Commercial Electronic Messages
A Commercial Electronic Message or CEM is an electronic message that has as its purpose encouraging participation in a commercial activity and that is sent from or received by a computer in Canada. A “commercial activity” means a transaction or act that is of a commercial character, whether or not it is done with an expectation of profit. This means that many of the emails, electronic newsletters and other means that registered charities and not-for-profits use to communicate with volunteers, donors, members and members of the public may now be regarded as CEMs and fall under the provisions of CASL.
Exception for Registered Charities
There is a limited exception for registered charities. Any electronic message sent by a registered charity for the primary purpose of raising funds is exempt from the provisions of CASL. However, the definition of raising funds is unclear at this time. And, if a request for donations is placed within a newsletter, or some other form of communication with the public, it may be found that the primary purpose of the CEM was not to raise funds. This limited exception does not apply to not-for-profit organizations or Registered Amateur Athletic Associations.
Consent
Consent is really the key concept to be aware of in CASL. The Act creates a permission-based scheme under which consent is required before a CEM can be sent. Consent can be either express or implied.
Express Consent
Express consent means that a recipient has voluntarily agreed to receive a CEM and this consent is documented. Consent can be either oral or in writing, and “in writing” includes both paper and electronic forms of writing. The CRTC has set out guidelines that state the information that must be in a request for express consent:
-
- The purpose or purposes for which consent is requested;
- The name of the person seeking consent and the name of the person ,if it is different, on whose behalf consent is asked;
- A statement indicating which person is asking for consent and which person on whose behalf consent is being asked;
- If the person seeking consent and the person, if different, on whose behalf consent is sought are carrying on business under different names, the names of those businesses;
- The mailing address, and either a telephone number providing access to a person or a voice messaging system, an email address or a web address for the person asking for consent, and if different, the person on whose behalf consent is asked; and
- A statement that the recipient of the CEM can withdraw consent at any time in the future by using this contact information. This is called the “unsubscribe mechanism”. You will find more information about the unsubscribe mechanism at the end of this section.
Oral consent can be proven by verification by an independent third party, or where a complete and unedited audio recording of the oral consent is kept by the person asking for consent or a client of the person asking for consent.
Once express consent is obtained, it does not expire, unless the person giving consent withdraws it at any future time.
The CRTC has issued Compliance and Enforcement Bulletin 2012-549 that gives guidance about obtaining express consent and gives two examples of forms that are acceptable. You will find these forms at the end of this section. The Bulletin also states that since express consent must be positive or explicit, an opt-out mechanism is not acceptable, nor is a “toggle box” where permission to send CEMs is already checked off.
Implied Consent
Under CASL, consent can be implied in three situations:
-
- where there is an existing business relationship, or an existing non-business relationship;
- where the recipient has “conspicuously published” their electronic address without saying that they do not want to receive unsolicited CEMs and the message they receive has to do with their business, role, functions, or duties in their business or official capacity;
- where the recipient has disclosed their electronic address to the person who is sending the message; again, without saying that they do not want to receive unsolicited CEMs and the message they receive has to do with their business, role, functions or duties in their business or official capacity. An example of this could be a person who receives a CEM from a person to whom they gave their business card, with their email address on the card.
Generally speaking, implied consent lasts for two years, providing an opportunity for organizations to change an implied consent to an express consent. CASL includes a transition period that allows for implied consents to remain active until July 1, 2017. In addition, where there is an existing business relationship, each transaction renews the implied consent, so that the two-year existing business relationship starts over.
It is important to note that after July 1, 2014 CEMs may only be sent with the explicit or implied consent of the recipient. Because a message seeking explicit consent is, in itself, a CEM, after July 1, 2014 these can only be sent to people or organizations with which you have an implied consent relationship.
Existing Business Relationship
An existing business relationship between the sender of the CEM and the recipient will be found if, within the previous two years the recipient has:
-
- purchased, leased or bartered a produce, goods, services, land or an interest in land from the sender;
- accepted a business, investment or gaming opportunity offered by the sender;
- entered into a written contract or made inquiries about other matters with the sender for another matter not listed above;
- within the previous six months, made an inquiry or an application about any of the matters listed above.
The existing business relationship is renewed with each transaction, so that the two-year existing business relationship starts over.
Existing Non-Business Relationship
Existing Non-Business Relationships are of particular importance to registered charities and not-for-profits. An organization has an existing non-business relationship with a recipient if the recipient has, within the previous two years:
-
- In the case of a registered charity, made a donation or gift, or has performed volunteer work for the charity;
- In the case of a not-for-profit, has been a member of the organization, such as a club or association.
Each time that a recipient makes a donation or gift, or volunteers, the two-year implied consent period begins again. It is the same case for not-for-profits. Each time a member renews, the two-year implied consent period begins again.
Excluded Messages (1)
There are a number of CEMs to which CASL does not apply. These include messages sent:
-
- to someone with whom the sender has a personal or family relationship;
- to someone in a commercial activity making an inquiry or application about the activity, such as quotes or estimates;
- to another employee, representative, consultant or franchisee of an organization about the activities of the organization;
- to an employee, representative, consultant or franchisee of another organization, if the organizations have a relationship and the message is about the activities of the receiving organization;
- in response to a request, question or complaint, or is otherwise initiated by the recipient;
- by or on behalf of a registered charity and the message has as its primary objective raising funds for the charity;
- by or on behalf of a political party or a political candidate for publicly elected office, for the primary purpose of obtaining a donation or contribution.
Excluded Messages (2)
These types of CEMs are excluded from the provisions of CASL except that they must conform to the rules about providing sender identity information and an unsubscribe mechanism so that the recipient can opt not to receive future CEMs. These messages must solely:
-
- facilitate, complete or confirm a commercial transaction that the recipient previously agreed to enter into with the sender;
- provide warranty, product recall or safety and security information about a product or service that the recipient has used or purchased;
- provide product, goods or services updates or upgrades that the recipient is entitled to receive;
- provide ongoing information about a subscription, loan, membership or account that the recipient is currently participating or enrolled in;
- provide information directly related to an employment relationship or benefit plan in which the recipient is involved or enrolled.
There is some uncertainty at the moment about the meaning of “solely” at this time. Further clarification is expected from the CRTC.
Third Party Referrals
There is another limited exemption to the consent provisions of CASL for third party referrals. The CRTC states that the consent provisions do not apply to the first commercial electronic message that is sent by an individual for the purpose of contacting a recipient following a referral by someone who has:
-
- an existing business relationship;
- an existing non-business relationship;
- a personal relationship; or
- family relationship with the individual who sends the message as well as these relationships with the individual to whom the message is sent.
Third Party Referral messages must disclose the full name of the individual or individuals who made the referral and state that the message is sent as a result of the referral. These messages must also comply with the sender identity information and unsubscribe mechanism requirements. Only one Third Party Referral message may be sent under these terms, so it should contain a request for future consent.
Unsubscribe Mechanism
The Unsubscribe Mechanism is one of the most important components of the CASL scheme. Every CEM that an organization sends must provide a way for recipients to unsubscribe from receiving messages in the future. A Regulatory Policy from the CRTC states that the mechanism must be “readily performed” meaning that it must be accessed without difficulty or delay and should be simple, quick and easy for the consumer to use. It must also be free of charge to the user. The means to contact the sender must be operational for at least 60 days, and the unsubscribe request must be completed within ten business days. The Commission gives as an example of an unsubscribe mechanism that can be readily performed as a link in an email that takes the user to a web page where he or she can unsubscribe from receiving all or some types of CEMs from the sender. It also suggests: “In the case of a Short Message Service (SMS) the user should have the choice between replying to the SMS message with the word ‘STOP’ or ‘Unsubscribe’ and clicking on the link that will take the user to a web page where he or she can unsubscribe from receiving all or some types of CEMs from the sender.”
An example of an unsubscribe mechanisms created by the CRTC can be found at the end of this section (last image).
It will be very important for registered charities and not-for-profits to set up a system to track and monitor unsubscribe requests, so that they know what electronic addresses cannot be sent future CEMs. This could be a system as simple as a spreadsheet or as sophisticated as a fully integrated database. Note too, that the tracking system should also be set up to watch for the expiration of the two-year period for implied consents. Failure to do so that results in CEMs being sent to parties who have unsubscribed or have not been active with the organization for two years could lead to Notices of Violation from the CRTC, with the possibility of significant fines for the organization, and the officers and directors. After July 1, 2017, there is also the possibility of lawsuits by private citizens who allege harm and claim damages.
Relationships with Third Parties
Under CASL organizations must also be aware of what contracts they have entered into that may involve a third party sending CEMs on their behalf. Some examples of these contracts could include:
-
- advertising agencies;
- social media management companies;
- public relations or media advisory companies;
- lobbyists;
- sales or distribution agents;
- professional fundraising companies;
- investor services;
- suppliers of referral/contact lists.
If your organization has contracts with parties such as these, the contracts should be reviewed to make sure that any CEMs they send on your organization’s behalf are CASL compliant. The contracts should contain clauses that ensure that the service provider will meet all applicable CASL requirements, will notify you if it is cited by CRTC for a violation, and will keep your organization indemnified for any costs or damages arising out of a breach. You should also ask your service provider to inform your organization of all unsubscribe requests and to keep records of CASL compliance.
Tracking
It is very important that registered charities and not-for-profits begin to track recipient consents. Depending on the size of the organization, this could be as simple as an Excel spreadsheet for a small charity or fully integrated databases for a larger entity.
Tracking should cover:
-
- express consents;
- implied consents;
- conversion of implied consents to express consents; and
- implementation of unsubscribe requests and the date it was done.
For an example of a simple spreadsheet to track CEMs, see the Sample Tracking Spreadsheet under Tips and Tools.
Sample Forms
Acceptable express consent mechanisms – Checking a box to indicate consent
Acceptable express consent mechanisms – Typing an email address into a field to indicate consent
NOT ACCEPTABLE: An example of toggling that assumes consent
Acceptable wording for unsubscribe request
Automated Message Distribution
If your organization sends out a variety of electronic mailings that may or may not contain CEMs or your mailing lists are just too large for your organization to manually manage, here are a few options to automate message distribution that may be of interest to you:
Constant Contact is an online marketing company offering e-mail and social media marketing services primarily to small businesses, non-profit organizations, and membership associations. It offers non-profit rates and a free trial period. It’s Safesubscribe feature is helpful in automating the subscribe / unsubscribe process so critical to CASL compliance requirements.
A second option to look at is MailChimp. MailChimp markets itself as an online email marketing solution to manage contacts, send emails and track results. For organizations with smaller electronic mail subscriber lists MailChimp offers a package that allows organizations to send up to 12,000 emails to 2,000 subscribers for free. Other packages are also available if your organization has a larger subscriber list.
Return to Canada Anti-Spam Legislation Home Page
This page was last updated in June, 2014.