime - November 28, 2023
- Breaking the “glassdoor” – Dealing with online reviews by employees - August 29, 2023
- The unreliability factor of using AI in the workplace - June 27, 2023
Maanit Zemel says
David,
Thank you for your comment. I agree that there are various interpretations to “email service providers”. It can be very wide in scope and many companies can be caught by this description. It is unfortunate that the CRTC has not made its intentions in that regard clear.
David Collier-Brown says
The term “email service provider” has both a general sense that fits ISPs like Yahoo or Rogers, and a technical sense, that of a company that specializes in sending mass e-mailings.
I’ve dealt with the latter on a political campaign, and note that they are very concerned about consent, allowable volume and the like, as they are acting as their customer’s agents.
I can well imagine the CRTC wanting them to be fully aware of changes in their core business.