Is Your Business Following Canada’s Spam Regulations?

Email Icon with notification of emails

What you don’t know about Canadian spam regulations could be costly to your business. While many know what a spam email is, spam in Canada applies to much more than email. Keep reading to learn what constitutes as spam in Canada and how your business can avoid costly fines from complaints about spam.

Many businesses use electronic means of contacting and marketing to their audience. What many business owners are unaware of are the strict rules that apply. This has lead to over $1.4 Million being paid in penalties since 2014.

Learn what a ‘commercial electronic message’ is and 4 important facts to know about them to protect your business from spam complaints and penalties.


What is a Commercial Electronic Message?

A Commercial Electronic Message is a defined term in Canada’s Anti-Spam Legislation (CASL) referring to any electronic message which would reasonably be seen as a message encouraging recipients to participate in commercial activity including:

  • Purchasing
  • Selling
  • Leasing
  • Bartering
  • Investing
  • Or other commercial activities

It also includes a message which is sent as a request to consent to receiving CEMs. 

While emails are a clear example of CEMs – and we are all used to seeing spam emails – the law applies to any electronic message. That means texts, an instant message on WhatsApp, Instagram, Facebook, and LinkedIn.

It also does not only apply to text: audio promotions, videos, images, and electronic representations are all covered.

So how do you know if what you are sending is not spam?


Consent Is Key

Under CASL, before sending out CEMs, individuals and business are required to obtain consent and should maintain proof of that consent. CASL splits consent into two categories:

1) Implied Consent

Implied consent exists in circumstances where the sender and the recipient have an existing business relationship because the recipient has, for example, purchased a product or service from the sender within two years of the date on which the CEM is sent. 

If an individual inquires about a product or service, then implied consent generally exists for 6 months for the date of the inquiry. 

The key is that the CEM must be sent within the timeframes specified in CASL to fall under the implied consent provisions of CASL. 

A recipient may also withdraw implied consent at any time prior to the expiry of the implied consent. Other circumstances may also give rise to implied consent to receive CEMs, which may vary by the type of relationship the recipient and sender have and the type of organizations sending CEMs (different rules apply to not-for-profit organizations, for example).


2) Express Consent

Express consent means that an individual has specifically agreed to received CEMs from the sender, either verbally or in writing.

It is a requirement that the recipient takes a proactive action to indicate their consent. This could include ticking an opt-in box for messages, or a positive statement from an individual that they are willing to receive CEMs.

Unlike implied consent, which is limited by time, express consent is not time-limited – a sender may continue to send CEMs to a recipient unless and until the recipient notified the sender to stop sending the messages.


What about published email addresses?

One question that often arises relates to emails that are published online – frequently businesses and individuals post their email addresses online, and those emails are later scraped by individuals or bots to build marketing databases.

CASL provides that implied consent exists where a person “conspicuously” publishes an electronic address, and that electronic address is not published together with a statement that the person does not wish to receive unsolicited CEMs and the CEM is “relevant to the person’s business, role, function or duties in a business or official capacity.”

That may mean that you could rely on a publication of an email address to send a CEM offering, for example, a marketing course to a person employed as a company’s Director of Marketing, but you may not be able to rely on the same to promote vehicle maintenance services.


Proving Consent and Best Practices

Whether implied or express, businesses should ensure they always keep adequate records to prove they have consent from CEM recipients. This can be achieved through a written compliance policy and good, ongoing, recordkeeping. Key items to keep include:

  • Up-to-date records of policies and procedures relating to CASL/commercial electronic message consent compliance;
  • Lists of individuals who have opted out of communications;
  • All evidence and logs of express consent, which may include audio recordings, online forms, written statements or other proactive statements indicating express consent;
  • Staff training documents;
  • Any other records.

Proving consent comes down to excellent record keeping. By ensuing that your organization maintains accurate, up to date records of consent to CEMs, potential liability in the future can be avoided or minimized.

Want to ensure that you are complying with your CASL obligations? Call Bridge Legal & HR Solutions at 647-794-5442 or email us at

Latest Posts

All for one one for all

Employee Fiduciary Duties and Obligations

Higher level employees may be considered fiduciaries of an organization. This means they have a greater level of responsibility and obligation regarding confidentiality, non-solicitation and non-competition among other obligations. We break down a recent case regarding those duties.

Read More »