The Canadian Radio-television and Telecommunications Commission (CRTC) has made and registered its Electronic Commerce Protection Regulations for the Anti-Spam Act (CASL). The regulations set out the information to be included in, and the form of, commercial electronic messages (CEMs), and information to be included in a request for consent. The regulations also address how to get consent for the installation of computer programs.
The CRTC has responded to a select few of the broad-ranging concerns raised by businesses on the draft regulations during last year’s consultation phase. Businesses will find there is a bit more flexibility in the “must-have” information they set out in CEMs, and when they seek consent to send them. This implicitly recognizes that:
- businesses operating online are not all created equal: they do not all have the same contact capabilities, in terms of either human or online resources; and
- CEMs are not all created equal: an email may be easy (relatively speaking) to load up with prescribed information, but online communications come in many forms, and some are not as adaptable to detailed information and contact requirements.
The following points compare the final regulations to the draft regulations (the latter in parentheses). When sending a CEM or seeking consent, businesses may do the following.
- simply include the name by which they carry on business (rather than both that and their legal name);
- include their mailing address, and either a staffed or voicemail phone number, email address or web address (rather than the physical and mailing address, plus all of the above, plus any other electronic address);
- include the information in the above point on a website that “is readily accessible” (rather than via a single click);
- use an unsubscribe mechanism that can be “readily performed” (rather than “performed in no more than two clicks or other method of equivalent efficiency”);
- simply indicate that the person whose consent is sought can withdraw their consent (no need to indicate the means to do so).
Despite the above points of flexibility, there is no denying that the Act and regulations will impose much higher requirements for CEMs than many businesses are prepared for. This notably includes U.S. businesses operating in Canada who are familiar with, and compliant with, CAN-SPAM. As we explained in a previous post, CAN-SPAM and CASL are different in several very important ways. CASL has a broader application, clear reach outside Canada, higher standard for consent, and higher penalties.
In short, any business sending CEMs to Canadians needs to become informed about the CASL requirements and take steps to become compliant.
Further regulations are expected from Industry Canada before CASL comes into force.
Businesses and industry associations have called on the government to introduce even more flexibility to reduce the impact of CASL on their operations, while still meeting the government’s anti-spam priorities. One of the frequent “asks” has been for some lead time prior to entry into force CASL to allow businesses to prepare their databases and operations. Others have requested that the government use its regulation-making authority to exclude certain types of CEMs, and CEMs sent under certain circumstances, from the requirements of the Act.
It remains to be seen whether the government will introduce new exceptions, or more flexibility, under regulations to come either before or after CASL comes into effect – expected later this year.