The Latest News on CASL Compliance
Thursday, June 22, 2017
Despite being introduced in 2010 and going into effect July 1, 2014, there’s been a lot of concern about the Canadian Anti-Spam Legislation (CASL), especially from digital marketers worried that they might run afoul of CASL’s strict regulations. And with the recent changes to the provisions set to go into effect July 1, 2017, we wanted to offer an update and remind you of the importance of ensuring that your marketing program meets the latest standards. For those of you who need a bit of a refresher, CASL places regulations on every Commercial Electronic Message (CEM) (email, SMS, etc.) sent by a company and requires that they get permission from recipients prior to sending any CEM.
The Time Has Come
So, why worry about a law that’s already in effect? CASL provided a three-year grace period to help companies meet the new regulations. Unfortunately, that three-year grace period is nearly over, signaling the expiration of the transitional provisions for implied consents obtained before the law took effect. As shared by the Canada Marketing Association, to be compliant as of July 1, businesses must determine how to either obtain additional explicit (also know as express) consent or create a transaction that would renew the earlier implied consent. Those that fail to do so could face significant penalties. One change that we won’t see on July 1? The activation of the “private right of action” provision. Initially planned for July, the provision would allow Canadians to take legal action against any business, organization or individual alleged to have violated CASL rules, including those that send CEMs without permission. To this point, the government has been the only entity allowed to act against CASL violators – and there have already been penalties as high as $1 million handed out. Had this provision come into play as planned, violators would have been subject to class-action litigation from private individuals in addition to government action. While this provision has been indefinitely suspended and will not take effect as scheduled, Canada’s Anti-Spam Law is still in place, and it’s important that Canadian marketers make every effort to protect themselves and comply with the regulations, particularly now that the transitional provisions have expired. To do so, you must obtain the necessary permission prior to sending any CEMs. Let’s take a look at how CASL defines what this necessary permission looks like.
Learn the Rules
There are essentially two types of permission that marketers can obtain. Implied permission and explicit permission. The former constitutes having some form of business relationship. i.e. – completing a purchase, entering into a contract, a membership, asking for more information, etc. The latter is, naturally, more straightforward. It constitutes someone who explicitly and knowingly requested emails from you – someone who directly gave you permission to send them marketing emails by entering their email address into a web form clearly marked as an email newsletter sign-up or by checking a box agreeing to receive marketing messages. While attaining either forms of consent will satisfy CASL requirements, it’s explicit permission that savvy marketers will want to obtain. That’s because implied permission was left intentionally vague by CASL lawmakers. While it’s assumed to mean an “ongoing business relationship,” CASL never defines it in clear terms. Now, implied permission could mean a pre-checked sign-up box at checkout. Some even argue opening and clicking an email constitutes an ongoing business relationship but again, because it hasn’t been defined, it exposes business to potential litigation. To keep things simple and safe, and to avoid any potential legal issues, you’re better off getting explicit permission to send CEMs, rather than dealing with the deadlines, red-tape and headaches associated with implied permission.
The Burden of Proof
That brings us to another important aspect of CASL. In all of this back and forth, the burden of proof lies squarely with you. If called upon, you must have records of where and how people signed up and provided their consent. And if you’re collecting via phone calls, conferences, hotel check-in desks, etc., you’ll still need the data to back it all up. There are several other important rules you’ll want to follow as well. For example, CASL requires that you provide a working unsubscribe mechanism and an unsubscribe link for each email that works for at least 60 days from the send date. CASL also governs transactional emails. These too must have an unsubscribe or preference page link from which recipients can unsubscribe from your promotional emails. And if your transactional email contains any marketing or promotional content, then it becomes a marketing message and falls under CASL regulation.
Play it Safe
Simply put, if you’re sending CEMs to a person in Canada, sending from Canada or even if your CEMs pass through Canada, the law applies to you, and you’ll want to be sure that you’re following all the rules, which you can find here. While CASL regulates CEMs sent by a business, organization or individual, it also regulates applications on mobile devices that automatically update software and transfer data. That could potentially require a larger discussion with various stakeholders as it relates to your marketing efforts. It’s something you’ll want to be aware of and account for moving forward. While the law may pose challenges to marketers for collecting explicit permissions, by doing so, you’ll reap the benefits of having engaged subscribers and avoid any issues with CASL compliance.