The Canadian Radio-television and Telecommunications Commission (CRTC) has finalised its regulations under Canada's Anti-Spam Legislation (CASL), resulting in a set of rules that are more balanced, reasonable, and in line with the objectives of the legislation. The new requirements are also more consistent with the requirements under the U.S. CAN-SPAM Act of 2003, with which many senders are already familiar.
CASL creates rules for sending commercial electronic messages (CEMs) and installing computer programs. It also establishes a general prohibition against the alteration of transmission data and is expected to come into force later in 2012. Industry Canada is also responsible for developing regulations, and should be posting another version of its regulations within the next month or so.
The CRTC originally posted draft regulations for comment in June of 2011, which generated a significant number of responses, many of which pointed to the potential challenges for anyone sending email or other electronic messages for business purposes. With these final regulations the CRTC [PDF] has addressed a number of issues raised by stakeholders:
Consent in writing – A request for consent is no longer required to be in writing; rather, consent can be requested orally. This does not give free reign for senders to assert that they have consent without evidence, however, as anyone claiming to have consent bears the burden of proving it under the legislation.
Information to be included in a request for consent/CEM – The CRTC has dialed back the quantity of information to be included when requesting consent and in a CEM. A sender is now required to provide:
the name of the person seeking consent or sending the CEM (or the person on whose behalf consent is sought or sent, if different); (The regulations specify that a person must be identified by the name by which the person carries on business, if different from the actual name of the person).
if the message is sent on behalf of another person, a statement indicating who is or will be sending and on whose behalf the message is or will be sent;
the mailing address and either a telephone number, an email address or web address of the person sending (or on whose behalf) the message is or will be sent;
when seeking consent, a sender must indicate that the individual can withdrawal consent at any time.
The draft regulations would have required a person sending a CEM to provide every electronic address that person uses, as well as a physical, mailing and web address. Furthermore, they would have required a CEM to provide all of that information for the person sending as well as every person on whose behalf the message is sent, which would have been particularly onerous where a CEM includes content for several advertisers, such as in a newsletter (now every person must be identified by name, but other identifying information is only required for one person). Finally, the CRTC has removed the requirement for senders to indicate that a recipient could withdraw consent from any of the many forms of contact information provided to the recipient in a request for consent or CEM. Overall the changes to these provisions are very positive.
Unsubscribe mechanism – the CRTC regulations now simply state that the unsubscribe mechanism in a CEM "must be able to be readily performed". The draft regulations were more prescriptive, stating that the mechanism "must be able to be performed in no more than two clicks or another method of equivalent efficiency".
Now that the CRTC regulations have been finalized, businesses have much more information about how to design marketing campaigns that are CASL-compliant. In particular, these rules provide more of the necessary details to ensure that consent obtained now will be valid once CASL comes into force. The Industry Canada regulations may also be relevant in some circumstances; for example, where one person is seeking consent on behalf of an unknown third party.
– Shaun Brown