What Canada’s New Anti-Spam Legislation Means for Your Digital Marketing

By Jenny Knizner | Jul 8, 2014
More Articles by Jenny

Spam and other electronic threats are a real concern to individuals and businesses alike, in any location. They can range from the annoying, unwanted commercial messages that clutter inboxes, to malicious communications with devastatingly harmful consequences. To help “protect Canadians while ensuring that businesses can continue to compete in the global marketplace”, Canada passed a set of anti-spam legislation in December 2010 that entered into effect on July 1, 2014.

To be sure you and your business are in compliance with Canada’s Anti-Spam Legislation (CASL), review ALL the guidelines specified at (or send your legal team over to) fightspam.gc.ca. To get you started, here is a brief overview that hopefully won’t make your eyes glaze over:

Does the Canada’s New Anti-Spam Legislation Apply?

CASL regulations apply to any “Commercial Electronic Message” (CEM) sent from or to Canadian computers and devices in Canada. Regardless of the type of organization, including charities and not-for-profit organizations, if your electronic message promotes a product, business, service, investment opportunity, or person who does one of those things and the message is sent to an electronic address such as an email account, instant messaging account, social networking accounts, text messages sent to a cell phone, or any similar account, then you are subject to the legislation.

Know the Difference Between Express and Implied Consent

Generally, the legislation places heavy emphasis on consent and prohibits:

  • sending of commercial electronic messages without the recipient’s consent (permission);
  • installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee; and
  • collection of electronic addresses by the use of computer programs or the use of such addresses, without permission (address harvesting).

With few exceptions, including existing business relationships and communications regarding purchases, express consent is now required for all commercial electronic messages. As a result, it becomes extremely important to understand the difference between express and implied consent.

Express Consent

Express consent exists if a person has clearly agreed (orally or in writing) to receive commercial electronic messages, the basic opt-in model. The manner in which you request express consent cannot presume consent on the part of the end-user. It is important to note that silence or inaction on the part of the end-user also cannot be construed as providing express consent. For example, a pre-checked box cannot be used, as it assumes consent. Auto opting-in abandoned shopping carts and e-receipts for promotional mail are also outlawed.

Implied Consent

Implied consent is given when the recipient has made an inquiry or submitted an application, made a purchase, accepted a business opportunity, or bartered for something from the sender any time in the past.

Moving forward, make sure you gain a consumer’s consent prior to sending commercial electronic messages. Also worth noting, the law specifies that the onus is on the person sending the message to prove that he/she has obtained express consent to send the message.

For existing databases, the legislation includes a 36-month transitional provision relating to consent requirements, allowing businesses time to adjust. This means, if your database includes any existing subscribers that have provided implied consent only, you will need to make a request for express consent by July 1, 2017. And if you don’t have consent to send messages, you had better just not!

Transparency and Clarity is More Important than Ever

Under the new anti-spam legislation, your messages must not have false or misleading sender information, subject matter information, URLs and/or metadata. To comply, clearly identify yourself and your organization and include the following in every communication:

  • Mailing address
  • Phone number, email address, or a web address for you or the person on whose behalf you are sending the message.
  • An unsubscribe mechanism

Failing to Understand and Comply Comes with Serious Consequences

This law is already in place and carries some serious penalties. Although there are no automatic penalties, legitimate complaints about unsolicited emails may be investigated and if judged in violation, penalties for the most serious violations of the Act can go as high as $1 million for individuals and $10 million for businesses. It’s important to note that individuals and companies, including directors, officers and other agents, are responsible and liable for the messages they send.

It’s as simple as that folks. There are three general requirements for sending a CEM to an electronic address. You need (1) consent, (2) identification information, and (3) an unsubscribe mechanism. If your business is operating in the US and your marketing practices are already inline with the CAN-SPAM legislation, you should have no trouble adjusting to the new CASL rules. The main difference is CAN-SPAM is an opt-out model versus opt-in. With many other countries adopting similar models and consumers expectations and knowledge base expanding, it is time to evaluate your marketing practices and transition to an opt-in model. In addition to avoiding costly fines, you may also find that you improve deliverability, trust, and your brand’s reputation.

Note: This post provides a loose interpretation of the law and should not be taken as legal advice. Refer to information bulletins at fightspam.gc.ca and seek your own legal advice regarding how to comply.

If you need more clarification, check out these great infographics:


Share this article

Facebook Icon Twitter Icon LinkedIn Icon Google Plus Icon Pinterest Icon

Subscribe today!

Join over 4,000 marketers who receive actionable digital marketing insights.


Blog Search