Email Marketing Law In Canada (CASL)
This blog post is written to help business owners and marketers understand email marketing laws in Canada. I’ve tried to keep it simple and free of legal jargon as possible. I’m not a lawyer, so for further explanation please refer to the sources linked below.
Canada’s Anti Spam Legislation (CASL)
There’s only one email marketing law in Canada but it is very comprehensive. Canada’s Anti Spam Legislation (CASL) came into effect on the 1 July 2014 and is enforced by Canadian Radio-television and Telecommunications Commission (CRTC). In addition to email marketing it also covers commercial text (SMS) messages and commercial instant messaging too. However, for this blog post we’ll stick to the parts that deal with email marketing.
How is email marketing defined within CASL?
Email marketing is defined as commercial electronic messages (CEMs). These include:
- Offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land
- Offers to provide a business, investment or gaming opportunity
- Promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so
Any business sending commercial emails from within Canada or to recipients in Canada must comply with CASL or risk a fine of up to $10 million. So if you are a company based outside Canada emailing Canadian prospects and customers you must comply too!
The three foundations of CASL
There are three important foundations to adhere to:
- Consent (explicit or implied)
- Sender identification
- Unsubscribe mechanism
1. Consent (explicit or implied)
You must have the recipient’s consent, either explicitly or implied. Explicit consent can be given either in writing or verbally. When it comes to website forms, a pre-checked box cannot be used, as visitors must explicitly ‘opt-in’ rather than ‘opt-out’.
Implied consent occurs when you already have an existing business relationship or when someone gives you their email address without any restrictions.
Imagine you are attending a business networking event and you give someone your card. Unless you explicitly prohibit it, you’ve just given them implied consent to add you to their mailing list. Personally, I don’t collect business cards to spam people but if I did I would ask their permission and mark a tick on their card in their presence. I would then have both explicit consent and, assuming I keep their card, some form of evidence.
Consent is also implied for members of an association, club or voluntary organization. Implied consent is generally interpreted as lasting 2 years from when they first gave you their email address. One important exception to this is subscriptions or memberships. The implied period starts on the day the relationship ends. So if you are a SaaS company offering free trials you can continue to email people who trialled your software but didn’t buy for a further 2 years.
If you were sending commercial emails to a recipient prior to 1 July 2014 you actually have their implied consent until 1 July 2017. But, as with all other situations, their consent ends just as soon as they ask you to stop emailing them.
Double opt-in helps prove consent
Irrespective of the how consent is given, the onus is on the sender to prove they received consent. Most email marketing systems offer double opt-in. This sends the new subscriber an email with a link they must click on to confirm their subscription. Some marketers don’t like double opt-in as you can lose subscribers who don’t click the activation link. However, from the perspective of confirming their consent, it’s much safer.
2. Sender identification
Every email message must clearly identify the organization on whose behalf it is being sent. You must include a postal address and in addition either a phone number, email or website address. P.O. Box, rural route address, or general delivery address are all acceptable. Also, the details you give must be valid for up to 60 days after the message is sent.
3. Unsubscribe mechanism
You must provide an unsubscribe mechanism that is ‘readily performed’. Put simply what this means is that it must be quick and easy for the recipient to do. Unsubscribing must be provided at no cost and take 10 days or less to be carried out. All the big email service providers (MailChimp, Constant Contact, Campaign Monitor etc) and most CRMs have slick unsubscribe mechanisms so there’s no reason to reinvent the wheel.
I have to confess it’s unclear to me whether emailing your prospects and customers from email programs such as Outlook, Gmail, Apple Mail etc provides an adequate unsubscribe mechanism. It’s arguable that recipients could just reply to your message and ask to be removed from your list. But is this adequate to comply with CASL? If you know, please let me know!
Is your email marketing truthful?
In addition to the three principles detailed above, reference is also made to ensuring your messages do not have false or misleading sender information, subject matter information, URLs and/or metadata. Truthful advertising in Canada is covered under the Canadian Code of Advertising Standards – guidelines for self-regulation rather than law.
Don’t get caught out by CASL!
I can only find details of four companies that have agreed to make ‘voluntary’ payments in connection with non-compliance (apparently these are not fines). Click the links below to read more about these violations:
It’s worth noting that the directors and officers of a company can also be held liable. As can agencies sending campaigns on behalf of clients.
Spammers can be sued from July 2017
Business owners and marketers should review their CASL compliance now as a private right of action comes into force on 1 July 2017, making it possible for recipients to sue a sender for violating CASL. This could result in some very expensive class actions! An excellent CASL article from international law firm Dentons contains more details of the private right of action and compensation.
Here’s how to make sure you’re King of the CASL:
- Review your email opt-in forms on your website and ensure boxes are not pre-checked
- Change any email mailing lists to double opt-in
- Review the consent you have with existing contacts
- Ensure future consent is explicit whenever possible
- Ensure your commercial email messages includes the correct sender identification
- Ensure your unsubscribe mechanism is compliant (easy, no cost, less than 10 days)
- Keep your email campaigns truthful
Hate SPAM? Report it!
You can report unsolicited email on the Fight Spam website.
Spam photo credit: freezelight