Canada’s Anti-Spam Law (CASL) - interpretation and opinion
There is a new law in the Canadian online marketing space called Canada’s Anti-Spam Law or CASL for short. When laws change everyone gets worried. There are good reasons for this worry; all of the best practice are suddenly cast into doubt, and what was bedrock knowledge suddenly shifts underfoot until a new best practice evolves. Since most best practice related to regulation is essentially what doesn’t get you sued, it can be a time-consuming process to find the new normal.
Now, I need to point out the obvious for a moment. I’m not a lawyer, I don’t play one on TV, and I have no special powers to completely and absolutely determine how Canadian courts will interpret CASL. So, please do not use this blog post as legal advice and instead refer to your own legal counsel as to how your own email marketing activities are affected by CASL.
Luckily, Industry Canada takes the questions of marketers seriously and I was able to get some further insight on how this law will roll out into regulations by talking with a representative of the department. Note that even Industry Canada can’t dictate how the courts, the CRTC Competition Bureau, or the Office of the Privacy Commissioner will apply the law, so these notes are also not legal advice.
To stay on top of regulatory guidance, which is coming, sign up for the Fight Spam email alerts to stay on top of this issue.
- Current opt-in best practice is enshrined in this law, if you’re following best practice you’re already 90% compliant (but make sure you review your activities so you stay on-side). In this case best practice is complying with PIPEDA, enabling obvious opt-outs, etc.
- If you have a list that you have built that contains express consent then your list is fine and you can continue using it
- If your list has implied consent, a 3-year transition period is available. During the period express consent must be acquired or the contacts must be removed
- Implied consent is granted for those with a business or personal relationship. These relationships are strictly defined in the full text of the Act. For marketing purposes this usually means:
- In most cases marketers will use the provision for an “existing business relationship”. The downloading of a PDF or signing up for a newsletter fall under the barter of product or service provision and are allowed
- Buying of lists is not prohibited as long as the list was collected adhering to both CASL and PIPEDA (which means the contact must know that the list may go to a 3rd party). These are lists where the members on the list have given consent for “unknown third parties”
- However, opt-outs must now be communicated with list owners so that anyone unsubscribing from your list is also unsubscribed from the source list, and any other companies that have purchased the list
Send to a friend
There has been some worry in the industry that the CASL regulations will disallow websites from using “send to a friend” or “social sharing” functionality. This is not true.
- For any Email to a Friend or Sharing you must present the rules about what constitutes a business or personal relationship to the sharing person so they accept responsibility for the shared information. This can be in the “fine print” but it must exist
- The email must be identified as coming from the sending user, best practice is to use “on behalf of” functionality, for example “From: Digital Rx on behalf of Brad Einarsen“
- Ensure that there is an opt-out on the email so that a user can disallow any further emails from the website (however, this recommendation may not be necessary, see below)
UPDATE Feb. 21, 2012: there is a Send to a Friend form on the Fight Spam CASL website which creates an email that does not have an opt-out. (It also does not clearly define the concept of a relationship, either). Here is the email that it generates:
From: IMCEANOTES-Brad+20Einarsen+40ICGC@ic.gc.ca – 10:36 AM (47 minutes ago)
Brad Einarsen has recommended that you check out this page:
This page was sent using the “Email to a friend” feature. Your email address has not been added to any list, and has not been retained on our site.
So, the situation remains a bit unclear regarding the need for an opt-out for Send to a Friend functionality. It seems excessive to make this a requirement. Hopefully this will be answered with the guidance being drafted. Stay tuned for updates as they become available.
Messaging can also be triggered via social media share buttons and other mechanisms, there is a question about how CASL interacts with social media. Some notes:
- CASL has no effect on broadcast-style social media where users are sharing information on their own social media profiles (for example, sharing to their Facebook wall or Twitter stream)
- CASL does come into effect if the private messaging tools on the different channels are used (for example, Facebook Messages or a direct message on Twitter)
- A grey area remains where another user is mentioned by name on Twitter (@username) as this isn’t a direct message but it is likely the user will see it
Risk of frivolous lawsuits
The main risk isn’t that the branded website will actually send spam emails as defined in CASL. The main perceived risk is that individuals will try and use the system to launch frivolous lawsuits against the company. This is not a significant risk because:
- Each email in violation triggers a $200 penalty (“statutory damages”) plus any actual damages, so for legitimate email (where there are no actual damages) it takes a lot of them to add up to a significant amount
- Lawsuits must be filed in the Provincial Superior Court or the Federal Court so there are fees required
- In Canada the filer can be held responsible for the defense’s legal costs and even court time if the case is deemed frivolous
So, when it comes to how CASL will affect eCRM once it comes into effect, remember The Hitchhiker’s Guide to the Galaxy: “Don’t Panic”, and remember your towel.
Weekly Digital Health Newsletter