Much-anticipated revisions to the originally proposed Electronic Commerce Protection Regulations provide some useful clarifications and additional exemptions with respect to Canada’s Anti-Spam Law (CASL), but many concerns remain with respect to the potential over-reach of the not-yet-in-force law and the unnecessary and burdensome financial and administrative obligations that it may impose on legitimate business activity.
In fact, while the revised Regulations do respond to some of the concerns raised with respect to the previously proposed regulations – and indeed, the Act as a whole - the new Regulations may be more notable for what they don’t include than for what they do cover.
In this regard, many of the issues raised and exemptions requested by the business community following the pre-publication of the original proposed Regulations have not been accommodated, including:
- Accepting as valid under CASL consents to the receipt of commercial electronic messages that are obtained in compliance with the federal private sector privacy law, the Personal Information Protection and Electronic Documents Act. In the explanatory remarks accompanying the proposed Regulations, the Government explicitly indicates that CASL is intended to create a higher threshold for consent for the receipt of commercial electronic messages.
- Allowing Canadian businesses to send, on behalf of foreign organizations, commercial electronic messages to recipients outside of Canada. Concerned with the potential for abuse by spammers, the Government rejected submissions that the lack of an exemption for such activity would put Canadian outsourcing and cloud computing firms at a significant disadvantage with respect to their foreign counterparts.
- Allowing manufacturers without a direct relationship with end users of their products (such as where the products are purchased from a retailer) to send commercial electronic messages to those end users. The Government rejected an exemption for manufacturers as too broad, but as noted below, has created new exemptions with respect to sending warranty and recall information.
- Reducing the complexity of the requirements for the collection and withdrawal of consent for the receipt of commercial electronic messages sent by as-yet-unknown third parties. The Regulations continue to require organizations collecting such consents on behalf of such third party organizations to engage in detailed tracking of such consents and take responsibility for the actions of such third parties.
- Expanding the “existing business relationship” exemption to include legitimate commercial electronic messages sent in the context of additional ongoing business relationships, which do not clearly fall within the narrow definition of the current exemption.
Nevertheless, the revised regulations do provide some clarification of key legislative terms, as well as new exemptions for business activities that were not intended to be within the scope of CASL. Moreover, the Government has indicated that Industry Canada and the CRTC are exploring the use of interpretational guidelines and other guidance material to provide clarity where appropriate.
One such clarification is that the revised Regulations amend the previous definition of “personal relationship” so as to correct what many argued was an unduly narrow exemption from the anti-spam requirements for commercial electronic messages sent between individuals.
CASL provides that its core anti-spam provision does not apply to commercial electronic messages that are sent by an individual to another individual with whom they have a “personal or family relationship.” However, in the original regulations proposed by Industry Canada, the term “personal relationship” was defined so as to recognize only those relationships where the individuals concerned had actually met face-to-face within the previous 2 years.
The revised Regulations exempt commercial electronic messages sent between individuals who have had direct, voluntary two-way communications, in circumstances where it would be reasonable to conclude that the relationship is personal. In reaching such a conclusion, all relevant factors are to be considered, including the nature and frequency of such communications, the length of time over which the parties have communicated and whether the parties have met in person. The two-year limitation period has been removed. Recipients of exempted “personal relationship” messages may opt-out of receipt of such messages, in which case the exemption no longer applies.
The exemption may be most relevant for businesses where they may facilitate or encourage customers to send commercial electronic messages to their personal networks, such as through “forward to a friend” features.
One of the chief criticisms of the earlier regulations, and of CASL as a whole, has been that the since the definition of “commercial electronic message” is so broad, the Act could impose unnecessary consent and disclosure requirements on regular business communications that should not be within the scope of the law.
In response, the revised Regulations introduce new exemptions for commercial electronic messages sent within a business, or sent between businesses that are already in a business relationship, where the messages are sent by employees, representatives, contractors or franchisee and the message concerns the organization or the individual recipient’s role, functions or duties within or on behalf of the organization.
Messages in Response
Again, due to the broad definition of “commercial electronic message”, concerns were raised that businesses responding to inquiries could be caught by the anti-spam law. While CASL includes an exemption for individuals contacting an organization to inquire about its business, there was no corresponding exemption with respect to the organization’s response.
Accordingly, the revised regulations include a new exemption for commercial electronic messages that are sent in response to a request, inquiry or complaint, or that is otherwise solicited by the recipient.
Incidentally in Canada
One of the key concerns of many foreign companies was that CASL applies to commercial electronic messages that are either sent from or accessed through a computer system located in Canada. Accordingly, concerns arose about the potential application of the law to commercial electronic messages sent from outside Canada, to recipients who are ordinarily resident outside Canada, but who may access such messages during visits to Canada.
A new provision in the revised Regulations appears to largely satisfy this concern, by exempting such messages, provided that they relate to a product, good, service or organization located or provided outside Canada, and that the sender did not know and could not reasonably be expected to know that the message would be accessed using a computer system located in Canada. However, uncertainties still remain, for example with respect to the treatment of a non-Canadian sender who also makes the product or service in question available through a Canadian subsidiary or affiliate.
Non-Transactional Business Communications
The revised Regulations also include a new provision exempting commercial electronic messages sent for purposes relating to the satisfaction, notification or enforcement of legal or juridical rights and obligations, such as sending warranty or recall information, electronic bank statements, notices of copyright infringement, etc.. Again, such an explicit exemption was considered necessary by some in view of the broad definition of commercial electronic message found in the Act.
The revised Regulations contain a new exemption for commercial electronic messages sent based on a referral by one or more individuals, where such individuals have an existing business or non-business relationship or a personal or family relationship with the sender and the recipient. The exemption applies only to the first commercial electronic message sent to contact the recipient, and the message must disclose the full name of the referring individual or individuals. Several stakeholders had previously expressed concern that without such an exemption, they could not directly act upon referrals from friends, family and clients without first obtaining consent.
Telecom Service Provider Software
Finally, the revised regulations add two types of telecom service provider (TSP) software to the list of specified computer programs (such as HTML code, Java scripts, cookies, etc.), for which express consent is assumed if the individual’s conduct leads to a reasonable belief that they consent to such an installation. The new exemptions relate to TSP programs to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks.
While passed into law in December 2010, CASL has yet to be proclaimed in force, in part because the Government was awaiting the finalization of two sets of regulations: one to be made by Industry Canada, and one to be made by the CRTC. The Electronic Commerce Protection Regulations (CRTC) were finalized last year, and the CRTC has issued two interpretation bulletins to provide guidance as to how it intends to apply those Regulations.
The proposed revisions to the remaining Electronic Commerce Protection Regulations were officially published for comment on January 5th, 2013, starting CASL on the final leg of its long journey to coming into force. Following a 30 day comment period, it is expected that the Regulations will be finalized, and a date will be announced for the coming into force of the new anti-spam regime.