Is that email you’re about to send out to your marketing list worth $10 million? And I don’t mean in potential revenue. I mean fines.
Today, July 1, 2014, the Canadian Anti-Spam Legislation (CASL) comes into effect and it has some serious bite. CASL requires any person who sends commercial electronic messages (CEM) to recipients in Canada to first receive the express consent of each recipient of the CEM. A CEM is any electronic message including email, text messages, and instant messages that encourage participation in a commercial activity. CEM is also any message that includes a link to a website promoting commercial activity. Unsolicited messages requesting a person’s request for consent to send future CEM is also considered CEM.
On January 15, 2015 another section of CASL comes into effect that will require the express consent before any person attempts to install a computer program onto a computer system located in Canada. Under the new law, a computer program means, “data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function.” These types of installation would include mobile app and desktop computer software updates.
The request for consent must be clear and conspicuous. Consent obtained as part of a customer’s agreement to general terms of service or end user licenses is not sufficient to meet the new requirements. Contacts who either expressly opt-out or who do not respond are to be excluded from future CEM.
All future CEM is required to include:
- Information that clearly identifies the sender,
- Provides contact information of the sender (valid for up to 60 days after the date of the CEM), and
- Simple and effective unsubscribe mechanism.
CASL does recognize and permit CEM under implied consent from the recipient. Implied consent is deemed given if the sender and recipient have or had an existing business relationship that arose within the prior two years. Implied consent expires on July 1, 2017 if the contact was made before July 1, 2014; and two years after the date of first contact if made after July 1, 2014.
There is good news for U.S. franchisors with franchisees in Canada; messages sent within a business organization concerning the activities of the organization are exempt from CEM. CEM sent to the customers of those franchisees, however, would eventually require express consent before any implied consent expires.
Violations of CASL come at a pretty hefty price with maximum per violation fines of up to C$1 million for an individual and C$10 million for a company. Beginning on July 1, 2017 individuals will be able to bring private lawsuits against violators and CASL does allow for class action claims.
I know what you’re thinking, “But this is a Canadian law and I run a U.S. business. How can it apply to me?” CASL applies to messages sent from or to a computer system located in Canada. So if the recipient of your email, e-newsletter or text message blast is located north of the border, CASL will apply to you.
The question many American companies will be asking, however, is how the law would be enforced against senders of CEM who have no presence or assets in Canada. In the three years CASL is in effect before the private right of action is allowed, three Canadian governmental agencies are charged with enforcement. Will those agencies bring actions against foreign violators? Would a U.S. court enforce judgments issued against U.S. persons?
Only time will tell how these questions will be answered, and we will post updates as they happen.