Canada’s Anti-Spam Law Raises Questions for U.S. Companies
Article by: Jonathan Wachs Esq. This article first appeared in The Legal Intelligencer on October 7, 2014
Email communications are a pervasive component of our daily existence. Industry analysts predict that by 2015 we will send and receive on average 125 emails per day. The ease, speed and cost savings that modern technology provides to deliver targeted emails to a receptive audience are equally available to deliver unsolicited messages to thousands of strangers. We have come to expect a large daily supply of advertising-related emails from many sources—companies with which we have conducted business, charitable organizations we support, industry associations for which we might be a member and groups or companies with which we have no prior connection. Many of these emails are messages we view as unwanted spam.
Spam is commonly understood to mean unsolicited advertising-related email messages sent to a wide audience. Most of us give little thought to the subject and view spam merely as one of life’s unavoidable minor annoyances. When spam evades our computer’s Internet filters, we delete these messages from our inboxes, move them to a separate folder or click a button to report it to our webmail service. Organizations should be cautious when creating an email marketing campaign directed to people with whom they have no prior connection—messages perceived to be junk mail might be viewed as either ineffective or negative marketing.
Several years ago, the U.S. government created a set of legal restrictions to limit and restrict the use of spam. This law, titled the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), is enforced by the Federal Trade Commission. After CAN-SPAM was enacted, the FTC released on its website a practical guide to assist businesses in their efforts to comply with it.
CAN-SPAM permits senders to deliver unsolicited email messages to a wide variety of people, so long as the recipients have the ability to opt out of receiving future similar communications from the sender and certain other requirements are met. Many commentators view CAN-SPAM as being overly permissive and CAN-SPAM is sometimes referred to as the “You Can Spam Act” because it still permits many forms of unwanted commercial emails to be sent.
Canada’s Radio and Television Commission (CRTC) recently adopted a substantially more aggressive response to dealing with spam. The new Canadian Anti-Spam Legislation (CASL), which came into effect in July, established a regulatory framework for telecommunications that stretches far beyond Canada’s borders. This legislation is unprecedented in its reach and its punitive measures. Foreign businesses, including those in the United States, could face up to $10 million in fines for noncompliance, and individuals who break the law may be fined as much as $1 million.
CASL applies to what the CRTC calls commercial electronic messages (CEMs), a category that comprises most forms of digital communication, including emails, text messages, certain types of social media messages and updates to downloaded software. The legislation requires all senders of CEMs to obtain consent from their intended recipients (and be able to prove that they obtained such consent). Consent can be implied either in cases in which both parties have a prior relationship or if the recipient has provided contact information (either through direct communication with the sender or via public directory) and the correspondence pertains to the recipient’s business interests or official capacity. Otherwise, senders must secure express consent from every new recipient, as well as, over a three-month transitional period, existing mailing list members. Implied consent expires after a period of between six and 24 months; express consent never expires. In stark contrast with CAN-SPAM, CASL necessitates that opt-in—rather than opt-out—mechanisms be present in each commercial interaction. In addition, senders must include within each CEM their names or the names of those on whose behalf the message is sent, as well as contact information.
In theory, companies engaged in an email marketing campaign must comply with the anti-spam laws of both the country in which the messages are sent and the laws of any other country in which the message is received. This is an incredibly daunting task. First of all, anti-spam laws from countries around the world (and the judicial interpretation thereof) may change or be reinterpreted on a regular basis. A business is not likely to allocate the resources needed to develop and revise email marketing policies and procedures to comply with the changing requirements of CAN-SPAM, CASL and other potentially relevant laws. It is also difficult for companies to segregate each email marketing communication into separate lists based on the presumed country of origin of the recipients. While a company might tag firstname.lastname@example.org as a Canadian resident, it will not be able to easily identify the country of origin for an email address such as email@example.com. Similarly, a person completing an online form may choose to be identified as a Canadian resident (regardless of his or her actual residence) to get the benefits of CASL’s anti-spam protections. A company could attempt to adhere to CASL for all of its email communications to recipients located everywhere, but this approach seems overly restrictive for business communications to people outside Canada. For these reasons, a clear and easy CASL compliance plan for U.S. businesses with incidental business activity in Canada appears to be either implausible or illusory.
Lack of Clear Guidelines
Alarmingly, no agency within or outside of Canada seems to be able to identity a comprehensive, feasible approach to CASL compliance for businesses operating in foreign states. When queried on issues left ambiguous in the act’s provisions, such as how to disaggregate a list missing information about subscribers’ countries of residence and whether and how businesses should set up separate opt-in pages for Canadian visitors, a CRTC representative wrote that “CRTC staff is not in a position to provide advice regarding specific scenarios.” Similar requests leveled at the American Marketing Association and the Canadian Marketing Association yielded no insight outside of what is available on either organization’s website.
Most spammers, of course, will not abide by CASL’s opt-in rules, nor will they keep detailed records of consent and compliance. The law is designed to give regulators enormous authority in pursuit and punishment of these intentionally bad actors. By creating large potential fines, CASL may function as a sweeping deterrent for unauthorized spamming activity. Cheap penalties would undermine the spirit of the legislation by encouraging scofflaws.
Businesses have until June 1, 2017, to comply with CASL. After that date, CASL establishes a private right of action. During the next 32 months, the CRTC advises senders to familiarize themselves with the legislation, devise a companywide compliance program and conform their data-collection policies to CASL’s requirements. In addition, and perhaps most important, senders must reconfirm consent from Canadian recipients.
If you are unsure whether recipients are receiving your messages in Canada, the onus is on you to find out. No proven method exists to obtain demonstrably accurate information, but senders should consider steps to reduce their liability nonetheless. Some marketers advise sending opt-in campaigns to current mailing lists, then removing all noncompliant subscribers—those who do not give express consent. Various email marketing services have already created CASL templates to minimize the steps needed to comply with CASL. Businesses that choose to take this prudent approach, but that have gained email addresses through indirect means (such as list purchasing), should expect subscriber numbers to shrink.
Email marketing platforms also offer options to alter the initial sign-up process for new subscribers at little additional cost to resources. Marketers can include a mandatory country of residence field, and capture IP information about each new list member. With simple geotargeting in place, Canadian visitors can even be funneled to a separate sign-up page. Opt-in checkboxes are still valid ways to solicit subscribers, as long as the boxes remain unchecked—however, without any procedure to track sign-up dates or locations, these instances are no less problematic in the eyes of the CRTC.
It remains to be seen how Canadian companies and non-Canadian businesses will be affected by CASL. The CRTC lacks the resources it would need to enforce CASL against each of the world’s many spammers who send messages to Canadian recipients. It is not clear whether the CRTC intended to create a global anti-spam policy when it adopted CASL. What is clear is that CASL has created many concerns for businesses outside of Canada that are determining what to do about CASL. Time will tell whether CASL is enforced or ignored, and by whom. Until regulators make an example out of a rule-breaker, many U.S.-based organizations are likely to adopt the ostrich approach, burying their heads in the sand and waiting to see whether and how CASL is enforced against other businesses. A more prudent approach is for businesses to review the requirements of CASL and make their own informed decision as to how they will address the new legal requirements. As recognized by one of the oldest legal principles in our judicial system, ignorance of the law is no excuse for failing to comply with the law’s requirements.
Matthew Lurie contributed to this article.
If you have any questions about the new anti-spam law in Canada and its relationship to U.S. companies please contact Jonathan Wachs at firstname.lastname@example.org or 301-575-0302.
About John Wachs
As head of the firm’s Intellectual Property Group, Mr. Wachs works closely with clients to develop, register, analyze, enforce, and transfer intellectual property assets in a customized, cost-efficient, and highly effective manner. Additionally, he conducts intellectual property audits through which clients learn the nature and value of their intellectual property assets and the steps needed to protect such assets from misappropriation or dilution.
ABOUT OFFIT KURMAN
As one of the fastest-growing, full-service law firms in the mid-Atlantic region, Offit Kurman is well positioned to meet the legal needs of dynamic businesses and the people who own and operate them. At Offit Kurman, we are our clients’ most trusted legal advisors, the professionals who help them to maximize and protect their business value and individual wealth. In every interaction, we consistently strive to maintain our clients’ trust, further their objectives and help them achieve their goals. Trust. Knowledge. Confidence. In a partner, that’s perfect. Please contact us for more information on Offit Kurman’s comprehensive Legal services.
WASHINGTON | BALTIMORE | FREDERICK | PHILADELPHIA | WILMINGTON | VIRGINIA