In a series of three webinars, Ryan Moss, Director of ISP and Client Relationships at TC Media, prepares marketers for Canada’s Anti-Spam Legislation (CASL). In the first webinar, he takes you through a high-level synopsis of CASL and its regulations, as well as a detailed view of consent: what it is, how you gain it from your audience, how you track it, etc.
Listen to the webinar here: https://transcontinental-printing.webex.com/ec0701l/eventcenter/recording/recordAction.do?theAction=poprecord&AT=pb&internalRecordTicket=000000013fa55383f7bf4cc1671ebd197c07212b9cfeee820422aef5b2fa6d4352c8c092&isurlact=true&renewticket=0&recordID=68466697&apiname=lsr.php&needFilter=false&format=short&&SP=EC&rID=68466697&RCID=cf680e9c0cb54df5bd48bbed5dc2cd3a&siteurl=transcontinental-printing&actappname=ec0701l&actname=%2Feventcenter%2Fframe%2Fg.do&rnd=1271217793&entactname=%2FnbrRecordingURL.do&entappname=url0201l
2. 2014
Disclaimer
2014
The information included in this presentation may not reflect the
views of Industry Canada, or the Canadian Radio-television and
Telecommunications Commission. This information was created
to provide a practical application to CASL. None of the
information provided should be used as legal advice. For all legal
matters, marketers are encouraged to speak with their own legal
counsel .
3. 2014
Purpose
2014
“An Act to Promote the efficiency and adaptability of the Canadian
economy by regulating certain activities that discourage reliance on
electronic means of carrying out commercial activities, and to amend the
Canadian Radio-television and Telecommunications Commission Act, the
Competition Act, the Personal Information Protection and Electronic
Documents Act and the Telecommunications Act”
-fightspam.gc.ca
7. 2014 7
Background
MAY 2004
IC establishes task
force on spam
APRIL 2009
Bill 27, introduced
in Parliament
MAY 2010
Re-introduced as
Fighting Internet &
Wireless Spam Act
(FISA)
DECEMBER 2010
Receives Royal
Assent
MARCH 2012
CRTC presents
final regulations
DECEMBER 2013
IC presents final
regulations
JULY 2014
CASL Enforcement
begins. Law is enforceable
and compliance is required
JULY 2017
PRA delayed
until then
8. 2014 8
CASL Review
LEGISLATION
Against unsolicited
electronic
communication
DETAILED RULES
For commercial
electronic messages
sent from or
accessed in Canada
CONSENT
Sender must attain
some form of consent
before sending CEM
FINES
Up to $10 million
for corporations
and $1 million
for individuals
ENFORCEMENT
No minimum #
to be caught
9. 2014 9
What Does
CASL Cover?
• Commercial electronic messages
• Installation of computer programs
• Altering transmission data
2014 9
Note: exemptions apply
10. 2014 10
CASL Exclusions
• Personal and family relationship
• B2B
• Inquiry message
• Response to enquiry
• Legal message
• Closed platforms
• Foreign messages
• Charity and political parties
2014 102014 10
12. 2014 12
Consent: Express vs Implied
Express
Implied
Oral
Written
Non business relationship
Published info
Business relationship
Disclosure
2014 12
13. 2014 13
Express Consent Overview
• Express Consent:
• Does not expire – Best practices still recommended
• Recipient stated they would like to receive CEMs from sender.
• Must make positive action to grant consent
• Inaction will not grant express consent (pre-checked box)
2014 13
14. 2014 14
Express Consent Overview
Express Consent Breakdown:
• Oral
• Call centre
• Point of sale
• Written
• Web from / Preference centre
• Subscription form
• Point of sale
• Ballet boxes
2014 14
15. 2014 15
Consent Overview
• Implied Consent:
• Consent expires in 24 months*
• Expiry resets after every transaction
• Mostly obtained by interaction or relationship
• Renewed implied consent trumps opt out – Beware of best practices
2014 15
*Some forms of consent will have different expiry windows
16. 2014 16
Consent Overview
Implied Consent:
• Non-Business Relationship
• Membership – (Not for profit)
• Volunteer Work Performed
• Published Information
• Blog
• Trade Journal
• Business Relationship
• Purchase
• Written contract
• Disclosure
• Business card at a tradeshow
2014 16
*Some forms of consent will have different expiry windows
18. 2014 18
Consent Exemptions
(Unsubscribe and ID Requirements still apply)
• Requested quotes
• Commercial transactions with recipient’s prior agreement
• Warranty or safety information
• Subscription or membership information
• Employment or benefit plan information
• Delivery of goods or services
• Referrals (only 1 CEM allowed)
2014 18
25. 2014 25
Guidance from CRTC: Information Bulletins
Forms of
gaining oral
consent
Bundling of
request for
consent
Confirmation
of consent
Pre-
checked
boxes
2014 25
26. 2014 26
Summary
• Express vs Implied Consent
• Special Consent
• Grandfathering of Consent
• Expiry of Consent
• Exclusions of Consent / CASL
“An Act to Promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (CASL)”
-fightspam.gc.ca
“An Act to Promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act ”
-fightspam.gc.ca
Originally introduced into parliament in 2009.
-December 2013, final regulations have been publiched by CRTC
-July 2014 – Law is implmented
Installation of computer programs delayed until July 2015
Private Right of Action delayed until July 2017
Applies to Commercial Electronic Messages (CEM) and installation of computer programs
At least one of the purposes of the message must be to encourage participation in commercial activity
Requires customers to “opt-in” rather than “opt out”
Consent obligations are more narrowly drafted
CRTC is primarily responsible for enforcement
Combination of public and private enforcement
Extended liability
Follow the money
Vicarious liability
Undertakings, due diligence
Defining Sent:
Message is sent once transmission has been initiated
Does not matter whether
– Message reaches destination
– Electronic address exists
Commercial Electronic Messages
Computer systems located in Canada used to send, route, or access electronic messages (Email, Instant Messaging, and SMS)
Installation of computer Programs
CASL does not apply to
Non commercial activity
Voice, fax, auto recorded calls
Broadcast messages including tweets and posts.
exempt from CASL
1. Personal and family relationship
Messages sent to individuals with who sender has personal or family relationship
2. Foreign messages –Messages accessed in a foreign state that is listed in the regulations and message conforms to the anti-spam law of the foreign state.
3. Charity and Political parties
primary purpose is “raising funds for a charity” or “soliciting a contribution.
4. Response to inquiry message exclusion
Messages that are sent in response to a request, inquiry, complaint etc
5. Legal message exclusion
Messages sent to:
satisfy a legal or judicial obligation
6. closed platforms
Messages sent and received on an electronic messaging service if the information and unsubscribe mechanism are conspicuously published and readily available on the user interface like BBM, Whats App, many social sites.
2. B2B exclusion
Messages that are sent by an employee of an organization:
(i) to another employee of the organization and that concerns the activities of the organization, or
(ii) to an employee of another organization if the organizations have a relationship and the message is relevant to the activities of the organization
3. Inquiry message exclusion
Inquiry or application type messages sent by individual to person engaged in commercial activity, provided it is related to person’s commercial activity
Express:
Required information:
Purpose
Name of collector, and name of person on whose behalf consent is collected
Contact Information
Withdrawal statement
User must take action to opt in – check box, email form
ORAL Proof of record: CRTC Clarifies
Third party: complete and unedited audio recording of the consent is retained by the person seeking consent
Implied Consent:
Expiry: 2 years after last transaction **open click not transaction
Existing business relationship (membership of a club)
Purchase or lease of a product, goods or service
Existing non-business relationship
Donation or Volunteer work, membership of a club etc
Conspicuous publication – provided message is relevant to persons business(Unless publication is accompanied by a statement that the person does not wish to receive CEM)
Business relationship – provided it is relevant to the persons business or official capacity.
Disclosure – Provides business card at a trade show
, the end-user must make a positive action to indicate that he or she provides consent.
, the end-user must make a positive action to indicate that he or she provides consent.
, the end-user must make a positive action to indicate that he or she provides consent.
, the end-user must make a positive action to indicate that he or she provides consent.
-Forward to Friend messages
Marketers can send one CEM to “Friend”
Unsub and Id still apply
Referrer must have relationship with referee and with business sending
Must include full name of ‘referrer’ and statement that CEM sent as result of referral
Sender must ensure ‘referrer’ has relationship with both sender and ‘friend’ to whom message is sent
Avoid incentivizing referrals
Alternative may be to ask user to forward email using their own email client UI
Exclusions (s6(6))
Providing a quote or estimate for the supply of a product, goods or a service if requested
Transactional messages
Provides warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased
Provides notification of factual information about:
the ongoing use or ongoing purchase by the person to whom the message is sent of a product, goods or a service offered under a subscription, membership, account, loan or similar relationship by the sender
the ongoing subscription, membership, account, loan or similar relationship of the person to whom the message is sent
Grandfathering of existing consent
Express:
PIPEDA compliant express before CASL considered CASL compliant even if your request did not contain the requisite identification and contact information
Implied:
Existing implied consent will be valid till 1 July 2017
Burden of proof :
1. Burden of proof to prove proper consent (both implied and express) resides with sender
2. Ability to prove some consent for every address on file
Express : Date, time, Source, location, IP, Host, verbiage etc
Implied : Date of purchase, billing information, channel, source, IP etc
Identify situations where you cannot prove express or implied, and create action plan
Opt in: Identify of consent collector, Identity of advertiser, physical address, (either phone number, webpage, or email) – ability to prove.
Audit all opt in channels for prescribed information.
CASL
Identify opt in sources: Website, rental, POS, call center, acquired data, contest, offline, !email append, !purchase
Mail streams:
Email
SMS
Triggered messages
Other
Re permission mostly for implied or situations where no consent can be proven (this must be complete before July 2014) Wait until end of two (three initial) year term.
Grandfathering of existing consent
Express:
PIPEDA compliant express before CASL considered CASL compliant even if your request did not contain the requisite identification and contact information
Implied:
Existing implied consent will be valid until 1 July 2017
Burden of proof:
1. Burden of proof to prove proper consent (both implied and express) resides with sender
2. Ability to prove some consent for every address on file
Express : Date, time, Source, location, IP, Host, verbiage etc
Implied : Date of purchase, billing information, channel, source, IP etc
Identify situations where you cannot prove express or implied, and create action plan
Record keeping – burden of proof is the responsibility of the sender and the data collector. Be sure
» Opt-in IP address
» Subscription date
» Subscriber name
» Subscription time
» Subscription geo-location
» Opt-in verbiage used (i.e., the call-to-action from the marketing campaign)
» List source
» Purchase information
» Identity of consent collector
» Why consent is being pursued (i.e., campaign and/marketing initiative details)
Bundling of request for consent:
Requests for consent must not be bundled with requests for consent to the general terms and conditions of use or sale of product. The requests for consent must be clearly identified to the user. For example, user must be able to grant consent to the terms and conditions of use or sale while refusing to grant consent for receiving CEMs.
Oral or written consent:
Consent may be obtained orally or in writing, or a combination of both.
The CRTC clarifies that following forms are sufficient to gain oral consent:
Where oral consent can be verified by an independent third party, or
Where a complete and unedited audio recording of the consent is retained by the person seeking consent or a client of the person seeking consent.
The CRTC clarifies that written consent includes both paper and electronic forms of writing.
ESP ID in CEM
The Commission considers that section 2 of the Regulations does not require that persons situated between the person sending the message and the person on whose behalf the message is sent need necessarily be identified. For example, persons so situated may facilitate the distribution of a CEM but have no role in its content or choice of the recipients. In that event, the Commission considers that they do not need to be identified.
Pre-checked boxes
The CRTC mandates that collecting express consent using pre-checked boxes is not acceptable because pre-checked boxes put the onus on the person whose consent is being sought to take action in order to indicate that he or she does not consent.
Mechanisms such as an unchecked opt-out box, or a pre-checked opt-in box, cannot be used to obtain express consent. Express consent must be obtained through an opt-in mechanism; that is, the end-user must make a positive action to indicate that he or she provides consent. Therefore, a default toggling state that assumes consent on the part of the end-user cannot be used as a means of obtaining express consent under CASL. Further, silence or inaction on the part of the end-user cannot be construed as providing express consent.
Confirmation of consent
The CRTC notes that following receipt of express consent, confirmation of this receipt should be sent to the person whose consent was being sought.