Canada: Canada's Anti-Spam Act: The Time For Action Is Now!

Copyright 2011, Blake, Cassels & Graydon LLP

Originally published in Blakes Bulletin on Business, July 2011

If you are engaged in business in Canada and communicate with your customers and suppliers using some form of electronic messaging, Canada's Anti-Spam Legislation (CASL, or the Act) will soon place significant restraints on your ability to send electronic messages.¹

CASL is expected to be in force early in 2012. The Act will establish one of the most stringent anti-spam regimes in the world. It will apply to all "commercial electronic messages" (CEMs) that include not only email but also text messages, instant messages and messages sent through social networking sites. While CASL will only apply if the electronic message can be said to be a "commercial" electronic message, such messages merely need to encourage participation in conduct of a commercial character, whether or not there is an expectation of profit, to be caught by the Act. Moreover the onus will be on senders of CEMs to prove that they met the Act's numerous requirements. In particular, unless specifically permitted by the legislation, the recipient of the CEM must have consented to receiving the CEM before it was sent. This is referred to as an "opt-in" system and differs from an "opt-out" system with which companies operating in the U.S., and most other international jurisdictions, may be familiar. It is worth noting that an electronic message requesting consent to receive further CEMs is itself a CEM and, therefore, cannot be sent without the consent of the recipient.

Each CEM must meet several form and content requirements. Among other things, each CEM must provide an unsubscribe mechanism whereby recipients can indicate that they do not consent to receiving any further messages.

Failure to meet CASL's CEM requirements may lead to significant liabilities for a business. A single violation by a corporation could be subject to an administrative monetary penalty as high as C$10-million. CASL also provides for a private right of action that will allow any person who believes they have been affected by breach of the Act to apply to a court to seek redress. The court order may require the person who contravened the Act to pay the applicant a specified amount of damages for each day on which the violation continued. Civil damages may also be sought by way of class action, leading to significant risks of liability exposure for all businesses.

In order to be adequately prepared for the Act's introduction, it is very important to review internal communications practices within your organization and seek professional advice on how the Act may affect your business as there are some important and complex exceptions to the requirement for seeking express consent. An effective compliance program will likely include the early adoption of a mechanism for collecting express consents from as many of your business contacts as possible before the Act comes into force. However, in order to ensure that express consent obtained currently continues to apply when the Act is in force starting in 2012, it would be prudent to comply with the form and content requirements as set out in the Act now.

Draft Regulations
CASL anticipates that many of the details of the CEM regime can be provided or refined through regulation. At present, two sets of regulations have been issued in draft form. The draft regulations provide additional detail on:

• the information that must be contained in each CEM;
• the information that must be contained in a request for consent to receive CEMs;
• the requirements of the unsubscribe mechanism;
• an option to provide some information by way of a link to a website (available in limited circumstances, where not "practicable" to include in the message); and
• what constitutes a "family" or "personal" relationship for purposes of an exemption for the opt-in requirement.

In the draft regulations recently published by Industry Canada, nine of the 12 areas in which the government was given authority to make rules under the CASL have not been addressed. Some of these unaddressed areas could have clarified the requirements under the Act or provided greater latitude in terms of exemptions from the Act. For example, the government has chosen not to provide rules identifying additional circumstances in which consent is not required for a CEM, despite Parliament's invitation to do so in the Act.

Moreover, the draft regulations may raise issues that will require clarification. For example, the draft regulations refer to situations where it will be "not practicable" to include required information in a CEM. It is likely that this refers to messages subject to character constraints (SMS messaging, for example), but this is not specified, and accordingly, the scope of that provision is uncertain.

Finally, several of the regulatory provisions increase the compliance burden. Under the draft regulations, to meet the "personal relationship" exception under the Act, the sender and recipient must have met in person. In the context of a regime governing online behaviour, it seems strange not to recognize a personal relationship between persons who meet and interact solely online. Moreover, while the Act allows for people to request consent to receive CEMs on behalf of a third party, the draft regulations place a significant burden on the requester to ensure that the third party complies with specified obligations. Accordingly, companies will want to carefully consider their ability to control the actions of third parties before requesting any consent on their behalf.

Footnote

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.