News - Fresh Data Archive Article

Return to Fresh Data Blog
Return to Fresh Data Archive

Every Email (in Canada) Has Its CASL

Date: April, 2014 --

On July 1, 2014, Canada’s Anti-Spam Law goes into effect. The law was adopted in 2010 and has been subject to rule-making and interpretation exercises since then. This law has been described by one commentator as “the harshest of its kind among G8 countries”. Here we outline the core principles of the statute and some “high level” compliance recommendations. Be advised, if your database contains Canadian email addresses, you need to protect your company from potentially serious consequences.

 Warning to Those South of the (Canadian) Border

In particular, American marketers must recognize the following three critical differences with the CAN-SPAM law with which they are likely more familiar: 

(1) Unlike CAN-SPAM, this is an “opt-in” statute. It’s up to the marketer to obtain consent before sending a commercial email or other commercial electronic message. In short, you can’t prospect with email without explicit consent from those whom you are emailing.  

(2) The statute applies to senders no matter where in the world they may be; you must comply with the statute or face potentially ruinous litigation.

(3) Potential fines are stratospheric.


The statute prohibits the sending of any “commercial electronic message” to any “electronic address” in Canada without the recipient’s “expressed prior consent”, where the purpose is to promote or establish a commercial activity. It’s more than just email; it covers text messages, sound messages through email files or otherwise, voice messages and images sent to an electronic address.  By the way, the bill prohibits “sending’; it’s still a violation even if an unsolicited message is trapped in an ISP’s spam filter and never reaches the addressee.

As more and more digital platforms develop which marketers can use to promote their offerings, it will be the wise company which asks itself whether the deployment of that platform will involve a “sending’ of your company’s commercial offer to an electronic address in Canada. For example, if your LinkedIn page attracts Canadian links which you intend to market to through postings that get distributed automatically, do you disclose this intent somewhere prominently? Your probably should get “expressed consent” to those requesting or offering to link to your site.  

Other Coverage

The law’s requirement of expressed consent also applies to the “installation of computer programs”. The purpose and function of the program must be clearly described beforehand, and of course this would be in the context of a commercial relationship. This will not apply to updates and upgrades done in the normal course of maintaining the program. Also, express consent is considered to have been given in the case of computer programs such as cookies, HTML code and Java Scripts where it is reasonable to believe from their conduct that the person wants the program to run on their computer. One supposes that this would be the case regarding on-line meeting and communications programs. While most of these ask for a webinar attendee’s consent to load, some do not. It would be wise to check the disclosures and consent acquisition protocols of the programs you use.    

In addition, the un-consented acceptability of hard to delete adware is questionable, since most of it does not explain itself coherently or completely.  

Consent Must Be “Expressed”

Under the law, a business must obtain the “expressed” consent of the recipient before sending commercial emails or other electronic messages, unless there is an “existing business relationship” or “an existing non-business relationship.” In the case of pre-existing business and non-business relationships, a 3-year transitional period starts on July 1 during which consent to send commercial electronic messages is implied. 

It would, however, be unwise not to put in place an aggressive “consent acquisition” campaign regardless of that transitional period, unless your customer file is very carefully “time” delimited.  The transitional period exception won’t apply to relationships not existing on July 1.  

             Certainly opt-in tools on websites will be critical, and might constructively specifically mention that the individual is consenting “with respect to Canadian legal requirements for commercial electronic messages”. 

It will be wise to maintain a record of date, time, and substance of the consent in the customer file you maintain, or in a communications history file.

A “Business” Relationship

What constitutes a “business relationship” under the law is basically a matter of common sense. The statute defines the relationship in terms of actions or messages relating to actions.  Generally, if it feels like business, it’s a business relationship. A business relationship includes enquiries also, but only for a duration of six months per each relationship.

The “non-business relationship” is similarly a matter of common sense.  The non-business relationship might have involved a donation or a charitable gift made within the previous two years, such as to a political party, charity or a candidate for public office.

And, of course, there are exceptions to the consent requirement. 
            These include:

- Responding to a request for a quote

- Employment-related matters 

- Information regarding a subscription, membership, or maintenance arrangement of the addressee

- Information regarding delivery of a product or service previously ordered

- Personal messages


Don’t Dismiss This Threat


The penalties for violation of this statute are terrifying: up to $1 million for individual violators and up to $10 million for business violators. The fines are “per violation,” which could refer to a campaign, or to each message within the campaign. No one knows what that term means, and it will be left for a judge to determine. But do you want to be the test case for the courts to decide which it is? 


Worst of all, unlike any other anti-spam legislation we know of, the statute creates a private “right of action” for any individual or business that has been affected by a violation.  Thus, those 1,500 very annoyed Canadian housewives you inadvertently sent an offer to could seriously gang up on you. To further focus the attention, corporate officers and directors can be held personally liable for violations. Finally, recall that Canadian lawyers, like their American colleagues, will work on a contingent fee basis. 


While it’s your responsibility to ensure compliance, Data Services is here to assist with your worldwide email marketing programs and international data quality management requirements covering 240 countries and territories. Need help with compliance in Canada or elsewhere? Feel free to reach out and we’ll put you in touch with the right people to lend a hand.