CASL: insights into Canada’s anti-spam law at the Lexpert conference

May 6th, 2014 by Barry Sookman Leave a reply »

Last Wednesday I had the pleasure of chairing a conference on Canada’s anti-spam/spyware law (CASL). The Lexpert conference covered the anti-spam, computer program and Competition Act aspects of the new law. The speakers brought useful insights into interpreting CASL and its regulations as well as practical guidance on implementing compliance programs. The slides from some of the speakers are set out below.

The conference was attended by Philip Palmer, a former Justice Canada lawyer and one of the individuals who played a lead role in drafting CASL and the initial regulations. He was on an “Ask the Experts” panel with David Canton and I. In the course of the conference and during the panel discussion he provided some helpful personal opinions about CASL that are worth sharing. Among them:

1. Express consents obtained before CASL comes into force that comply with the common law standard for such consents will remain valid under CASL. (At common law, an express consent is one that is given in a clear and unmistaken manner.)

2. S.6(6) of CASL regards the types of electronic messages listed under that section as CEMs for the purposes of providing the identification and unsubscribe information. However, because these messages do not require any consents to send them, they can continue to be sent even if the recipient has previously asked to be unsubscribed from receiving CEMs. The risk though remains that the CRTC will consider the failure to give effect to an unsubscribe message (s. 11(3)) to be a separate violation under s. 6.

3. An IP address is not an electronic address, even if the IP address can be connected to a recipient. Behavioral advertising linked to an individual’s IP address is not covered by CASL.

4. S.66 of CASL grandfathers certain implied business and non-business existing relationships without regard to the time period referred to in ss.10(10) or 10(13). That means that such relationships are grandfathered for the three year transition period regardless of when the act that gave rise to the relationship occurred.

5. The only time where a request for consent must be sought separate from the general terms of use or sale is when requesting a consent to install a computer program that has the “spyware” or “malware” features listed in s10(5). It is not required when obtaining consents to send CEMs, as suggested in the CRTC Interpretative Guidelines.

6. An opt-out consent is not an express consent that would be compliant with CASL. As such, a pre-checked opt-in box would not be an express consent. However, a pre-checked opt in box could might be CASL compliant if the user was required to expressly confirm agreement with all of the options displayed in  a sign up page.

7. S.11 of CASL requires CEM senders to provide an option for recipients to unsubscribe from receiving all messages from the sender. The sender is regarded as the legal entity sending the message and not the division or part of the business sending the message. The requirement to provide an unsubscribe option for “any specified class” of messages is optional. The range of choices including to provide the option or not, and the types of options, are at the discretion of the CEM sender.

8. S.67, which purports to grandfather consents for existing computer programs does so by implying a consent. However, to provide an update or upgrade to a computer program a prior express consent is required. The transitional provision accomplishes this by implying the necessary express consent.

9. Ss.10 and 11 and the CRTC regulations prescribe message identification and unsubscribe requirements where messages are sent “on behalf of” third parties. The term “on behalf of” is intended to address agency or representation arrangements. The term was not intended to extend to co-branding, co-marketing, or affiliate marketing arrangements, even where one entity provides input over the content of the marketing or the message recipients.

10. CASL does not apply to the core activities of educational institutions such as colleges or universities. The Office of the Privacy Commissioner reached a similar conclusion with respect to PIPEDA.

11. The computer program provisions which apply only where a person installs a computer program on another person’s computer systems applies to downloads e.g. applications that are pulled as well as those that are pushed.

12. The B2B exception can apply to individuals who conduct a business as a sole proprietorship, as a sole proprietorship is an organization.

13. CASL would survive a Charter or other constitutional challenge. He did mention a potential problem with s.6(6), something he has written about before.

Other presenters also had insights in CASL. Many of them are in their slides which are set out below.

Dominic Jaar from KPMG gave the following presentation.

 

Wally Hill from the CMA gave the following presentation.

 

Monica Papendick from the CIBC gave the following presentation.

 

Dan Glover from McCarthy Tetrault gave the following presentation dealing with the computer program changes .

 

Mike Fekete from Oslers and Howard Fohr from BlackBerry gave the following presentation dealing with the computer program changes.

 

Oliver Borgers  from McCarthy Tetrault gave the following presentation on changes to the Competition Act.

For more information about CASL, see, CASL: the unofficial FAQ, regulatory impact statement, and compliance guideline.  

Print Friendly, PDF & Email
Advertisement
%d bloggers like this: