CASL – Anti-spam Legislation

On July 1, 2017, the transition period ended for Canada’s new anti-spam legislation (“CASL” – pronounced ‘castle’) [1]. This means that businesses and individuals doing business in Canada should be CASL compliant though the entire act is not yet in order. For example, the private right’s provision for litigants to sue under CASL has been suspended. However, what does this mean for businesses and individuals engaging in business activities? To the point, why should they care? Simply put, it means that unaware businesses or individuals could be caught by this new anti-spam legislation and face significant exposure from regulatory bodies but also lawsuits in the future.

The Canadian Radio-Television & Telecommunication Commission (“CRTC”) is responsible for investigating violations and complaints under CASL. The CRTC has the power to levy fines against non-compliant senders. Fines for a CASL violation can range up to $1 million dollars for individuals and $10 million dollars for “any other person” (which broadly includes corporations, societies, partnerships, ect). As well, these violations attract directors/officer’s liability, meaning company directors can be personally liable for these fines.

The first question is what exactly does CASL cover? That is not an easy question to answer given the number of exemptions. At this time, it does not include voice calls, faxes, etc. CASL does cover “spam”, but more broadly covers “commercial electronic messages”. This is defined in CASL as any electronic message that has the purpose of encouraging participation in commercial activities. A specific example is an electronic message that “offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land”, or offers in relation to a “business, gaming or investment opportunities”. CASL goes further and also includes any related advertising or promotion in the previous offers described, or promotes a person who does or intends to do any of the aforementioned.

Exceptions to commercial electronic messages include messages of a personal nature or where the sender has a family relationship with the person. Furthermore, there are a number of exceptions where the sender and receiver have an ongoing business relationship, or where a sender is responding to an inquiry regarding commercial or business services.

Senders of electronic commercial messages should ensure that express consent is properly documented in the event of a complaint. A key component of each commercial electronic message is that the sender must provide a working unsubscribe mechanism that works for at least 60 days, there is no cost to the receiver, and any requests must be processed without delay. But if a business does not have an existing business relationship or consent cannot be implied (or another exemption made out), then that business cannot attempt to solicit express consent by email. They would be limited to contacting the person by telephone, regular mail or some other means.

Again, one of the key reasons of having best practices, by documenting and ensure compliance, is that CASL contains a due diligence defense for violations. That is, a person must not be found liable for a violation under CASL if “they establish that they exercised due diligence to prevent the commission of the violation”. It is too early to tell how aggressive the CRTC will be in enforcing violations now that the CASL transition period has ended. Given the costly risk of each violation, it is safe to assume it would be money well invested to ensure an organization is CASL compliant.

[1] CASL’s full title is An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 201, c. 23.