We’ve been talking a lot about Canada’s Anti-Spam Legislation (CASL) lately. This piece of legislation will affect how Canadian organizations send electronic messages to consumers, including email, voice, text, and sound missives – so it has a pretty big impact on most businesses’ day-to-day workflow.
In response to a Twitter chat we held on CASL last week, Mark Jeftovic of easyDNS gave his readers a quick rundown of what CASL means. We welcomed the chance to respond and were glad to see the chat sparked some interesting discussion.
However, I do want to address one point he makes:
“To be honest, I don’t find anything earth shaking in here. Certainly not the shock to the system I was expecting after seeing some of the “will your business be ready? #BeCASLReady!” hoopla I’ve seen online.
I don’t think there is much in here that legitimate businesses do not already do, in some shape or form. Pretty well every commercial mailing I get from “real” businesses already:
- clearly identify who they are (or who it was sent on behalf of)
- are not misleading in their subject lines
- give me a clear path to unsubscribe
While it’s true that some businesses are clueless (some hopelessly so) a lot of them either get LART-ed into shaping up by their own customers or select themselves out of the gene pool by failing because they’re so inept anyway.”
Much of what Jeftovic has written makes sense, but his conclusion has missed the mark, given everything we’ve been reading and hearing about CASL. (Note: I am not a lawyer either, but I have been speaking to a few lawyers and following CASL through our Twitter chat and through a workshop organized by IT World Canada and the law firm of Heenan Blaikie LLP).
The basic thrust of CASL is that Canadian organizations will no longer be able to send commerical electronic messages to consumers without getting some form of consent. Legitimate businesses may clearly identify themselves, use coherent subject lines, and provide a direct unsubscribe mechanism.
However, any commercial electronic message from a business to a consumer falls under the scope of CASL. A “commercial electronic message” is defined as any form of telecommunication encouraging the recipient to participate in commercial activity. These forms of telecommunication include email, voice, sound, or text messages, as well as “emerging forms of messages” that may not have even been invented yet.
So it doesn’t matter if businesses follow the guidelines Jeftovic listed – they still don’t have the right to send any commercial electronic messages to consumers first, unless they A) have consent from the recipient; or B) the messages fall under certain exceptions listed in CASL.
Penalties for non-compliance can reach up to $1 million for individuals and $10 million for businesses. Statutory damages can also reach up to $200 per violation of CASL, with a single email or text message considered a violation. While it’s very unlikely anyone will get hit with the maximum fine on their first offense, it can still be a blow to a business’ reputation to receive repeated notices about their failure to comply with the law.
Under CASL, consent comes in two forms – through express consent and implied consent. While Jeftovic touched on these during his post, the definitions may differ a little. During a workshop held Monday at the offices of Heenan Blaikie LLP, lawyers Adam Kardash and Joanna Fine explained the differences between the two.
Express and implied consent
Express consent means a recipient has said they are willing to receive commercial electronic messages from an organization. Consent has to be received in writing or orally, with oral consent demonstrated by getting some kind of proof like date/time stamping. Prechecked boxes do not count – for example, if a business has an option at the bottom of a Web site checked off, saying, “Yes, I wish to receive offers,” that isn’t truly considered express consent.
Requests for express consent need to include the purpose for which the consent is sought, as well as some of the sender’s contact info, like a mailing address, phone number, email address, or Web address. The request must also clearly indicate the recipient can withdraw his or her consent at any time. And if third-parties like marketing partners or affiliates also want to send messages to this recipient, they also need consent.
Express consent is not time-sensitive.
Implied consent is more common, and it’s something Jeftovic mentioned in his post. This is when a sender and a recipient already have an “existing business relationship.” That means either a purchase of a product, a signing of a contract, or when a customer sends a business an inquiry or application.
However, this kind of consent is time-limited. It’s only good for two years after a purchase has been made, two years after a contract has expired, or six months after an inquiry or application has been submitted.
Exceptions to CASL
Other exceptions include sending messages in a B2B context. For example, if a recipient has conspicuously posted an email address somewhere, like at a networking event, or has left business cards, that may represent an existing business relationship under CASL.
Transactional messages are also OK – if a commercial electronic message is just providing a quote or estimate, or if it confirms a transaction, it doesn’t require consent under CASL.
Also, if a commercial electronic message is sent between two parties that have a “personal” or “family” relationship, those do not require consent. The definition of “personal relationship” is still a little murky and Industry Canada has revised it a few times, but it includes a relationship with direct, voluntary two-way communication where the recipient has indicated he or she does not wish to receive commercial electronic messages.
What about overseas spam?
Farther down in his post, Jeftovic argues CASL will have the greatest impact on legitimate businesses, which already follow good practices and have a mechanism allowing consumers to opt in to mailing lists. He writes spammers and malware rings don’t follow the law anyway.
That’s true. One of the attendees at the workshop with Heenan Blaikie had the same question.
“This legislation will have no impact on someone sitting overseas firing off unwanted spam messages,” said Kardash during his presentation. “What it will do is provide Canada, the last G8 country to get this, with anti-spam legislation … dropping a hammer on someone sitting in Toronto or Montreal. This provides a very clear hammer.”
But given Canadian businesses have to follow Canadian law and are under CASL, many probably do need to revisit how they reach out to consumers – and ensure they understand the law and are ready for it when it arrives.
For more on CASL, check out some of our past pieces here: