As the Canadian media reports on the panic associated with the new anti-spam law set to take effect next week, consider the following from Macleans titled “Few Companies Prepared for New Privacy Law“:
The new law..says organizations can only collect personal information for a stated reason – and can use it only for that purpose. Among others things, that means a company that supplies a service can’t sell its list of subscribers to another company’s marketing department. Individuals must be informed, and give their consent, before personal information is collected, used or disclosed..But most firms are unaware of the new law.”
The article continues by noting that “there’s confusion over which organizations might be exempt” and that “there is no grandfather clause – all existing customer information needs to be compliant.” The message is similar in a Globe and Mail article titled “Many small firms not ready for privacy rules“, which also notes the possibility of a constitutional challenge. An IT World Canada reiterates that concern in its coverage:
most Canadian organizations are not aware of the [law]. And very few are prepared to comply.
Read more ›
The imminent arrival of Canada’s anti-spam legislation has sparked considerable fear that might lead the uninitiated to think that sending commercial electronic messages will grind to a halt on July 1st, when parts of the law kick in. The reality is far less troubling. For any organization that already sends commercial electronic messages, they presumably comply with PIPEDA, the private sector privacy law, that requires organizations to obtain user consent, allow users to withdraw their consent, and provide the necessary contact information to do so. Compliance with the new anti-spam law (CASL) involves much the same obligations. While there are certainly some additional technical requirements and complications (along with tough penalties for failure to comply), the basics of the law involve consent, withdrawal of consent (ie. unsubscribe), and accessible contact information.
This post is not legal advice, but it seeks to unpack the key requirements associated with the commercial electronic messages provisions in CASL by answering the ten questions organizations should ask (and answer). Note that there are additional rules associated with software that do not take effect until next year. While this is not designed to be comprehensive – some organizations will face unique issues – it provides a starting point for the key requirements, exceptions, and application of the law. The law itself can be found here. The Industry Canada regulations here and the CRTC regulations here.
The primary takeaways? If you send commercial electronic messages, you need explicit consent along with an unsubscribe mechanism and contact information. There are many common sense exceptions to this general rule, however, including personal messages, most business-to-business messaging, and most messages sent to recipients outside of Canada. Moreover, if you do not have explicit consent, the government has implemented a transition period that grants you three years to get it.
Read more ›
Long before sites such as Youtube and Twitter were even created, the Canadian government established a national task force to examine concerns associated with spam and spyware. The task force completed its work in May 2005, unanimously recommending that the government introduce anti-spam legislation (I was a member of the task force). Four years later, then-Industry Minister Tony Clement tabled an anti-spam law, which underwent extensive committee review before receiving royal assent in December 2010.
My technology law column last week (Toronto Star version, homepage version) notes that while most expected the government to quickly bring the new law into force, the regulation-making process became bogged down by an intense lobbying effort designed to sow fear, doubt, and uncertainty about the legislation. Business groups relied upon implausible scenarios to argue that Canada would be placed at an economic disadvantage, despite the fact that government officials were able to identify over 100 other countries that have similar anti-spam regimes. The lobbying was a partial success, however, as the regulations went through two drafts and three more years of delay.
Almost a decade after Canada started down the path toward anti-spam legislation, Industry Minister James Moore announced earlier this month that the regulations are now final and the law will begin to take effect next year. There will be still yet more implementation delays – the anti-spam rules start on July 1, 2014, safeguards on software installations begin on January 15, 2015, and a private right of action that facilitates lawsuits to combat spam will be delayed until July 1, 2017 – but it appears that Canada will finally get an operational anti-spam law.
Read more ›
Appeared in the Toronto Star on December 7, 2013 as What Will Canada’s Anti-Spam Law Mean for Internet Users Long before sites such as Youtube and Twitter were even created, the Canadian government established a national task force to examine concerns associated with spam and spyware. The task force completed […]
Read more ›
On December 15, 2010, the Canadian government (then described as the Harper Government) celebrated the granting of royal assent for the Fighting Internet and Wireless Spam Act, Canada’s long overdue anti-spam legislation. The last step for the bill to take effect was to finalize the associated regulations. Passing those regulations ultimately proved more difficult than passing the law itself, as an onslaught of lobby groups used the regulatory process to try to delay, dilute, and ultimately kill the anti-spam law.
Nearly three years after the legislation received royal assent, Industry Minister James Moore today announced that the regulations are now final and the law will begin to take effect next year (the spam provisions take effect on July 1, 2014; the software provisions start on January 15, 2015). The finalized regulations involve further concessions to the lobby groups opposed to the legislation as they create a new exception for third party referrals (permitting a single referral without consent) and largely exempt charities from many of the new rules. The private right of action that would facilitate lawsuits to combat spam will be delayed until July 1, 2017. These issues were all extensively discussed and debated during the legislative process and there was no need for further changes.
While those changes are a disappointment, the far bigger story is that Canada finally has an anti-spam law grounded in an “opt-in” approach that requires marketers to obtain customer consent before sending commercial electronic messages.
Read more ›