CASL - Definitions - Canadian Legal FAQs
The definition of CEM is very broad and includes any electronic message that .. on there being an existing business relationship in order to send CEMs to. Implied Permission Under CASL. Existing Relationships Examples of existing relationships include: Business relationships where the email recipient has: Bought or leased a A soft opt-in means that: You have obtained. As one of the world's most rigorous anti-spam legislation, CASL has consent” means that a person “has clearly agreed to receive a CEM, either in writing or orally. Implied Consent in Existing Business Relationships.
If you are a club, association or voluntary organization and the recipient is one of your members, you have implied consent existing non-business relationship as long as they are members and for two years after the end of their membership. Canada's Anti-Spam Legislation What has changed as a result of Canada's anti-spam legislation coming into force?
Canada's anti-spam legislation protects consumers online against spam, electronic threats and misuse of digital technology while ensuring businesses remain competitive in a global digital marketplace. What is Phase 2 of Canada's anti-spam legislation intended to address? Phase 2 of Canada's anti-spam legislation protects Canadians against the installation of unwanted software or software updates on their electronic devices.
These provisions on software installation allow Canadians to avoid unwanted and often damaging software and software updates such as malware and spyware. Why is the Canadian government tackling spam and malware? Unsolicited commercial electronic messages, known as spam, have become a significant social and economic issue and a drain on the business and personal productivity of Canadians.
- From Canada’s Anti-Spam Legislation (CASL) Guidance on Implied Consent
- B2B Business Relations and Consent Requirements under the New Canadian Anti-Spam Law
Malware and related electronic threats such as botnets and identity theft have become more sophisticated and widespread, giving rise to concerns over data breaches and impeding the growth and acceptance of legitimate e-commerce. When does CASL apply to the installation of software or computer programs? CASL applies when a person installs software on another person's device. One example is when a website automatically installs software on a computer visiting the site without the knowledge of the computer owner.
Another example may be when someone clicks on a link in an email message that causes a program to be installed on the computer.
Frequently Asked Questions - Canada's Anti-Spam Legislation
Yet another example is when an update to a previously installed computer program is "pushed" to a device, updating the program automatically. In all of these cases, CASL applies, and the person installing the program, or causing the program to be installed, must first obtain the consent of the device's owner.
CASL does not apply in situations where a person or business installs software on their own computers. For example, if you go to an app store to purchase and download an app and you install that app onto your own personal device, CASL does not apply. Similarly, CASL does not apply when the IT department of a small business installs new software on company computers or mobile phones. If CASL applies, what action must be taken by software vendors and providers?
If CASL applies, and a software provider is installing a program on another person's computer, the software provider must first obtain the consent of the owner, or authorized user. By requiring software providers to get permission to install programs and updates, CASL helps protect consumers and businesses from hackers and other cyber criminals who steal sensitive information by installing "spyware", "malware" or other computer programs. It also gives them control over their devices, so that programs aren't automatically updated without their knowledge and consent.
Are there any other ways that CASL is helping Canadians better control what is happening on their electronic devices?
CASL will enable Canadians to make more informed decisions about what they allow to be installed on their computers, tablets, etc. If a computer program performs one or more of the following functions, then the installer must make that clear when seeking consent: The Government recognizes that companies need to be able to update computer systems in certain instances, such as security patches or bug fixes.
These types of installations are permitted to ensure Canadians' computing devices continue to function properly.
For example, CASL would allow a company to push an update to the operating system of a GPS device—for example, to fix a problem that is causing the device to crash every time a user leaves a parking garage—without first asking for the consent of each user. Similarly, CASL would allow a telecommunications service provider to push a critical security update to computers on a network to protect users from cyberattack.
Malware is short for "malicious software" and describes software that is used, predominantly by hackers or cybercriminals, to disrupt the operation of computers, gain access to private computers or computer networks, and gather sensitive information. Does CASL mean an end to all spam and malware?
The law will not eliminate all spam, but it does help deter the most damaging and deceptive actions linked to spam and malware, such as identity theft, phishing and the spread of spyware. Additionally, it allows Canadian enforcement agencies to take action against spammers and cyber criminals operating in Canada, and to work with international partners to fight spammers operating abroad.
How is spam and malware reported? With this in mind, as a best practice, the purchaser should verify with the seller the parameters of the express consents it is acquiring e. What is an existing business relationship EBR?
If you answer YES to any of the following questions, you may have an existing business relationship in which case you will be able to send CEMs for the period specified either 2 years or six months following the last transaction date: Has the recipient made a purchase or lease of goods, services, land or interest in land within the two-year period immediately before the day on which the message was sent?
Has the recipient accepted a business, investment or gaming opportunity offered by you within two years immediately before the day on which the message was sent? Has the recipient made an inquiry or application on any of the items above within the six month period immediately before the message was sent?
Has the recipient entered into a written contract which is still in existence or expired within two years immediately before the day on which the message was sent? For more information, please see sections 10 910 10 and 10 14 of CASL for more details. Here are examples of how an existing business relationship can or cannot be used as implied consent. A business may send CEMs to a customer who has previously registered for a professional training course if the customer provided their email address to the business when registering for the course and if the customer has not made a request to unsubscribe from receiving CEMs sent by the business since then.
If the employee purchases the training for themselves, and does not purchase it in the name of the business their employerthen the existing business relationship would likely be seen to be with the employee directly.
On the other hand, if a representative of the employer, with authority to bind the business, purchases training for one or more employees of the business, then the existing business relationship would most likely be seen to be between the training company the sender of the CEMs and the business the employer. If this is clearly the case, you may also be able to rely on the business to business exemption set out in the GIC Regulations at section 3 a iiif you can demonstrate that the organizations have a relationship.
Of course, any CEMs sent to the business the employer under the business-to-business exemption must concern the activities of the organization to which the message is sent. What is an existing non-business relationship? Are you a registered charity Footnote 2a political party or organization, or a candidate Footnote 3 for publicly elected office, and has the recipient made a donation or gift to you within the two-year period immediately before the day on which the message was sent?
Are you a registered charity, a political party or organization, or a candidate for publicly elected office, and has the recipient performed volunteer work for you or attended a meeting organized by yourself within the two-year period immediately before the day on which the message was sent? Are you a club, association or voluntary organization and is the recipient a member?What Does Canada's Anti-Spam Legislation (CASL) Mean For Your Company?
Does an existing business or non-business relationship have to be created before July 1st, or can it be created at anytime between July 1st, and July 1st, for the transitional period to apply?
The relationship, whether business or non-business, must have been created prior to 1 July in order to rely on the 3 year transitional provision set out at section 66 of CASL.
Section 66 deems implied consent for a period of 36 months, starting 1 Julyif there is an existing business or non-business relationship with the recipient. In order to rely on the transitional provision, the parties' relationship must also have included communication via the sending of CEMs. Any business or non-business relationship created after 1 July is subject to the time periods specified in the implied consent provisions sections 10 10 and 10 13 of CASLand the three-year transitional period cannot be relied upon.
It depends on the situation. You can only rely on this conspicuous publication—or in other words, when someone posts or publishes their email address—when: There is no statement in connection with the address that the person does not want to receive CEMs at that address; and The content of your CEM is relevant to the recipient's business, role, functions, or duties in a business or official capacity.
See section 10 9 of CASL for more details. Not sure whether your content is related to a recipient's business, role, functions or duties in a business or official capacity? Here's an example for clarification. A company conspicuously publishes on its website the email addresses of its employees, including the chief operating officer COO and the marketing officer.
CASL – Definitions
There are no accompanying statements that the employees do not want to receive CEMs at those email addresses. This CEM promotes a course on how to be an administrative assistant. This CEM is not relevant to the recipient's business, role, functions or duties in a business or official capacity.
Accordingly, the training company cannot rely on conspicuous publication as a form of implied consent for the sending of this CEM.
A training company sends a CEM to the marketing officer. This CEM promotes a course on how to develop social media platforms for e-marketing. In this case, the CEM is relevant to the recipient's business, role, functions or duties in a business or official capacity.
Therefore, the training company could rely on conspicuous publication as a form of implied consent for the sending of this CEM. Therefore, if relying on conspicuous publication, the sender has the responsibility of demonstrating, if needed, how its situation meets the criteria for implied consent.
How can I prove I have consent? You must be able to prove that you have consent of the recipient before sending CEMs. If you're relying on implied consent, you need to prove that your situation meets the criteria for implied consent under CASL.