Canada’s Anti-Spam Law: Key exemptions
A Commercial Electronic Message (CEM) is any electronic message that encourages participation in a commercial activity, such as an email that contains a coupon or tells customers about a promotion or sale. If your organization sends CEMs, you’ll need “express consent” from recipients before sending them – although certain exemptions exist.
By Miyo Yamashita and Sylvia Kingsmill
The revised regulations introduce key exemptions for B2B, legal and referral business practices, for telecommunications services (TSPs) and for personal relationships.
Here we summarize these exemptions for you:
- Business-to-business (B2B) communications. CASL applies broadly to all CEMs. However, the new regulations include exemptions for CEMs sent within a business, and CEMs sent between businesses that are in an ongoing business relationship. The messages must be sent by an employee, representative, contractor or franchisee, and be relevant to the business, role, function or duties of the recipients. Similarly exempt are communications sent to third-party business partners, such as marketing agencies, recruiting firms and insurance carriers.
- Messages sent to consumers in response to a request for information. The new regulations address this unintended consequence by exempting messages sent in response to requests, inquiries or complaints.
- Messages sent to enforce a legal right. Examples include messages sent for debt collection, licensing and enforcing contractual obligations.
- Messages sent from outside Canada. These include messages sent by foreign businesses (provided the sender could not reasonably know the message would be received in Canada) and internationally-based Canadian organizations.
- Third-party referrals. To qualify for the exemption:
- The individual who sends the message must disclose in the message the ordinary or full name of the person who made the referral.
- The individual who made the referral must have an existing personal or family or business relationship with both the sender and the person who receives the message.
Telecommunications service providers (TSPs)
The new regulations also include two exemptions for TSPs to permit the installation of computer programs without consent:
- For the purpose of preventing illegal activities that pose a risk to network security.
- For network update/upgrading purposes.
While CASL was never meant to apply to communications sent to family or friends, some stakeholders considered the definitions of personal and family relationships to be too narrow. The revised regulations have now broadened these definitions.
Now a “personal relationship” is defined as one where individuals have had voluntary, two-way communications at any point in the past—whether or not they have met in person. Based on factors such as the sharing of interests and experiences, the relationship is considered personal, unless the recipient has clearly asked not to receive any CEMs from the sender.
The definition of “family relationship” has also been expanded so that CEMs can be sent without consent to family members descending from a common grandparent, including aunts, uncles, first cousins, nieces and nephews.
For a closer look at the requirements set out by CASL, read Managing the message: Canada’s new anti-spam law sets a high bar. Detailed information about the new regulations is also outlined in this FAQ.
We monitor all CASL news as it’s released, so we’ll update you on the developments that matter most. In the meantime, if you have any questions, please don’t hesitate to contact us or to post a comment below.
Miyo Yamashita is the leader of our national Privacy & compliance risk practice. With over 15 years of experience, Miyo has worked with a number of clients, across multiple industries, helping them navigate their privacy and compliance management initiatives.