Businesses engaged in e-marketing in Canada beware: a new anti-spam law is coming into force soon that will impose harsh penalties for non-compliance. Not limited strictly to email, the legislation prohibits the sending of all kinds of unsolicited electronic messages, which could include text messages, instant messages, and even messages on Twitter and Facebook. Corporations caught violating the new law will face fines of up to $10 million, while individuals will be liable for up to $1 million.

The Act is officially known by its unmemorable long title An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010, c 23. However, several commentators have been referring to the legislation as “Canada’s Anti-Spam Law” (or CASL for short) and the name seems to have stuck.

Among the stated purposes of CASL is to cut down on unsolicited and unwanted emails which hog ISP bandwidth, force businesses to invest in anti-spam technologies and generally waste people’s time. More broadly, the purpose of the Act is to curb conduct that “impairs the availability, reliability, efficiency and optimal use of electronic means to carry out commercial activities.” In addition to unsolicited emails and messages, CASL also takes aim at practices such as spyware (legitimatelooking computer programs that secretly harvest users’ data and proliferate spam) and phishing (trustworthy-looking emails that encourage users to divulge personal information).

Anti-Spamming Provisions

The main prohibition in s. 6 of the Act says that it is illegal to send an electronic message of any kind unless the recipient has consented to receive the message, either explicitly or implicitly. This sets up an optin framework whereby marketers may only send electronic messages to recipients who have already granted consent to be contacted.

Consent can be granted either expressly or implicitly. Implied consent will be found when:

  • there is an existing business relationship or non-business relationship between the sender and recipient;
  • the recipient has published his or her electronic address in a conspicuous place (such as a website) and the message is relevant to the person’s business; or
  • the recipient has disclosed his or her electronic address to the sender and did not indicate a desire not to be contacted and the message is relevant to the person’s business.

So, in situations where the recipient has given the marketer his or her business card or posted his or her electronic address on the internet there will presumably be implied consent, so long as the message is relevant to the recipient’s business. Qualifying “non-business relationships” include volunteer and charity work as well as membership in clubs and athletic associations.

Certain types of communications are exempt from the prohibition, including:

  • messages to individuals with whom the sender has a personal or family relationship;
  • messages to individuals engaged in commercial activities where the message consists solely of an inquiry or application related to that activity;
  • messages sent via telephone or fax;
  • messages relating to warranties, product safety or recalls; and
  • messages providing notification of factual information about ongoing subscriptions or memberships.

Businesses engaged in electronic marketing – including those who do not consider themselves spammers – should be aware of the new law and the fact that they may be caught by some of the anti-spam provisions despite their legitimate intentions. The consent provisions of CASL are particularly complex, with some types of messages requiring repeated ongoing consent from recipients. Furthermore, marketers must now include “unsubscribe” mechanisms with their messages which comply with the strictures of the Act.

Anti-spyware provisions

In addition to targeting unsolicited electronic messages, CASL also contains provisions designed to stop companies from using spyware, malware and other malicious software to spread spam and steal personal information. Professional spammers are known to use networks of computers infected with viruses (known as “botnets”) to proliferate spam messages on a broad scale.

Under s. 8 of CASL, no person may cause an unauthorized computer program to be installed on a computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system.

As with the anti-spam provisions, spyware programs may still be installed if the user expressly consents to it. However, the user must be given full disclosure about the nature of the program, and if any program functions conflict with the user’s reasonable expectations it may be sufficient to nullify the consent. For certain types of internet-related programs such as HTML code, web cookies and Java Scripts consent is presumed to exist, so long as they are not used in a misleading fashion.

Enforcement

CASL includes stiff penalties for noncompliance and several quasi-criminal enforcement mechanisms. As previously stated, corporations can be liable to pay administrative fines of up to $10 million for non-compliance, while individuals can expect fines of up to $1 million. Furthermore, the Act creates a private right of action in favour of any party who was affected by a violation of the Act. This means that private parties may sue in court to recover statutory damages for each violation. Applicants may recover up to $200 for each contravention, up to a maximum of $1 million for each day in which a contravention occurred. This provides another significant deterrent for potential spammers, who may now find themselves liable to the people they spam for huge sums of money. In the context of a class action this could be huge. Directors, officers and agents of companies engaged in CASL offences can be personally liable if it is found that they directed, authorized, assented to, acquiesced in or participated in the commission of the offence, whether or not the corporation is proceeded against.

Overall, CASL should be a relief for businesses and ISPs struggling to cut down on spam and spyware, but could pose a trap for anyone looking to market their wares or services electronically. Anyone engaged in e-marketing should be aware of the new law and high penalties and ensure their practices comply with the consent scheme of the new Act. CASL was passed by Parliament in December 2010 and is expected to come into force in the next few months.

Sotos LLP would be pleased to advise you on your internet marketing activities to ensure compliance with the new legislation.