The statute and related regulations (Canadian Radio-television and Telecommunications Commission and Industry Canada) are likely to come into force in the fall of this year or early next year (I think I might have heard and said the same thing around this time last year), so companies are being warned to get their compliance plans in order sooner rather than later. I tend to agree given the size of the penalties — both administrative and statutory — that can be imposed for breach, and given that the statute contemplates director and officer liability. Based on what I have gleaned so far, I have to wonder: (a) whether the government really gave the broad commercial impacts of this legislation sufficient consideration; and (b) how on earth small (and not so small) businesses are going to be able to afford to comply with legislation they probably can’t even afford to assess. As it stands, it looks like the question of whether or not the legislation is unconstitutional and how the statutory requirements should be interpreted will be left to the courts to sort out — if anyone wants to pay to step up to the plate and challenge the legislation when it comes into force.
So what about CASL? Well, it doesn’t just cover spam and spyware, and it isn’t limited to strictly in-Canada activities either. CASL covers all commercial electronic messages (CEMs), including installing software without consent. Although the statute does contemplate certain limited exceptions (such as CEMs relating to quote requests, completing/confirming a commercial transaction and providing warranties and safety information), CEMs that are captured under an exemption may not be coupled with a promotion for something other than that which the transaction specifically contemplates. Tricky. Regular mail solicitation it is! Who knew that stamping and mailing your solicitation for business would be the wave of the future. Here’s hoping we don’t privatize our postal service any time soon.
One of the big questions around interpretation is with regard to what constitutes consent. Implied consent can probably be argued in cases where there was an existing or grandfathered business relationship (watch out though — exemptions may come with a limited life span) or non-business relationship (like family and friends). But in regards to actual consent, the real issue is whether it can be in the form of an opt-out (once you have received the message) or must be an opt-in (before you receive the message) in order to comply with the statute. So if consent requires opting-in, being prohibited from sending an e-mail because it is a CEM means you won’t be able to get consent, because you don’t have consent first. Got it? It’s probably time to start getting consent, otherwise you might find yourself buying a lot of stamps.
You might also want to be careful when handing out your business cards or soliciting people who have given you their business cards once CASL is in force. Are we going to we need to include a note on our business cards that says, “please, no junk mail?"
For the record, even though my contact information has been provided below, you can’t argue that you have implied consent because I am putting you on notice now that you should not ever send me unsolicited e-mails trying to sell or sign me up to anything.
Sarah Dale-Harris is corporate counsel at Accenture Inc. and can be reached at firstname.lastname@example.org or at 416-641-3151. The opinions expressed in this article are those of the author alone and are not intended to be legal advice.
Update: April 17