Express Consent CASL app

Check out this new iPhone app (Android app coming soon) that helps solve the CASL problem of getting and proving you have consent to send email to people that you have just met, such as at a networking event.

Sometimes when legislation like CASL comes in like a freight train, it gives rise to opportunities for entrepreneurs and problem solvers.  This is an example of an innovative solution to help solve some of the difficult challenges that CASL brings.

(Disclosure – this was developed by a client.)

CASL now in force

You may be tired of hearing about CASL, and tired of getting the consent requests that people were sending out before July 1.  The pre July 1 scramble was done because sending an email to request consent is now itself considered spam.  But we may still see requests, which can be sent if the recipient fits into one of the exceptions.

In hindsight, I wish I had kept track of the number of consent requests I got, how many of those were not technically compliant with CASL, and how many were from entities I’d never heard of that were just trolling for contacts.

There are uncertainties over the interpretation of many parts of CASL, but it can’t be ignored.  Businesses need to do the best they can to comply and demonstrate diligence.  CASL compliance will be an iterative process over time as the interpretation hopefully becomes more clear. While the CRTC will no doubt focus on real spammers, anyone can complain, and you never know who they might choose to make an example of.  Don’t set yourself up to be that example.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw

CASL hits next week – are you ready?

CASL – Canada’s new anti-spam legislation – becomes law on July 1.  It is a sledgehammer to kill a fly approach to spam that requires attention by almost every business and not for profit.  In my view, the significant amount of time, effort, and money that it will take for legitimate businesses and not for profits to comply with the act will come nowhere close to justifying any meagre benefit.

Many business have complied, many are just waking up to it now, and many are ignoring it.  It doesn’t help that the act has a broad definition of spam that goes way beyond the drugs, diets and deals emails that the average person would consider spam - then picks away at it with a myriad of convoluted exceptions.  Many can’t believe that such an act was passed in the first place.  But CASL is not going away any time soon.  At some point someone is going to take a run at the constitutionality of it – but that could take years.

Given the significant potential sanctions for non-compliance, resistance is futile.

If you have not taken steps to comply yourself, do it now.

When you get an email requesting consent, do the sender (and yourself) a favour and grant your consent if it is something you want to keep getting.  If the email is for something you don’t want, or from someone you have never heard of before that is trolling for new contacts, consider unsubscribing instead of just ignoring it – ignoring it is not the same as unsubscribing.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw.

CRTC releases CASL compliance program bulletin

The CRTC just released another bulletin regarding CASL – Compliance and Enforcement Information Bulletin CRTC 2014-326.  It sets out “Guidelines to help businesses develop corporate compliance programs”.

The bulletin sets out CRTC thoughts on best practices for the development of corporate compliance programs for both CASL and the do not call rules.  It is worth taking a look at, because having a proper compliance program in place reduces the likelihood of a violation, helps establish a due diligence defence (a due diligence defence may not give a complete pass on a violation, but will reduce the consequences), and helps avoid director and officer personal liability.

Keep in mind that these bulletins do not have the force of law, and don’t bind the CRTC. And as the bulletin rightfully points out, all businesses are different, and small businesses don’t have the same resources as large one.

For more information on CASL search my blog for “CASL”, or visit the HP CASL page.


SCC “gets” tech – government not so much

Far too often – at least in my opinion – courts and legislators don’t seem to understand technology related issues or how the law should fit with them.  The Supreme Court of Canada, however, got it right with Spencer, which basically says that internet users have a reasonable expectation of anonymity in their online activities.  Last Fall the SCC sent a similar message in the Vu case saying that a general search warrant for a home was not sufficient to search a computer found there.  And that trend will hopefully continue with its upcoming Fearon decision on the ability to search cell phones incident to arrest.

While the SCC seems to now “get it” when it comes to privacy and technology, the federal legislature doesn’t seem to.  It has continually tried to erode privacy with a series of “lawful access” attempts, the latest of which may be unconstitutional given the Spencer decision.  Another example of the federal legislature not “getting it” is the CASL anti-spam legislation, which imposes huge burdens on normal businesses and software providers.

Cross posted to Slaw  

Clarification on CASL charity exemption?

Imagine Canada has published an Issue Alert resulting from discussions it had with Industry Canada about the charitable exemption to the anti-spam legislation. They say Industry Canada is interpreting this exemption broadly, which would be good news for charities.

The regulations contain an exemption that says the act does not apply to messages ” … sent by or on behalf of a registered charity as defined in subsection 248(1) of the Income Tax Act and the message has as its primary purpose raising funds for the charity”.

It was unclear how broad that exemption is in practice, given the broad definitions of CEM. Did it, for example, apply to fundraising events, or for tickets being sold by a theatre or orchestra?

Imagine Canada says Industry Canada has advised them that the exemption does apply to messages selling those things, and that ” .. “if the commercial activity is undertaken to carry out the charity’s mission, and the funds go directly to the charity to support its work, then it likely falls under the exemption.”

This is not a complete free pass for charities on CASL.  The act may still apply to some commercial activities of a charity, and might apply if a newsletter is laden with third party ads.

Lets hope Industry Canada or the CRTC adds this clarification to their own FAQs soon to give us further comfort on this.


CASL observations

I was at a conference on CASL (anti-spam) last week chaired by Barry Sookman.  His summary of conference highlights is worth reading.  Below are some of my observations based on both that conference and my CASL dealings with clients so far.

Large companies are spending millions of dollars to comply with CASL.  Small business is struggling to comply and to make sense of how to comply and why it is even needed. But you can bet that the true spammers will just continue to try to hide from the regulators.

Opt-in rates for attempts to get express consents so far have in some cases been abysmal – low single digit %. I suspect there are a number of reasons for that. Many on the mail list don’t care (meaning it’s a waste of time to send to them anyway). But many actually do want it and are not paying attention, who will eventually wonder why they stop getting things.  The challenge is to request consents in a way that will encourage a quick and easy yes – meaning that the use of marketing professionals may be key to getting a good response rate.

There is so much uncertainty around CASL interpretation that CASL compliance will be an iterative process.

No software solutions are available for the average business to track CASL compliance.  There is a business opportunity to develop affordable mini-CRM software that meets CASL rules and evidentiary requirements and can tie in with bulk mail programs and contact management systems such as Outlook.

The CASL software consents that kick in in January 2015 have the potential to cause real havoc.  They are being overshadowed now because of the looming July 1 date for CEM, and that the software consent issue only applies to those creating software.  These rules are unprecedented, and there is a danger that many offshore software developers will simply not offer their products to Canadians rather than taking the time and effort to comply.

(Cross posted to Slaw)




Spam now so you can Spam later

CASL - the new Canadian anti-spam act - comes into force July 1.  It contains extensive, complex provisions that apply to the sending of any email that has a hint of a commercial purpose (a “CEM”).  In the short term it may increase the amount of email we get.  We have all received emails from mail lists we are on asking us to confirm our consent.  But there is another reason we may get more.  The reason goes like this:

CASL requires express or implied consent from the recipient before a CEM can be sent.

The act contains a transitional provision that gives up to 3 years to get express consent. (The section is below.) To take advantage of that, there must be a current or prior business or non-business relationship with the recipient AND that relationship must include communication of CEM.

Couple that with the fact that after July 1 you can’t send an email to request consent (unless there is implied consent).

So to pull as many email addresses as possible into the transition provision, maximize express consents, and give the longest possible time to obtain them, the tactic is …?

Before July 1, pull together every email address you can get from every person that you can fit into the business or non-business relationship category, and send CEM to them.

The transition section:

66. A person’s consent to receiving commercial electronic messages from another person is implied until the person gives notification that they no longer consent to receiving such messages from that other person or until three years after the day on which section 6 comes into force, whichever is earlier, if, when that section comes into force,

(a) those persons have an existing business relationship or an existing non-business relationship, as defined in subsection 10(10) or (13), respectively, without regard to the period mentioned in that subsection; and

(b) the relationship includes the communication between them of commercial electronic messages.

Cross posted to Slaw.

Anti-spam bill impact will be immense

For the London Free Press – February 10, 2014

Read this at

The Canadian anti-spam act comes into force July 1, 2014. If you think it won’t affect your business or not for profit because you don’t send mass e-mails trying to sell random products, you would be wrong.

It defines spam — the act calls it commercial electronic messages — so broadly that it will affect how most organizations communicate. The definition goes far beyond what the average person would consider spam. It then layers on a series of complex exceptions and implied consents that allows commercial electronic messages to be sent in certain circumstances.

Volume is irrelevant. One e-mail sent to one person can be spam, and subject the sender to a fine of up to $10 million. Starting in 2017, remedies will include a private right of action (the right of recipients to sue the sender) that allows for the payment of statutory damages. In other words, there will be no need to prove actual damages were suffered from receiving the message.

Depending on the nature of the message and the relationship between the sender and recipient, some commercial electronic messages can be sent without any conditions, some require an unsubscribe mechanism, and some can’t be sent at all.

Unfortunately the act’s biggest impact will be the compliance headache it will cause the average business or not for profit.

In the short term, we can expect to receive a deluge of e-mails requesting that we consent to receive e-mails from various entities for various things. In many instances recipients may be confused or perhaps ignore those requests, based on the thought that they are already getting the messages or have already consented.

Recipients may not understand that subtle differences in how consent is requested, granted or tracked.

Some things worth noting include:

  • Directors and officers can be personally liable if they participate in or acquiesce to violations under the act.
  • Charities benefit from some additional exemptions, but the act still applies to many things most charities do.
  • Commercial electronic messages are defined broadly to include more than e-mail — such as certain social media messaging tools.
  • The onus of proof is on the sender, meaning that the sender must track and document compliance on an individual recipient basis in order to defend itself from alleged violations of the act.
  • Consents to receive commercial electronic messages must be obtained in specific ways and by disclosing specific information.
  • Consents one already has that are sufficient for privacy legislation may or may not be grandfathered, as valid consents depending on the circumstances.
  • the act includes a three-year grace period for consents — but only in certain defined situations.
  • Sending an e-mail to request consent is itself considered spam.

Given the complexity of the Canadian anti-spam act and the consequences for non-compliance, businesses and not for profits can’t afford to ignore this. Legal help is available to assist. More information on the act can be found on the author’s blog by searching for “anti-spam” at