The Clock Is Ticking: Canada’s Anti-Spam Law Coming Into Force In Less Than A Month
By Bernice Karn
The clock is quickly ticking to July 1, 2014, when one of the most stringent anti-spam laws in the world will come into force. To educate businesses about the new legislation, the Canadian Radio-television and Telecommunications Commissioner (the “CRTC”) recently held a number of information sessions aimed at offering stakeholders some visibility as to how it intends to enforce Canada’s Anti-spam Legislation (“CASL”). It also published a revised and supplemental version of its frequently asked questions ("FAQs"). Nevertheless, uncertainty remains as to how, and in what circumstances, CASL will be enforced.
CASL was introduced in 2010 but its coming into force was delayed while its two sets of associated regulations where being finalized. The CRTC registered the final version of its regulations in March 2012, and Industry Canada, following a lengthy consultation period, released its final version of the Electronic Commerce Protection Regulations in December 2013 (collectively, the “Regulations”).
CASL, the Regulations, and the related guidelines will govern how businesses communicate with Canadian recipients of commercial electronic messages (“CEMs”). Given its reach (it also applies to CEMs originating from outside of Canada) and the significant penalties for non-compliance (including Administrative Monetary Penalties of up to $10 million), CASL will have an important impact on how businesses communicate with consumers in the digital age.
Under CASL, an electronic address is broadly defined as an address used in connection with the transmission of an electronic message to an email account, a telephone account, an instant messaging account or any other similar account. It was unclear whether “similar account” would capture social media accounts. Without providing much detail, the CRTC recently indicated that certain social media platforms may constitute a “similar account,” but that an ultimate determination will be made on a case-by-case basis.
Although “direct messages” sent within social media platforms such a Facebook or Linkedin are considered to be CEMs, they will be exempt from the requirements of s. 6 of CASL if there are adequate information and unsubscribe mechanisms available in the user interface of such sites. So far, the CRTC has not provided much in the way of guidance about how the user interface disclosure requirements can be met in order to take advantage of this exemption. Arguably, messages posted, published or broadcast on social media websites and blogs (e.g., a tweet), are not considered to be “direct messages” since they are not sent to a specific electronic address.
Given that many social media platforms do not provide adequate information and unsubscribe mechanisms, it is unclear whether the “direct message” exemption is even practically available to businesses on some of the most popular social media platforms.
Encouraging a Commercial Activity
In determining whether a social media message is in fact a CEM caught under CASL, a key question for businesses has been whether it would be reasonable to conclude that one of the purposes of the message is to encourage participation in a commercial activity.
Based on recent CRTC guidance, the applicable standard is whether “one of the purposes [is] to encourage the recipient to participate in commercial activity” [emphasis added]. This appears to narrow the scope of CEMs caught by CASL only to those that are destined to a particular recipient (as opposed to capturing any CEM which encourages participation in a commercial activity). Although helpful, we note that the statutory language employs the broader language and the guidance provided by the CRTC is not binding.
While CASL questions tend to be fact specific to each organization, the CRTC has published additional non-binding guidance in the form of a transcript of one of its presentations and an additional slide show. Some highlights of this non-binding guidance include the following:
- “personal relationships” only exist between individuals, so corporations may not take advantage of the “personal relationship” exemption;
- express opt in consents, if “valid” under the Personal Information Protection and Electronic Documents Act, will be recognized by the CRTC as compliant with PIPEDA, even if the request for consent did not contain all of the required disclosure under CASL;
- when responding to requested fee quotes, the message sender does have to provide disclosure and unsubscribe mechanism in its return message, even though the recipient has requested the message. It seems that, due to the financial nature of the response, the respondent is not able to avail itself of the complete CASL exemption found in the Regulations that excludes electronic messages sent to respond to “inquiries”;
- for the transition period under CASL where existing business and non-business relationships may be relied upon for up to three years following July 1, 2014, so long as those relationships involved the exchange of CEMs, the CRTC has clarified that, for the purpose of this special transitional rule only, organizations may go back in time well beyond the normal two year rule that applies to those relationships, stating that “you could go back 25 years in theory.”
While the CRTC has attempted to address some of the concerns raised by stakeholders, the fact remains that the expansive statutory language and the high degree of discretion vested with the CRTC in determining what is (and is not) caught under CASL leaves significant uncertainty as to how businesses can operate post-July 1.
In particular, businesses implementing “direct message” marketing and advertising initiatives through social media platforms, should not assume they are exempt under CASL. Similarly, they should be careful how they design their messages to recipients as they may be encouraging participation in a commercial activity that may be caught under CASL.