It is expected that Canada's new Anti-Spam Legislation (CASL) will come into force later this year, and with it will come significant changes for how businesses and individuals may send people "commercial electronic messages" (CEM), including emails or text messages.
CASL aims to create a safer online environment by targeting issues relating to spam, such as unsolicited commercial messages, phishing and unauthorized installation of software. While the global volume of spam has fallen in recent years, it still totals approximately 70 per cent of all email sent, and remains a key vehicle for identity theft and online fraud.
CASL will mark Canada's movement from an "opt-out" to an "opt-in" system for the receipt of CEM, or installation of software by third parties, based on expressed consent from the recipient. Fines for breaching prohibitions in CASL are significant, with organizations subject to up to $10 million, and individuals up to $1 million. CASL also creates the ability for individuals to sue offenders in their own capacity. However, while CASL is touted as one of the most stringent anti-spam laws in the world, the change may not be as rapid, or as stringent, as some have portrayed.
THREE AREAS OF IMPACT
From the perspective of legitimate businesses, CASL will have three areas of impact.
First, it will regulate CEM, which are electronic messages that encourage participation in a commercial activity, regardless of whether there is an expectation of profit.
Second, CASL will regulate the installation of software onto a person's computer.
Third, CASL will prohibit the alteration of transmission data for CEM.
A number of industry groups have taken the opportunity offered by the Canadian Radio-television and Telecommunications Commission (CRTC) and Industry Canada to raise concerns with respect to CASL.
For example, Microsoft Canada raised concerns over computer security being potentially compromised by limiting when updates could be applied. The Canadian Automobile Dealers Association expressed concern over a potential inability of its members to "acquire" lists of contacts as they had done to date.
While each regulated area begins with a prohibition except in the face of express consent, in practical terms, there are significant exceptions, exemptions and transitional provisions that will provide time to adapt.
CONSENT IS KEY
CASL creates a regime where CEM cannot be sent without the recipient's consent. This includes messages sent via social networks (Facebook, Twitter, LinkedIn), as well as text messages and emails.
However, for three years after the coming into force of CASL, senders can rely on "implied consent" of the recipient. Examples of implied consent include a pre-existing business relationship, or email sent in response to a request, inquiry or complaint. There are exceptions for CEM sent within broadly defined personal and family relationships, CEM sent to publicly available email addresses, and business-to-business email. Furthermore, there is an exception for third-party referrals, allowing businesses to grow contacts without need for consent.
When seeking expressed consent, businesses need to be mindful of several points. Requests for consent to receive CEM must not be buried in consent to general terms and conditions, or even for installation of a computer program. Consent to receive CEM must be clear and separate. When seeking consent on a website, a pre-checked box giving consent to subscribe to communications will no longer be acceptable. The box must be unchecked so the consumer actively chooses to "opt-in."
Lastly, any time expressed consent is obtained, it should be recorded, along with the date and time of consent, as it is the sender of a CEM that bears the onus of proving consent, if challenged. Any CEM sent with expressed or implied consent must comply with specific form and content requirements. This includes having an unsubscribe mechanism which must be "clearly and prominently" displayed, and be able to be readily performed.
Furthermore, the sender of the CEM must be clearly identified, along with a means of contacting the sender via mail as well as via telephone, email or a web address. This information must remain accurate for 60 days.
SPAM WON'T BE TOTALLY CANNED
Once CASL goes into effect, it will not eliminate spam, not least because spam often arrives from other countries, and malicious emails often come from those who do not pay much heed to applicable legislation.
However, the quantity of spam that Canadians receive is expected to drop, and it is hoped that CASL will provide consumers with a greater say in what they receive, making electronic communications more valuable by reducing abuse of them.
Anti-spam laws are no guarantee of permanent results. After all, China passed anti-spam laws in 2007 and, while seeing an initial reduction in spam, it rocketed to the top of the list for sources of spam in 2012.