On March 29, 2021, a Notice of Violation was sent to one Scott William Brewer for allegedly committing violations of Canada’s Anti-Spam Legislation (CASL). Mr. Brewer allegedly sent a minimum of 671,342 Commercial Electronic Messages (CEMs) in three campaigns over a span of two and a half years. According to the Canadian Radio-television and Telecommunications Commission (CRTC), the federal agency responsible for enforcing CASL, Mr. Brewer sent these messages without the consent of the recipients. The CRTC has issued a record administrative penalty of $75,000.00. The individual in question may now oppose this fine through the CRTC and may bring a further appeal to the Federal Court of Appeal.
According to the CRTC, since 2014, enforcement actions under CASL have resulted in $1.4m in payable penalties, with $730,000 of this amount being from administrative penalties. Furthermore, the CRTC reports that it an average of 5,421 spam complaints per week. The primary reasons for complaints, in at least 47% of cases, is due to a lack of consent provided to the sender by the recipient.
If you or your business are planning an advertising campaign and would like to review your compliance with CASL, first and foremost, call Bridge Legal & HR Solutions at 647-794-5442 or email us at email@example.com.
What is a Commercial Electronic Message?
A Commercial Electronic Message is a defined term in CASL referring to any electronic message which would reasonably be seen as a message encouraging recipients to participate in commercial activity, be that purchasing, selling, leasing, bartering, investing, or other commercial activities. It also includes a message which is sent as a request to consent to receiving CEMs.
While emails are a clear example of CEMs – and we are all used to seeing spam emails – the law applies to any electronic message, be it a text, an instant message on WhatsApp, Instagram, Facebook, LinkedIn. It also does not only apply to text: audio promotions, videos, images, and electronic representations are all covered.
Consent Is Key
Under CASL, before sending out CEMs, individuals and business are required to obtain consent and should maintain proof of that consent. CASL splits consent into two categories:
- Implied consent
- Express consent
Implied consent exists in circumstances where the sender and the recipient have an existing business relationship because the recipient has, for example, purchased a product or service from the sender within two years of the date on which the CEM is sent. If an individual inquires about a product or service, then implied consent generally exists for 6 months for the date of the inquiry. The key is that the CEM must be sent within the timeframes specified in CASL to fall under the implied consent provisions of CASL. A recipient may also withdraw implied consent at any time prior to the expiry of the implied consent. Other circumstances may also give rise to implied consent to receive CEMs, which may vary by the type of relationship the recipient and sender have and the type of organizations sending CEMs (different rules apply to not-for-profit organizations, for example).
Express consent means that an individual has specifically agreed to received CEMs from the sender, either verbally or in writing. It is a requirement that the recipient takes a proactive action to indicate their consent. So that could include ticking an opt-in box for messages, or a positive statement from an individual that they are willing to receive CEMs. Unlike implied consent, which is limited by time, express consent is not time-limited – a sender may continue to send CEMs to a recipient unless and until the recipient notified the sender to stop sending the messages.
What about published email addresses?
One question that often arises relates to emails that are published online – frequently businesses and individuals post their email addresses online, and those emails are later scraped by individuals or by bots to build marketing databases. CASL provides that implied consent exists where a person “conspicuously” publishes an electronic address, and that electronic address is not published together with a statement that the person does not wish to receive unsolicited CEMs and the CEM is “relevant to the person’s business, role, function or duties in a business or official capacity.” That may mean that you could rely on a publication of an email address to send a CEM offering, for example, a marketing course to a person employed as a company’s Director of Marketing, but you may not be able to rely on the same to promote vehicle maintenance services.
Proving Consent and Best Practices
Whether implied or express, businesses should ensure they always keep adequate records to prove they have consent from CEM recipients. This can be achieved through a written compliance policy and good, ongoing, recordkeeping. Key items to ensure you are keeping include:
- Up-to-date records of policies and procedures relating to CASL/commercial electronic message consent compliance;
- Lists of individuals who have opted out of communications;
- All evidence and logs of express consent, which may include audio recordings, online forms, written statements or other proactive statements indicating express consent;
- Staff training documents;
- Any other records.
Proving consent comes down to excellent record keeping. By ensuing that your organization maintains accurate, up to date records of consent to CEMs, potential liability in the future can be avoided or minimized.
Want to ensure that you are complying with your CASL obligations? Call Bridge Legal & HR Solutions at 647-794-5442 or email us at firstname.lastname@example.org.