I got a call this week from a client asking if Canada’s new anti-spam/anti-malware legislation (CASL) applies to non-Canadian organizations. (It was one of the plethora of calls I got this week on CASL.) When I answered that CASL did indeed apply extra-territorially I was confronted with one of the many gasps of frustration I have also been encountering recently with this law (which several years ago I dubbed Canada’s Anti-Speech Legislation (CASL) because of its major chill on legitimate electronic messages).
Posts Tagged ‘CASL’
CASL compliance is a major challenge for Canadian organizations. The new legislation which regulates sending commercial electronic messages and the installation of computer programs is the toughest law of its kind anywhere.
To help organizations comply, McCarthy Tétrault has created a web page that compiles useful resources to help in developing and implementing compliance programs. It has also updated its very popular CASL Toolkit to take into account recent developments including the Industry Canada regulations and RIAS and the CRTC regulations and guidance documents.
Orgnaizations that need assistance in understanding and complying with CASL can request a copy by following the directions at the McCarthy Tétrault website.
The CRTC just released a new FAQ on CASL. It contains little that is new and repeats much of what it had been previously said including in its two Guidelines. The focus of the FAQ are the anti-spam prohibitions. Some highlights are.
These FAQs have been prepared by Commission staff in order to provide general information with respect to commonly posed questions about Canada’s Anti-Spam Legislation (CASL). This material is not to be considered legal advice, nor does it reflect a decision, policy or interpretation of CASL and/or its accompanying regulations, by the Commission, Office of the Privacy Commissioner, the Competition Bureau or, Industry Canada. Please note that this information may be subject to change.
If it was not clear enough before that there are many problems with CASL, it became evident when Industry Canada released the final regulations and the Regulatory Impact Analysis Statement (the RIAS). CASL takes an extremely broad “ban all” approach to regulating commercial messages and the installation of computer programs. This structure makes the exceptions particularly important because every CEM sent without consent (and following the prescribed rules) and every computer program installed on any computer (machine or device) without consent (and making the required disclosures) as part of a commercial activity will be illegal. The regulations purport to address some of the major necessarily inadvertent consequences with CASL’s breadth and structure. See, CASL Industry Canada regulations: summary and comments. However, they fall short in many very important respects.
Here are slides from a talk I gave earlier in the year to Justice Canada on the topic of approaches to Internet regulation. It used CASL of a case study of what not to do. The slides referred to the Alberta Court of Appeal decision in the United Food case. That decision has since been affirmed by the Supreme Court in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC (summarized here)
The Government has published final regulations and the Regulatory Impact Analysis Statement (RIAS) related to Canada’s anti-spam legislation (CASL). It has also published a copy of the Order in Council fixing the date when the Act will come into force. They are available on the fightspam.ca website.
Most of the Act will take effect on July 1, 2014. The sections of the Act related to the unsolicited installation of computer programs or software will come into force on January 15, 2015. The private right of action comes into force on January 1, 2017.
Industry Canada Minister James Moore announced today that the new Industry Canada CASL regulations will be published in the Canada Gazette on December 18, 2013, just over a year after the second draft regulations were published for comment.
The final regulations are now also available on the fightspam.ca website along with an Explanatory Note, a Regulatory Impact Statement and an Order dealing with when CASL will come into force. CASL will come into effect on July 1, 2014. However, the computer program portion will only take effect on January 15, 2015. The private right of action will not come into force until July 1, 2017.
Earlier today I gave a speech at the 19th Annual Regulatory Compliance for Financial Institutions conference on the application of the OSFI B-10 Guidelines to outsourcing and cloud computing transactions. I came early to hear a presentation on CASL given by Kelly-Anne Smith, legal counsel at the CRTC.
In addition to providing an overview of some of CASL’s provisions and the CRTC regulations and guidelines, she provided some information about CASL that many have been wondering about including the following:
Earlier today, I had the pleasure of attending a conference of the Barreau de Montreal on the subject of Canada’s anti-spam/spyware law (CASL). I was on a panel with Bill Abbott , Senior Legal Counsel, Legal Affairs, Bell Canada, Lynne Perrault , Director of the Division of Enforcement of electronic commerce, with the CRTC, and Stephanie Rich, Assistant General Counsel, protection of privacy and ethics, Aimia.
My talk was titled Canada’s anti-spam law – An FAQ. My slides are set out below. Let me know how many questions you know for certain you got right and how many you were unsure of.
Contrary to a popular misconception, Canada’s anti-spam law (CASL) will apply to Canadian universities. Unlike universities and charities in other countries like Australia that have specific exemptions, CASL will impose significant burdens on these organizations even though they are the least likely offenders and have very constrained resources, making compliance even more difficult for them.