CASL impacts Canadian marketers. And will also impact anyone marketing to Canadian consumers.
We have received many great questions from attendees who are using email marketing and other marketing tools to engage with their audience online.
We caught up with Shaun Brown, Canadian lawyer practicing at nNovation LLP and CASL expert, and asked him to provide guidance in response to the top questions we received about CASL.
Please note: The responses to these questions should not be considered legal advice. Please seek legal advice if you have any questions or concerns about how CASL may apply to your activities.
If I’m on social networking sites such as LinkedIn, Twitter, and Facebook: Is it considered express consent when people “like” or “follow” my page? Can I send messages to my fans (through the social platform or through email, or both)?
CASL establishes some specific requirements when requesting express consent for the purposes of sending a commercial electronic message (CEM). Senders need to ask for consent, and when they do, they must explain the purposes for requesting consent. A sender must also provide the prescribed identification information, and explain that recipients can unsubscribe in the future, as required by the Canadian Radio-television and Telecommunications Commission (CRTC) regulations. It seems unlikely that a “like” or “follow” could be characterized as meeting these specific requirements.
If I’m an exhibitor at an event: Can I collect business cards with the intention of building my contact list? Is the fishbowl method an acceptable form of obtaining consent?
I’ll address this in two parts.
First, it may be possible that the person collecting the business cards can rely on implied consent. CASL states that consent can be implied if:
- A recipient provides their electronic address directly to the sender.
- The recipient does not indicate that they do not wish to receive unsolicited commercial electronic messages.
- The commercial electronic message is related to the recipient’s business or official capacity.
It is arguable that the recipient is providing their electronic address directly to the sender when they put their business card in the fishbowl. Assuming this to be a proper interpretation of CASL, and assuming the recipient did not indicate that they do not wish to be contacted, then consent would be implied to send CEMs that are related to the recipient’s business or official capacity.
Second, it might be possible to obtain express consent. For example, a sender could post a sign next to the fishbowl stating that by entering a business card into the fishbowl, a user is providing express consent to receiving CEMs from the organization (not that exact language, but something that specifically describes what they are consenting to). The sign would also have to provide the prescribed identification information, and explain that they can unsubscribe in the future, as required by the CRTC regulations.
Without guidance and interpretation from regulators, we can’t say for certain that this is compliant with CASL. However, I personally do not see why it shouldn’t be. In my view, reaching into your pocket, pulling out a business card, and physically placing it in a fishbowl is a very clear expression of consent, just as if not more so than checking a box on a web form.
Just don’t forget that CASL states that any person claiming to have consent bears the burden of proving it. This means that when entering the person into an email system, it will be important to record certain information for evidentiary purposes, such as when and how the email address was collected.
If I’m a nonprofit: Are there specific regulations for me since I’m not selling anything?
CASL applies to any person who sends a CEM, regardless of who that person is. So, any organization that sends a CEM must comply with CASL. If the messages you are sending are not CEMs, according to this definition, then CASL does not apply.
A CEM is defined in CASL as:
An electronic message that, having regard to the content of the message, hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that…
(a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
(b) offers to provide a business, investment or gaming opportunity;
(c) advertises or promotes anything referred to in paragraph (a) or (b); or
(d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.
There are no exceptions or carve outs for nonprofit organizations, charities, etc.
That being said, there is a provision that allows organizations to send CEMs based on implied consent if there is an “existing non-business relationship.” An existing non-business relationship is deemed to arise where the sender: is a charity, political party or political candidate, and the recipient has volunteered, made a donation or given a gift within the previous two years; or is a club, association or volunteer organization of which the recipient has been a member within the previous two years.
It is worth noting that charities have raised concerns with Industry Canada regarding the potential impacts of CASL for fundraising. It is possible that we could see some allowances for charities in the final Industry Canada regulations.
If I already have an existing contact list: Do I have to reconfirm consent if I’ve been mailing to my contacts for years? How does “grandfathering” work?
It really isn’t possible to provide a simple or categorical answer to this question beyond saying that you may decide that you need to reconfirm at least some of the contacts on your list. It really is fact and case specific.
There are a few considerations worth pointing out. Senders not only need to have consent, but they bear the burden of proving it. Thus, you may be required to provide evidence that you obtained consent in compliance with CASL to the CRTC, which is the enforcement agency under the legislation, if you are ever investigated for violating CASL.
Even if you do not have express consent, you may be able to rely on implied consent. For example, an existing business relationship arises if the recipient has made a purchase from you in the previous two years. Furthermore, there is a transitional provision in CASL, which effectively extends the time period for an existing business relationship to three years after the day on which CASL comes into force.
Senders need to review their lists and whether they have express or implied consent for existing contacts. If they don’t, then they may need to consider a reconfirmation strategy or face the risk of violating CASL.
There is no “grandfather” clause in CASL for existing consent. However, the CRTC recently stated that it would provide some allowances for pre-existing express consent obtained in compliance with Canadian privacy legislation, such as the Personal Information Protection and Electronic Documents Act. What the CRTC is really saying is that they are not going to enforce CASL against someone who has obtained consent that is consistent with the requirements of CASL, but may not have included all of the prescribed information required in the CRTC’s regulations. Note that this only applies to consent obtained before CASL.
There have also been requests that Industry Canada include some form of “grandfather” clause in its final regulations, which may be published this fall or winter. So, stay tuned to see whether Industry Canada provides any provision for grandfathering existing consent when its final regulations are published (they will be on my blog as soon as they come available).