We are living in unprecedented times as the current Covid-19 global outbreak seems to be affecting various aspects of our daily life. As a result, organizations, businesses and other entities are faced with an increased need to send messages to the general public to inform them on a variety of Covid-19 related topics (e.g., a complete or partial shutdown of operations, newly implemented measures, a change in policy, or the various alternatives offered to the public etc.) There is no doubt that these messages are very important, however, they must be transmitted in compliance with Canada’s Anti-Spam Legislation (“CASL”)[1], which can be enforced by one of the following three Canadian government agencies:
The Canadian Radio-television and Telecommunications Commission (“CRTC”)[2] can issue administrative monetary penalties for violations of sections 6 through 9 of CASL;
The Competition Bureau can seek administrative monetary penalties or criminal sanctions under the Competition Act[3];
The Office of the Privacy Commissioner of Canada, which focuses on the following types of violations, namely: (a) unlawful collection of personal information (i.e., without consent) and (b) harvesting electronic addresses; and
possibly by the extraterritorial effects of foreign laws, such as the GDPR [4] (corresponding guideline), amongst others.
Three (3) practical tips to consider:
Ensure that the message does not become a: (1) “commercial electronic message” (“CEM”)[5] that (2) is sent to an “electronic address”[6];
If using social media platforms[7], ensure that you are using the correct messaging systems. Indeed, CEMs “sent directly to users through social media closed two-way direct messaging system, would qualify as sending messages to “electronic addresses” and CASL would apply”; and
If sending CEMs, ensure that you have: (1) obtained consent from the recipient and maintain records of same[8]; (2) provided identification information; and (3) provided an unsubscribe mechanism, as the recipient has the right to withdraw their consent at any time.
Want to find out more about CASL?
See Innovation, Science and Economic Development Canada’s websites at:
[1] S.C. 2010, c. 23, available at: https://laws-lois.justice.gc.ca/eng/acts/E-1.6/index.html.
[2] See: https://crtc.gc.ca/eng/internet/anti.htm; https://crtc.gc.ca/eng/com500/faq500.htm (the “CRTC FAQ”); and the information bulletins, available at: https://crtc.gc.ca/eng/dno.htm. See for example: Telecom Regulatory Policy 2012-183 (available at: https://crtc.gc.ca/eng/archive/2012/2012-183.htm); CRTC 2012-548 (available at: https://crtc.gc.ca/eng/archive/2012/2012-548.htm); CRTC 2018-415 (available at: https://crtc.gc.ca/eng/archive/2018/2018-415.htm), as well as Enforcement advisories, namely: (i) Notice for businesses collecting customer data with in-store WiFi (available at: https://crtc.gc.ca/eng/internet/wifi.htm) and Notice for Web Hosting Service Industry (available at: https://crtc.gc.ca/eng/internet/web.htm). Further enforcement highlights can be found at: https://crtc.gc.ca/eng/internet/pub/20190930.htm.
[3] R.S.C., 1985, c. C-34, available at: https://laws.justice.gc.ca/eng/acts/C-34/index.html?wbdisable=true. See also: https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/03390.html.
[4] See also: https://ec.europa.eu/info/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en.
[5] According to the CRTC FAQ, a CEM is one that “encourage[s] participation in a commercial activity” and requires analysis of the message, including: (i) its content, (ii) hyperlinks in the message to website content or a database, and (iii) contact information. Examples of CEMs provided by the CRTC are: (1) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land; (2) offers to provide a business, investment or gaming opportunity; and (3) promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so.
[6] Per section 1 of CASL, an “electronic address” is defined as “an electronic mail account, an instant messaging account, a telephone account, or any similar account”. According to the CRTC FAQ, “[s]ome social media accounts may constitute a “similar account.” Whether a “similar account” is an electronic address depends on the specific circumstances of the account in question. For example, a typical advertisement placed on a website or blog post would be excluded. In addition, whether communication using social media fits the definition of "electronic address," must be determined on a case-by-case basis, depending upon, for example, how the specific social media platform in question functions and is used. For example, a Facebook wall post would not be captured. However, messages sent to other users using a social media messaging system (e.g., Facebook Messenger and LinkedIn messaging), would qualify as sending messages to “electronic addresses”. Websites, blogs and micro-blogging would typically not be considered to be electronic addresses.”. It is further written in the CRTC FAQ that “[i]n general, CASL does not apply to the one-way general broadcast of a commercial message on social media. For example, this could include the general broadcasting of tweets on Twitter. However, messages sent directly to users through a social media closed two-way direct messaging system, would qualify as sending messages to "electronic addresses" and CASL would apply.” (Underlining is our own).
[7] See: https://legal.linkedin.com/CAN-SPAM-CASL, wherein it is written: “Unsolicited messages that promote or sell a product or service, whether sent to many recipients or just one, may be subject to certain legal requirements. While LinkedIn gives recipients options with respect to messages received on our platform and/or corresponding email notifications, as you are the sender of such a message, please consider prominently identifying it as such and including in it your postal address. Recipients may also appreciate the inclusion of a link to your email unsubscribe webpage, with a clear note that it enables recipients to opt out of off-LinkedIn emails, and does not control InMail settings. Please do not send promotional and sales messages to recipients who have already 'declined' a prior InMail or otherwise indicated that they don't wish to receive additional messages from you on LinkedIn. For more information regarding a U.S. law that may apply, CAN SPAM, the Federal Trade Commission provides a short and simple compliance FAQ. For more information on a Canadian law that may apply, CASL, see the following FAQ. Note: This general answer is not legal advice and we encourage customers to consult their attorney.”
[8] According to the CRTC FAQ, “The onus is on the person who claims that they have obtained consent to prove that they have such consent. Compliance and Enforcement Information Bulletin CRTC 2012-548 provides a few examples on how one can prove they have obtained express consent, such as maintaining records. Note that the examples provided are practices that the Commission considers to be compliant with the legislation. Other practices may satisfy legal requirements imposed by CASL. However, their adequacy will be evaluated on a case-by-case basis in light of the specific circumstances of a given situation.”
Comments