Upload
gowlings
View
760
Download
1
Tags:
Embed Size (px)
DESCRIPTION
In this presentation, Gowlings partner Paul Armitage provides an overview of Canada's Anti-Spam Legislation (CASL). Topics covered include: -What qualifies as a commercial electronic message (CEM) -Consent - express & implied -Content & format requirements -Third party marketing lists -Penalties -Transitional period To learn more, visit Gowlings' CASL Resources page at www.gowlings.com/casl.
Citation preview
Canada’s Anti-Spam Law (CASL)re: Commercial Electronic
MessagesPaul Armitage, [email protected]
2
CASL Basics
• CASL will be in force July 1, 2014 for CEMs
• CASL regulates “commercial electronic messages” (“CEMs”) with new requirements for consent, sender disclosure, and unsubscribe mechanisms
• Additional parts of CASL regulating software installations will be in force January 15, 2015
3
Does CASL Apply to the Message?
CASL covers:
• SMS
• Instant messages
• Messages to user accounts on social networks
• Messages to user accounts on portals
• Messages sent by telecommunication to similar accounts
4
Is the Message a “CEM”?
A CEM is a message which encourages participation in a “commercial activity”, e.g.,
• Offers to sell a product, service or interest in land
• Offers of a business, investment or gaming opportunity
• Advertisements or promotions for any of the above
• A request for consent to send CEMs
If the message does any of the above, then it is a “CEM” even if that is not its only or primary purpose
5
Is the Message a “CEM”? (con.’t)
CASL excludes several classes of message from its requirements:
• Interactive two way voice communications
• Messages sent via facsimile to telephone accounts
• Voice recordings sent to a telephone account
These messages are currently subject to the CRTC’s oversight via the Telecommunications Act and the Do Not Call List
CASL contains a provision that permits the government to repeal this exception AND the National Do Not Call List at a later date. If exercised, this would make unsolicited commercial telephone calls subject to the CASL requirements
6
Examples of CEMs
If the following is true: CEM (Yes/No)
The message promotes the organization as being able to provide a good or service
Yes
A recipient reasonably interpreting the “Re:” line or content is likely to conclude that the message contains an advertisement for the organization
Yes
Posting on the organization’s own website, portal or social media pages (other than to another user’s account)
No
The message contains a survey or newsletter and does not include any secondary marketing of the organization’s products or services
No
The message gives safety or security information about a product or service
No
7
Is the CEM Exempt? (Fully Exempt CEMs)
The following CEMs are fully exempt (“Fully Exempt CEMs”):• Internal communications between employees,
representatives, consultants or franchisees of the organization, and the CEM concerns the organization’s activities
• B2B communications between employees, representatives, consultants or franchisees of the organization and another organization which has a relationship with the organization, and the CEM concerns the activities of the other organization
• An inquiry or application related to the recipient’s commercial activity
• A response by the organization to a request, inquiry or complaint it receives
• Messages sent to satisfy a legal obligation or enforce a legal right (e.g., legal notice)
8
Is the CEM Exempt? (Fully Exempt CEMs) (con.’t)
• Messages sent to a limited-access secure and confidential account offered by the organization to which only the organization can send messages (e.g., secure portal for its user accounts)
• Certain instant messaging platforms whose interfaces meet the sender disclosure and unsubscribe requirements (see later), with the recipient’s express or implied consent
• Sent to a recipient in a foreign state which has anti-spam laws substantially the same as CASL and the message complies with the foreign laws (e.g., US, EU, Japan, China, Korea, and Australia)
• Communications between individuals with a “family relationship” or “personal relationship” (as defined in CASL) (see next slide)
• Messages sent by a registered charity for fund-raising• Messages sent by a political party, organization, or candidate
soliciting contributions
9
Is the CEM Exempt? (Fully Exempt CEMs) (con.’t)
The personal or family relationship exemption
“Personal relationship”
Must have had direct, voluntary, two-way communications
Must be reasonable to conclude they have a “personal” relationship
“Family relationship” Must have had direct, voluntary,
two-way communications Marriage A common-law partnership Legal parent-child
Note: siblings, cousins, aunts, uncles, etc. are not included
What Consent is Required to Send CEMs?
Except for Fully Exempt CEMs (see before), CEMs must:
• Either have express or implied consent, or
• Be transactional messages or referral messages which do not require consent
10
11
Express Consent
Express consent is opt-in consent which the organization has recorded and can substantiate if necessary
Examples Valid (Yes/No)
Signature on a consent form Yes
Checking an “I agree” box on a web page Yes
Oral consent recorded by the organization Yes
Clicking on a consent link in an email Yes
Pre-checked “I agree” box NoOpt-out box that recipient must check in order to decline consent No
12
Express Consent (con.’t)
When requesting consent, the following requirements must be met:
Requirements for Express Consent
Provide the purpose of consent (i.e., to receive CEMs)
Seek CEM consent separate from other consents (e.g., from a general consent to purchase the service)
Identify the organization seeking consent (or on whose behalf it is sought) by its business name and identify the party seeking consent
Provide the mailing address, and one (or more) of a telephone number, website, or email address of the organization seeking consent (or on whose behalf it is sought)
State that consent may be withdrawn
Note: Industry Canada has advised that express consents obtained before CASL comes into force (July 1, 2014) will be recognized as being compliant with CASL, even if the above requirements are not met
Implied Consent
Unlike Canadian privacy law, implied consent is not a general concept that can be assumed, but only exists under CASL in specific situations:
• An “existing business relationship” exists due to:
(i) The purchase, lease or barter of a good, service, or land interest by the recipient from the organization within the previous two years
(ii) Acceptance of a business, investment or gaming opportunity made by the organization to the recipient within the previous two years
(iii) An inquiry from the recipient to the organization about any of the above within the previous six months
(iv) A written contract between the organization and the recipient which is in force, or which expired within the previous two years
OR
13
14
Implied Consent (con.’t)
• An “existing non-business relationship” exists due to:
(i) A donation or gift made by recipient to the sender within the 2-year period immediately before the day on which the message was sent, where the sender is a registered charity, a political party or organization, or a person who is a candidate for election
(ii) Volunteer work performed by the recipient for the sender, or attendance at a meeting organized by the sender, within the 2-year period immediately before the day on which the message was sent, where the sender is a registered charity, a political party or organization, or a person who is a candidate for election
(iii) “Membership” by the recipient, in the sender, within the 2-year period immediately before the day on which the message was sent, where the sender is a “club, association or voluntary organization” (see next slide)
15
Implied Consent (con.’t)
• “Membership” is the status of having been accepted as a member of a club, association or voluntary organization in accordance with its membership requirements
• “Club, association or voluntary organization” is a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than personal profit, if no part of its income is payable to, or otherwise available for the personal benefit of, any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is an organization whose primary purpose is the promotion of amateur athletics in Canada
OR
16
Implied Consent (con.’t)
• The recipient has given (e.g., on a business card) or conspicuously published (e.g., on a website) his or her electronic address and
(i) Without indicating they do not wish to receive unsolicited CEMs, and
(ii) The CEM is related to the recipient’s business, role, functions or duties
Note: this does not apply to electronic addresses which have been harvested using automated tools, which is prohibited
17
Transactional Messages Not Requiring Consent
Consent is not required for transactional CEMs which solely: • Provide a quote or estimate in response to a request• Facilitate, complete or confirm a previously agreed upon
transaction• Provide warranty, product recall, or safety or security information
about a product or service the recipient uses• Provide factual information about an ongoing subscription, loan,
account, membership, or similar relationship• Provide information directly related to an ongoing employment
relationship or related benefit plan• Deliver a good or service, including a product update or upgrade,
as part of an existing transaction between the organization and the recipient
Note: secondary marketing of other organization products and services must not be included
Referral Messages Not Requiring Consent
• If the CEM is being sent to a recipient referred to the organization by another person, then consent is not required for the first CEM (only), so long as the following conditions are met:
(i) The person making the referral must have an “existing business relationship”, “existing non-business relationship”, “personal relationship” or “family relationship” with both the organization and the person being referred
(ii) The CEM must disclose the name of the individual who made the referral, and state that the CEM is a referral
18
19
Content and Format Requirements for CEMs
• Except for Fully Exempt CEMs (see slides before), all CEMs must meet sender disclosure and unsubscribe mechanism requirements
20
Sender Disclosure Requirements(e.g., in the email template)
• The organization sending the message and (if different) on whose behalf it is sent must be identified by business name, and the party sending the CEM must be indicated
• The mailing address, and one (or more) of a telephone number, website, or email address must be provided for the party sending the message or (if different) for the person whose behalf it is sent
• This contact information must be valid for 60 days after the CEM is sent
Note: If it is not practicable (e.g., for a text but not for an email) to include this information and the unsubscribe mechanism in the CEM, it may be provided by a clear and prominent link in the CEM to a web page which can be accessed by one-click and at no cost to the recipient
21
Unsubscribe Mechanism(e.g., opt-out in an email)
• The unsubscribe mechanism must be clear and prominent in the CEM and both:
(i) Use the same electronic means that were used to send the CEM, or if this is not practicable, another electronic means; and
(ii) Specify an electronic address or a link to a website to which the unsubscribe request can be sent
• Effect must be given to the unsubscribe request within 10 business days and at no cost to the recipient
22
Unsubscribe Mechanism (con.’t)
Examples of Unsubscribe Mechanism Valid (Yes/No)
An email CEM which permits the recipient to unsubscribe by responding to the email using the same address (or a different email address)
Yes
An email CEM which permits the recipient to unsubscribe by responding to the email using the same (or a different) address or by clicking on a link
Yes
An SMS CEM which permits the recipient to unsubscribe by texting back “STOP” or “unsubscribe”
Yes
An SMS CEM which permits the recipient to unsubscribe solely by clicking on a link
Yes
Unsubscribe Web Pages(e.g., managing user preferences)
• Must enable the recipient to indicate that he or she no longer wishes to receive:
(i) All CEMs, or
(ii) Specific classes of CEMs, so long as the option to unsubscribe to all CEMs is also given
23
24
Third Party Marketing Lists
CASL expressly provides for consent obtained on behalf of an unknown third party; however, it limits how this consent may be obtained and used:
• The party that seeks consent (i.e., the list-creating company) is required to comply with the standard CASL requirements for obtaining consent, including stating the purpose for the collection, and providing their name and contact information
• A person who relies on such a consent (i.e., the organization that buys or rents the list) must meet additional disclosure requirements for the message content
25
Third Party Marketing Lists (con.’t)
Message content when consent is obtained from a third party (e.g., list-creating company)
When a contact list is purchased from a third party, it is essential that the third party list be used separately from the organization’s own opt-in lists, as messages sent pursuant to the third party list are subject to additional disclosure requirements:
• The message must identify the person who obtained the original consent as well as the person who sent the message
• The unsubscribe mechanism must allow the recipient to remove consent from both the person who sent the message and the person who obtained the original consent
26
Misleading Advertising
• CEMs sent by the organization must not contain false or misleading statements, either in the literal words used or by the impression left, in the:
(i) “Re:” line of the CEM, or
(ii) Body of the CEM (in a material respect)
27
Misleading Advertising (con.’t)
When sending CEMs:
• DO NOT use overly broad or misleading statements in the “Re:” line in an attempt to catch the recipient’s attention, and then try to qualify the statements in the “fine print” in the body of the CEM
• DO include in the “Re” line next to the subject matter description of the CEM a notation like “terms and conditions apply” or “see message below for details and conditions”
• DO include all material terms and conditions about the product or service offered by the organization
28
CASL - Penalties
Administrative monetary penalties (AMPs) for violations:
• A fine of up to $1,000,000 for a violation by an individual
• A fine of up to $10,000,000 for a violation by a corporation
Factors for determining penalty:• Previous history of contraventions• Financial benefit received from offending activity• Ability to pay• Other
29
CASL – Penalties (con.’t)
Competition Act (Misleading Advertising)• Criminal prosecution• Fines/imprisonment possible
• AMPs• Corporation, fines of up to $10,000,000 for the 1st
offence; up to $15,000,000 subsequent
30
CASL – Penalties (con.’t)
July 1, 2017: private right of action for breach of CASL comes into force
• CASL creates a private right of action for persons who allege they have been affected by a violation. If the action is successful in court, the court may order: • Compensation equal to the actual loss or damage
suffered • Up to $200 for each contravention, not exceeding
$1,000,000 for each day on which a contravention occurred
• Up to $1,000,000 for each event of aid, induce, or procure a violation PLUS $1,000,000 for each day if actual violation
31
CASL – Penalties (con.’t)
Factors to consider in determining award in the private right of action:
• Person’s history of contraventions• Ability to pay• Financial benefit received by offender• Other
32
CASL – Penalties (con.’t)
• Private right of action will be available for any CASL violation unless CRTC has taken enforcement action, or CRTC has agreed to an undertaking (i.e., negotiated settlement) by the violating organization
• Will organizations self-report and settle with the CRTC to avoid the private right of action?
33
CASL – Penalties (con.’t)
• Liability extends to any person who aids, induces or procures a prohibited act
• Organizations are liable for acts of their employees within the scope of their authority
• Liability extends to officers, directors, agents, mandataries if they directed, authorized, assented to, acquiesced, or participated in the prohibited act
34
Transitional Period
• There is a three year transitional period (i.e., until July 1, 2017) after CASL comes into force during which implied consent will survive in cases of “existing business relationships” or “existing non-business relationships” which have included the sending of CEMs
• The transitional period provides an extended timeline for perfecting existing implied consent by seeking express consent
Thank You
montréal · ottawa · toronto · hamilton · waterloo region · calgary · vancouver · beijing · moscow · london
Paul Armitage, PartnerTel: 604-891-2755Email: [email protected]