The new Canada Anti-Spam Legislation
Canada, just like many other countries, adopted an Anti-Spam legislation that will come into force gradually on July 1st, 2014, January 15, 2015 and July 1st, 2017.
This Act aims at:
1° regulating commercial electronic messages (CEM) that could be defined, in brief, as electronicmessages sent by any means and that have, as purpose, in whole or in part, to encourageparticipation in a commercial activity. This includes a CEM for an offer to purchase, to sell or toconduct any other commercial activity, to promote commercial activities or to make the promotion of a person (physical or moral). A message which asks the recipient to consent to the receipt of furtherCEM also constitutes a CEM; and
2° the amendment of transmission data and the installation of computer programs without the consent ofthe recipient.
As for a CEM, the Act imposes an obligation to obtain an express consent from the recipient. A strict procedure is imposed by the Act and the regulations in order to show a clear consent obtained either verbally or in writing. You must, in the process of obtaining a consent, present clearly and in simple form the goal and the identification of the person requesting the consent (or the person for whom the consent is asked) and you must also indicate clearly that this consent may be withdrawn at any time. It shall be prohibited to send a demand where the object is already checked in a box and only requires a return or acceptance click; the recipient must himself check the box before returning/accepting. The consent sought shall not be included with other consents such as, for example, a consent to the installation of a computer program; the invitation to consent must be separate.
Also for CEMs, there may be implied consent in the case of existing commercial relations, existing non-commercial relations, conspicuous publication and voluntary disclosure. Conspicuous publication would, for example, be when a website of a business person bears no declaration of refusal of communications with respect to the object covered by that website. As for voluntary disclosure, a good example could be the person handing a business card that comprises an e-mail address; the person thus giving his business card expresses his accord to receive CEMs in relation to his business.
As for the second portion of the Act, namely the amendment of transmission data or installation of computer programs, this aims at controlling external intrusions on the user’s computer. An express consent shall be required for any modification of transmission data and here again the consent shall answer to strict regulations. The installation of computer programs entails the same consent obligation; however, shall not be subject to specific consent the installation of cookies, html codes or java scripts when those operations have been preauthorised by the user and the interventions covering security of telecommunication systems or improvements thereof.
The anti-spams provisions will begin to apply on July 1st, 2014. The provisions concerning installation of computer programs will come into application on January 15, 2015.
By exception, if a sender can justify a pre-existing business relation with a recipient of a CEM, he shall benefit from a grace period of 3 years until July 1st, 2017 during which period he shall be able to continue communicating with that recipient without obtaining the recipient’s consent; thereafter, all CEMs communicated to whomsoever will have to be made in accordance with the Act.
Non-profit organisations are not exempt from those provisions, except for recipients who have been members in the 2 preceding years.
The Anti-Spam Act applies to all types of messages: textos, sms and messages sent through social networks.
From July 1st, 2014 and, in those cases where the Act applies from January 15, 2015, penalty for violation will take the form of a fine of up to $1,000,000.00 for individuals and up to $10,000,000.00 for a moral person. From July 1st, 2017 on, a right of private action or a penalty of up to $1,000,000.00 for each offense will apply, against the offender and any person assisting, aiding or abetting in the commission of the offense.
There is consequently an urgency for businesses that use CEMs to act with respect to the July 1st, 2014 deadline. You should begin by analysing and examining the types of communications used, proceed to a categorization of the CEMs between clients and non-clients, establish a strategy of changes to your equipment and programs and set up a withdrawal procedure from your data bank.
The CRTC, the Competition Bureau and the Office of the Privacy Commissioner of Canada will be in charge of the application of the Act. CRTC’s responsibility will cover inquiries and administrative sanctions. The Competition Bureau, within the framework of its attributions on the goal of maintaining a competing market, will take charge of false or treacherous indications in any CEM or other visible or cache components. The Competition Bureau and the Office of the Privacy Commissioner of Canada will proceed to the supervision of the collection of personal data made in contravention with the Act.
The Act and the By-laws contain a number of subtleties and the solutions applicable to one business may not necessary apply to another. It is thus important that all situations be analysed on a case-by-case basis.
Louis Linteau and Julie Philippe
This bulletin is intended as a general information instrument and is not to be considered as a legal advice or opinion on any of the issues raised.