skip to main content

Guelph 519 837 2100Fergus/Elora 519 843 1960| Toll Free 1 800 746 0685

Jul 2, 2014|Article

Canada’s Anti-Spam Legislation: Overview and Compliance

Canada’s Anti-Spam Legislation: Overview and Compliance

By: Scott B. Allison


Having come into effect July 1, 2014, Canada’s Anti-Spam Legislation (CASL) will have wide-ranging implications for Canadian business communications. One of the core purposes is to regulate the transmission of unsolicited electronic messages, more commonly known as “spam”. It is the broadest and most severe anti-spam legislation yet to be introduced in the world, and the complexities and ambiguities of its provisions are not easily untangled.

The following will attempt to serve as an introductory guide to identifying and understanding the scope, risks and requirements under the new legislation for e-communications. The legislation also regulates the installation of computer programs, but those provisions will not be addressed in this paper. As with any new legislation, it awaits to be seen how the governing bodies or courts will address issues of compliance or enforcement of the provisions, but there is plenty here to get started on. To best avoid the consequences of non-compliance, organizations should be taking action now to evaluate and update their e-communications practices.

What does CASL Govern?

Most importantly, CASL governs the transmission of any “commercial electronic message” (CEM) to an electronic address. Defined broadly in the legislation, a CEM is any electronic message sent where, based on what is included in the message (content, links to web pages, or contact information), it would be reasonable to conclude that any part of its purpose is to “encourage participation in a commercial activity”.

To provide context, a few key definitions from the legislation are in order:

  • “commercial activity” means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct that is carried out for the purposes of law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defence of Canada.
  • “electronic address” means an address used in connection with the transmission of an electronic message to (a) an electronic mail account; (b) an instant messaging account; (c) a telephone account; or (d) any similar account.
  • “electronic message” means a message sent by any means of telecommunication, including a text, sound, voice or image message.

Illustrating a general theme within the legislation, these definitions are very broad and appear to be aimed at capturing all manner of commercial activities and forms of electronic messages. Exemptions to these definitions are discussed below.

Simply put, the legislation acts to prohibit the sending of CEMs unless the following conditions are satisfied:

  1. The person to whom the message is sent has consented to receiving it; and
  2. The message complies with prescribed form and content requirements.

While the requirements may not appear particularly onerous, the legislation provides for penalties where they are not strictly adhered to, and such penalties are discussed below. Complicating matters is the provision that an electronic message sent for the purpose of obtaining consent to send CEMs is also considered to be a CEM, and therefore cannot be sent without consent.

Exemptions from CASL

CASL and its subsequent regulations have carved out certain types and forms of CEMs that are generally exempt from the prohibition altogether.

The exempt forms of CEM are:

  • Interactive two-way voice communications between individuals.
  • Facsimiles sent to a telephone account.
  • Voice recordings sent to a telephone account.

    The exempt types of communications include those that:

  • Are sent between people that have a personal or family relationship.
  • Are sent to a person engaged in a commercial activity and consists solely of an inquiry or application related to that activity.
  • Are sent between representatives of the same organization.
  • Are sent between representatives of different organizations where a “relationship” exists.
  • Are sent to someone who has made a request, inquiry or complaint or otherwise solicited the CEM.
  • Are sent to satisfy a legal obligation or to enforce or provide notice of legal right or actions.
  • Are sent and received on an electronic messaging service (ie social media platform).
  • Are sent to a limited-access secure and confidential account (ie online banking account).
  • Are sent by a person who reasonably believes the message will be received in a foreign state and complies with the law of that foreign state.
  • Are sent by or on behalf of a registered charity for the purposes of raising funds for the charity.
  • Are sent by a political party or candidate for the primary purpose of soliciting a contribution.

    CASL also provides that some CEMs do not require consent, but are subject to the form and content requirements, including those that solely:

  • Provide a quote or estimate in response to a request for such a quote or estimate;
  • Aid in carrying out a previously agreed to commercial transaction.
  • Provide warranty, product recall, safety or security information to a purchaser or user of that product.
  • Provide notification of use or purchase of products under a subscription, membership, account, loan or similar relationship, or information about an ongoing subscription, membership, account or loan.
  • Provide information directly related to an employment relationship or benefit plan that the recipient is currently involved.
  • Delivers a product, including updates or upgrades, further to a previous transaction.

While this list serves to eliminate a number of infringing communications, exempt communications should be approached with caution. Most notably, the latter set of exemptions require that the communication is solely for the purpose set out, and thus any additional information, requests or promotions by the sender could render it non-exempt.

Where Consent Implied

While generally requiring express consent, CASL provides that certain circumstances will create a presumption of implied consent by the person to which a CEM is sent, including the following:

  • Where the sender and recipient of the CEM have an existing business or non-business relationship.
    • Business relationships require that the sender and recipient have engaged in certain types of business (i.e. a purchase, transaction, lease, or other contract) within the previous two years, or where the recipient has made an inquiry to the sender within the last six months.
    • Non-business relationships include those where in the last two years an individual has made a gift or donation or performed volunteer work in relation to a charity or political organization or become a member of certain clubs, associations, or volunteer organizations.
  • Where the recipient has “conspicuously published” (ie on a website for their business) or disclosed to the sender (ie by providing a business card) their electronic address without indicating that they do not want to receive unsolicited CEMs, and the CEM is relevant to their business, role, functions or duties.

This would indicate that until a proper relationship exists, a potential contact’s relevant details must be kept in mind when sending them CEMs.

Obtaining Express Consent

Where CASL requires express consent, it must be “a positive or explicit indication of consent”. This means that “opt-out” options using either “I do not want to receive” messages, or pre-checked boxes that require a consumer to uncheck the box to indicate they do not want to receive messages, are no longer sufficient for consent. A consumer must now take a positive action (i.e. checking a box or orally agreeing to receipt) to consent to receiving CEMs. Another important consideration is that any consent is to be clearly and separately identified, not merely bundled within general terms and conditions of sale.

In order for a consent request to be valid under CASL, it must include the following information:

  • The purpose for which consent is sought;
  • The name or organizational name of the person seeking consent;
  • Where consent is sought on the behalf of another person, their name and a statement indicating which person it is being sent by and which persons it is being sent on behalf of;
  • The mailing address, and a the phone number, email address or web address for the person seeking consent or the person it is being sent on behalf of; and
  • A statement indicating that the person can withdraw their consent.

Express consent will be valid until revoked or for three (3) years from the date it is provided.

CEM Form and Content Requirements

Once consent has been obtained to send CEMs, the CEMs sent must contain particular characteristics. Outside of the indicating the purpose of the message, the message must include the same information required to obtain consent, and additionally must provide a mechanism for the recipient to “unsubscribe” from receiving the messages.

The unsubscribe mechanism contained within the CEM must allow the recipient to indicate that they wish to no longer receive CEMs from the sender, and there must be no cost to the recipient for this option. The unsubscribe mechanism must be contained on a website for at least 60 days after the CEM is sent, and the recipient’s indication to unsubscribe must be put into effect no more than 10 business days after the indication has been sent.

Enforcement and Penalties

The Canadian Radio-television and Telecommunications Commission (CTRC) will be the agency responsible for enforcement of the legislation. The legislation provides for “administrative monetary penalties” of up to $1,000,000 for individuals and $10,000,000 for corporations. 

The legislation also provides for a private right of action for those affected by contravention of the legislation, which is set to come into force July 1, 2017. This is to allow time for compliance to be fully implemented and sort out any issues that arise once the legislation comes into effect. Penalties under the private right of action are currently set at $200 per infraction, up to $1,000,000 per day of non-compliance.

Tips for Compliance

Due to the broad scope and ambiguities included within the legislation, compliance with CASL will not be a simple task for most businesses. The legislation is likely to affect a number of areas within the business, and require alterations to various current practices. This will involve an ongoing step by step process to both ensure and maintain compliance. The following is a list of additional suggestions to help ensure CASL compliance:

  • Familiarize yourself with the CASL requirements;
  • Communicate your learning to create buy-in at various levels of organization;
  • Compile an inventory of all processes related to sending CEMs, managing addresses and consent lists, and collecting consents;
  • Identify any gaps within your processes and develop compliance programs and database capabilities;
  • Develop templates to meet CEM requirements, documents to collect express consent;
  • Train all staff in compliance;
  • Audit compliance regularly and update your processes where necessary 

If you have any questions or would like more information, Scott Allison can be contacted at (but he would politely ask that you do not send any unsolicited commercial electronic messages to this address).