Canadian anti-spam legislation: when does an email break the law?

If your business regularly sends messages in your transactions, the Canadian anti-spam legislation may apply to you. Read this article to know more about this law

Canadian anti-spam legislation: when does an email break the law?

In the daily conduct of your business operations, you may regularly send out messages through email or text. As such, it’s important that your messages comply with the requirements of the Canadian anti-spam legislation. 

What is Canadian anti-spam legislation? 

The Canadian anti-spam legislation regulates the “commercial electronic messages” that you send to your clients, partners, and most especially, to your customers. It is also called “CASL” for short. 

This law says that when you send out these electronic messages in relation to your commercial activities, consent must be obtained first from its recipient. However, there are some exceptions to this rule, as discussed further below. 

When the anti-spam legislation came into effect 

This law has been in effect since 2014. It includes its anti-spam provisions, consent and notice rules, and the provisions on the private right of action. 

All individuals and businesses must comply with this law. 

Prohibited activities by the CASL 

Under Canada’s anti-spam legislation, individuals and business cannot:  

  • Send commercial electronic messages without the receiver’s consent 

  • Alter transmission data of an electronic message, which sends the message to a different destination without the receiver’s express consent 

  • Install software on another person’s computer system without consent 

  • Install software updates or upgrades without the owner’s consent 

  • Use false or misleading representations when promoting products and services online 

  • Collect personal information without prior consent, including email or other electronic addresses 

What is a commercial electronic message? 

Canadian anti-spam legislation specifically applies when you send commercial electronic messages or CEMs, and only when you send it to an electronic address. 

Your electronic message will fall under the definition of CEMs when: 

  • You’re offering to buy, sell, barter, or lease out any of your products, goods, services, land or an interest on the land. 

  • You’re offering to provide a business, investment, or gaming opportunity to the recipient of the message. 

  • You’re advertising or promoting any products, goods, services, land (or an interest in the land), or a business, investment, or gaming opportunity. 

  • You’re promoting a person, including the public image of the person you’re promoting, who does any of the above-mentioned activities.  

Technically, this may include CEMs that are sent to the following electronic addresses: 

  • Emails 

  • Telephone accounts 

  • Messages sent through social media platforms (e.g., Facebook Messenger) 

  • Text messages 

To determine whether your electronic message falls as a CEM, the following may be considered: 

  • Content of your electronic message 

  • Hyperlinks included in the message, which will direct the receiver to your website or other database 

  • Contact information that is found in your electronic message 

How can a business comply with Canadian anti-spam legislation? 

You or your business must follow these four requirements to comply with Canada’s anti-spam legislation: 

  1. Obtain prior consent – either express or implied – before sending out a CEM or before installing computer software on your client’s computer or computer system. 

  1. Provide the necessary information, such as your name and contact information, in the CEM. 

  1. Provide an unsubscribe mechanism in your CEM to provide your clients an opportunity to say no to your future CEMs. 

  1. Refrain from enabling or facilitating any of the prohibited activities under this law. 

Here are some of the best practices that your business or organization can do to comply with the law: 

  • Ensure that you acquired express or implied consent: express consent must be verbal or in writing; implied consent must not be accompanied by any indication that the recipient does not want to receive any CEM. 

  • Keep track of consent: including all evidence of express and implied consent, and all unsubscribe requests and the actions you’ve taken on these requests. 

  • Enact internal policies: this includes the policies that your employees must follow when sending out CEMs, how to track such CEMs, and how to ensure that these policies are strictly followed. 

Watch this video to know more about the difference between express and implied consent when sending a CEM: 

EMBED: <iframe width="560" height="315" src="https://www.youtube.com/embed/YdU1TOJl8xo?si=P5QXacun3LqzKXnX" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe> 

Here’s a recent case study involving spam violations: in 2020, OneClass was fined for breaking several provisions of the Canadian anti-spam legislation. 

Who are exempt from Canadian anti-spam legislation? 

When you comply with the requirements on consent, information, and unsubscribe mechanism, your CEMs will not be covered by the provisions of the legislation. 

In addition, some types of messages are also exempt from this law. Aside from what has been provided by the law itself, some exemptions are also provided by the Electronic Commerce Protection Regulations. This Regulation was enabled by the Canadian anti-spam legislation itself. 

In sum, these exemptions include: 

  • Messages for public and legal purposes: messages sent for law enforcement, public safety, the protection and defense of Canada, and the conduct of international affairs. 

  • Replies regarding complaints: provided that the messages are sent to respond to a request, inquiry, or complaint filed by the receiver of the message. 

  • Business-to-business messages: messages sent between businesses, and their employees, which have an established business relationship with each other. 

  • Limited-access secure and Confidential account: messages sent to an account holder, if it is a one-way communication, and the message can only be seen by the account holder (e.g., closed messaging system by banks or financial institutions). 

  • Messages to foreign states listed under the Regulation’s Schedule: provided that the message complies with the law of the receiver’s foreign state. 

  • Messages from a registered charity: provided that the organization is registered under Canadian law as a charitable organization, private foundation, or public foundation. The main purpose of the message should be to raise funds for charity. 

  • Messages from a political party: provided that the message’s main purpose is to solicit monetary or non-monetary contributions. 

  • Referrals: when the message’s recipient was referred by another person who had an existing business or non-business relationship with the sender. The message should be in the name of the referring person and that the message was sent because of the referral. 

Who enforces Canada’s anti-spam legislation? 

The legislation is enforced by three government bodies: 

  • Office of the Privacy Commissioner of Canada 

  • Canadian Radio-television and Telecommunications Commission (CRTC) 

  • Competition Bureau 

Complaints for the violation of this law can be reported through an online form with ISED Canada. 

For guidance on laws like the anti-spam legislation, visit our Special Reports page to see the top lawyers across different practice areas.