Spam by any other name is still spam

I attended a great seminar this week and one of the topics of discussion was Canada’s anti-spam legislation — otherwise known as CASL because it is apparently a statute without a name. This is interesting to me since the statute is controversial, could be unconstitutional, and quite possibly the most comprehensive (read: onerous) legislation of its kind in the world. It deserves an equally cumbersome title, don’t you think? Perhaps it should be called the “we really wanted to try and put an end to bulk junk mail and don’t know how” statute. It’s so easy to be an armchair critic, isn’t it?
The statute and related regulations (Canadian Radio-television and Telecommunications Commission and Industry Canada) are likely to come into force in the fall of this year or early next year (I think I might have heard and said the same thing around this time last year), so companies are being warned to get their compliance plans in order sooner rather than later. I tend to agree given the size of the penalties — both administrative and statutory — that can be imposed for breach, and given that the statute contemplates director and officer liability. Based on what I have gleaned so far, I have to wonder: (a) whether the government really gave the broad commercial impacts of this legislation sufficient consideration; and (b) how on earth small (and not so small) businesses are going to be able to afford to comply with legislation they probably can’t even afford to assess. As it stands, it looks like the question of whether or not the legislation is unconstitutional and how the statutory requirements should be interpreted will be left to the courts to sort out — if anyone wants to pay to step up to the plate and challenge the legislation when it comes into force.

So what about CASL? Well, it doesn’t just cover spam and spyware, and it isn’t limited to strictly in-Canada activities either. CASL covers all commercial electronic messages (CEMs), including installing software without consent. Although the statute does contemplate certain limited exceptions (such as CEMs relating to quote requests, completing/confirming a commercial transaction and providing warranties and safety information), CEMs that are captured under an exemption may not be coupled with a promotion for something other than that which the transaction specifically contemplates. Tricky. Regular mail solicitation it is! Who knew that stamping and mailing your solicitation for business would be the wave of the future. Here’s hoping we don’t privatize our postal service any time soon.  

Some very interesting questions were raised during the discussion that I think are worth sharing as food for thought: ‘are banner ads and pop-ups captured by the legislation?’ If the message must be in the form of an e-mail, text message, or instant message to be captured by the statute, these ads could be exempt. But what about targeted behavioural marketing/advertising? Cookies, JavaScript, and operating systems, however, might be an issue depending on the particular facts. And whilst ‘tweeting’ might not trigger the legislation, if a message on a social networking site like Facebook has a commercial spin, it could. Users of Facebook for commercial purposes beware apparently. I have to wonder how things will pan out for professional networking sites like LinkedIn. Will soliciting direct contacts be exempt but indirect/secondary contacts be captured? If you list “business networking” or “employment opportunities” in your preferences will that constitute implied consent? Will it depend on whether the purpose of the solicitation is specific to the indicated preferences? Incidentally, the penalties can be in the millions of dollars, so the lawmakers really aren’t kidding around.

One of the big questions around interpretation is with regard to what constitutes consent. Implied consent can probably be argued in cases where there was an existing or grandfathered business relationship (watch out though — exemptions may come with a limited life span) or non-business relationship (like family and friends). But in regards to actual consent, the real issue is whether it can be in the form of an opt-out (once you have received the message) or must be an opt-in (before you receive the message) in order to comply with the statute. So if consent requires opting-in, being prohibited from sending an e-mail because it is a CEM means you won’t be able to get consent, because you don’t have consent first. Got it? It’s probably time to start getting consent, otherwise you might find yourself buying a lot of stamps.

You might also want to be careful when handing out your business cards or soliciting people who have given you their business cards once CASL is in force. Are we going to we need to include a note on our business cards that says, “please, no junk mail?"

For the record, even though my contact information has been provided below, you can’t argue that you have implied consent because I am putting you on notice now that you should not ever send me unsolicited e-mails trying to sell or sign me up to anything.  

Sarah Dale-Harris is corporate counsel at Accenture Inc. and can be reached at [email protected] or at 416-641-3151. The opinions expressed in this article are those of the author alone and are not intended to be legal advice.

Update: April 17