888-998-2375 | 204-809-9960

A Guide to the Canadian Anti-Spam Legislation (CASL)

In late 2013, the new Canadian Anti-Spam Legislation (CASL) was passed, which went into effect July 1, 2014.

CASL is more demanding than the U.S. anti-spam law, “CAN-SPAM” — it’s actually more comparable to laws in EU member states like Ireland and Germany. This post will provide you with coverage of some of the highlights of the new legislation. However, I would like to stress that I am not a lawyer. In fact, I’d like to stress it so much that I’ll repeat it and put it in bold. I am not a lawyer. This is not legal guidance, and you should consult your own counsel for legal advice on how to interpret CASL. You can also read more about CASL on fightspam.ga.ca.

What Activities CASL Covers

CASL covers the sending of “commercial electronic messages” that may be accessed by a computer in Canada (which usually just means cases where the recipient is in Canada). CASL covers more than just email — it also covers texts, IMs, and automated cell phone messages sent to computers/phones in Canada.

To Whom You Can Send Emails

CASL requires you to get explicit consent before sending someone a message. However, there are a couple very limited exceptions to the “explicit consent” rule. There are three situations where “implied consent” — meaning you don’t have a reason to believe you shouldn’t send the email — should be okay:

1) You have an active business relationship with the recipient.

An active business relationship exists if you have sold something to the recipient within the past 2 years, or the recipient has made an inquiry about your products at any point within the 6 months before you sent the email in question.

2) Someone whose “business activities” are relevant to the message you’re sending has given you their contact info without indicating they don’t want to receive your messages.

It’s important to note that CASL provides some other exceptions that we don’t go into here because they’re less relevant to an average business situation.

There is a 36 month transition period ending June 30, 2017, during which time consent may be implied if the recipient has not explicitly withdrawn consent AND the recipient has either:

  • Purchased something from you in the past, or
  • Has made an inquiry of you at some point in the past

Note: This is the same idea as a business relationship explained above except that the time limits have been removed.

What “Explicit Consent” Means

All requests for consent must touch on the following three points:

  • Purpose(s): You must specify exactly why you want the consent (e.g., “We’d like to send you newsletters and occasional special offers”).
  • Information: You must give your identifying/contact information as well as the contact info of anyone else you’re getting the consent on behalf of. This includes name, mailing address, and a phone number or email for contact.
  • That they can “un-consent”: You must tell them that if they want to withdraw their consent, they can.

You can get this in writing or orally, but you should keep a record of when/how you got consent.

It’s important to note that the recipient has to manually “opt in,” so pre-checked checkboxes are not okay for getting consent. One that the users check themselves is okay, as is a box that the users type their email addresses into with a submission button next to it that users hit, but those must also be accompanied with something explaining why you want their consent (thepurpose), who you are (information), and that they can un-consent. Additionally, you can’t just put “… and I consent to receive emails” into your website’s legal copy.

What You Have to Include in Your Emails

All messages you send must include the following three points:

  • Identity: You must identify yourself as the sender of the message, and give the identity of anyone you’re sending it on behalf of.
  • Contact Info: You must provide contact information that lets the recipient easily contact you.
  • Unsubscribe Mechanism: You must give the recipient a free and easy way to unsubscribe via a link to a website. That link has to be valid for at least 60 days, and you have to make sure the unsubscribe request is honored within 10 days.

What’s the Bottom Line Here?

Ultimately, as the email-sender, you have to understand your obligations and determine how to be in compliance. You should review the CASL with your own counsel. If you use HubSpot as your ESP, you have the tools you need to run a CASL-compliant email marketing program, though it is still solely your responsibility to ensure compliance with CASL.

You can learn more about CASL on their website — fightspam.ga.ca.

And Now, Some Legalese …

This blog post has provided information about the law designed to help our readers better understand the legal issues surrounding internet marketing. But legal information is not the same as legal advice — the application of law to an individual’s specific circumstances. Although we have conducted research to better ensure that our information is accurate and useful, we insist that you consult a lawyer if you want professional assurance that our information, and your interpretation of it, is accurate. To clarify further, you may not rely upon this information as legal advice, nor as a recommendation or endorsement of any particular legal understanding, and you should instead regard this article as intended for entertainment purposes only.