Consumer Electronic Messages CEM – Canadian Anti-Spam Legislation (CASL) in Effect

On July 1, 2014, Canada’s toughest anti-spam law will be in place through the CASL (Canadian Anti-Spam Legislation). Companies must prepare themselves to comply with CASL by July 1st, 2014.

For those who are not familiar with the new CASL, below is all the information for Canada’s Anti-Spam Legislation For Common Short Code Applicants, Content Providers and Aggregators. This post’s sole purpose it to pass the summary of the CASL and is an overview to assist mobile marketing users. It is highly recommended to discuss with your legal team for any information below that might be confusing, or needs clarification.

For more information please visit: fightspam.gc.ca
NOTE: This CASL Overview Document is intended strictly as an overview or summary of CASL in order to assist Common Short Code (CSC) Applicants, Content Providers and Aggregators by highlighting key areas for further consideration and to convey information provided to CWTA by government sources. This document and any other information provided by CWTA regarding CASL is not intended to be, and should not be considered as, legal advice. All CSC Applicants, Content Providers and Aggregators are strongly encouraged to carefully review the provisions of CASL and its associated Regulations, and to obtain independent legal advice as to their CASL obligations, if any. It is the responsibility of each individual CSC Applicant, Content Provider and/or Aggregator to determine whether their CSC Programs make use of “commercial electronic messages” (CEMs) and, if so, to ensure that any CEMS they send, or cause or permit to be sent, fully comply with the applicable requirements under CASL as of July 1, 2014. The choice of compliance method is at the sole discretion of each CSC Applicant, Content Provider and/or Aggregator, subject to the requirements of The Canadian Common Short Code Applicaition Guidelines.
What is Canada’s Anti-Spam Legislation (CASL)?
Industry Canada’s Regulatory Impact Analysis Statement1 (RIAS) notes that “Unsolicited commercial electronic messages—known as “spam”—have become a significant social and economic issue, and a drain on the business and personal productivity of Canadians. Spam now makes up over 80% of global email traffic, imposing significant costs on businesses and consumers. Spam impedes the efficient use of electronic messages for personal and business communications and threatens the growth and acceptance of legitimate e-commerce.”
“The general purpose of Canada’s Anti-spam Legislation (CASL) is to encourage the growth of electronic commerce by ensuring confidence and trust in the online marketplace. To do so, the Act prohibits damaging and deceptive spam, spyware, malicious code, botnets, and other related network threats.”
Who does CASL apply to?
The new law and its associated regulations will apply broadly to any individual, business or organization that makes use of commercial electronic messages (CEMs), is involved with the alteration of transmission data, or produces or installs computer programs.
CEMs, including those sent via Common Short Codes (CSC), must comply with CASL.
What is a CEM?
In general terms, a commercial electronic message is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit2. A complete definition can be found in section 1 of the Act.
The CRTC has released a new set of FAQs3 and provide the following clarification on how to determine whether you are using CEMs:
A key question to ask yourself is the following: Is the message I am sending a CEM? Is one of the purposes to encourage the recipient to participate in commercial activity?
When determining whether a purpose is to encourage participation in commercial activity, some parts of the message to look at are:
– the content of the message
– any hyperlinks in the message to website content or a database, and
– contact information in the message.
These parts of the message are not determinative. For example, the simple inclusion of a logo, a hyperlink or contact information in an email signature does not necessarily make an email a CEM. Conversly, a tagline in a message that promotes a product or service that encourages the recipient to purchase that product or service would make the message a CEM.

Some examples of CEMs include:
-offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
-offers to provide a business, investment or gaming opportunity;
– promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so.
What does this mean for my CSC Program?
If you are currently operating an approved CSC Program, you will need to determine whether you are using CEMs. If your CSC Program does make use of CEMs, you will need to determine the CASL requirements specific to the CEMs you use and ensure that you are compliant with all applicable provisions of the Act and the CRTC and Industry Canada regulations by July 1st.
It is your responsibility to determine whether or not CASL applies to your CSC Program and, if so, to ensure compliance with all necessary requirements. Your choice of compliance method is at your sole discretion, subject to the requirements of The Canadian Common Short Code Application Guidelines (CWTA Guidelines). It is encouraged that you review your approach to CASL with your independent legal counsel.
CWTA will require your written confirmation that you are and will remain in compliance with CASL to the extent that it applies to your CSC Program. Written confirmation should be submitted to CWTA no later than July 1, 2014.
Will the CWTA confirm whether my messages are CEMs?
No, CWTA is not responsible for determining whether your Program uses CEMs, or ensuring CASL compliance. It is your responsibility to determine whether the messages you send are CEMs and to take all appropriate and required steps to become CASL compliant.
Who is responsible for ensuring CASL compliance?
All CSC program Applicants, Content Providers and Aggregators are responsible for ensuring that any CEMs they send, or cause or permit to be sent, using a Common Short Code fully comply with the requirements of CASL as of July 1, 2014.
The material contained in this document is not to be considered legal advice nor is it binding on the CWTA itself.
Does CASL impact all CSC Programs?
Not necessarily. If your CSC Program does not (i) use CEMs; (ii) alter transmission data; or (iii) install computer programs on another person’s device, you are not required to be CASL compliant.
In addition, under specific circumstances CEMs may be exempted from the application of CASL, in whole or in part, or have different CASL compliance requirements. For example, the Electronic Commerce Protection Regulations4 note:

3. Section 6 of the Act does not apply to a commercial electronic message
(a) that is sent by an employee, representative, consultant or franchisee of an organization
(i) to another employee, representative, consultant or franchisee of the organization and the message concerns the activities of the organization, or
(ii) to an employee, representative, consultant or franchisee of another organization if the organizations have a relationship and the message concerns the activities of the organization to which the message is sent;
(b) that is sent in response to a request, inquiry or complaint or is otherwise solicited by the person to whom the message is sent;
(c) that is sent to a person
(i) to satisfy a legal or juridical obligation,
(ii) to provide notice of an existing or pending right, legal or juridical obligation, court order, judgment or tariff,
(iii) to enforce a right, legal or juridical obligation, court order, judgment or tariff, or
(iv) to enforce a right arising under a law of Canada, of a province or municipality of Canada or of a foreign state;
(d) that is sent and received on an electronic messaging service if the information and unsubscribe mechanism that are required under subsection 6(2) of the Act are conspicuously published and readily available on the user interface through which the message is accessed, and the person to whom the message is sent consents to receive it either expressly or by implication;
(e) that is sent to a limited-access secure and confidential account to which messages can only be sent by the person who provides the account to the person who receives the message;
(f) if the person who sends the message or causes or permits it to be sent reasonably believes the message will be accessed in a foreign state that is listed in the schedule and the message conforms to the law of the foreign state that addresses conduct that is substantially similar to conduct prohibited under section 6 of the Act;
(g) that is sent by or on behalf of a registered charity as defined in subsection 248(1) of the Income Tax Act and the message has as its primary purpose raising funds for the charity; or
(h) that is sent by or on behalf of a political party or organization, or a person who is a candidate—as defined in an Act of Parliament or the legislature of a province—for publicly elected office and the message has as its primary purpose soliciting a contribution as defined in subsection 2(1) of the Canada Elections Act.
 CSC program Applicants, Content Providers and Aggregators should refer to the Act and regulations for a complete list of exemptions and exclusions.
What are the general CASL requirements for the sending of CEMs?
Generally, the sender will need to obtain consent from the recipient before sending the message and will need to include information that identifies the sender and enables the recipient to withdraw consent5.

What are the key requirements concerning Consent?
The Act6 together with the regulations should be read and considered in their entirety; information contained below is meant only to highlight key areas of consideration.
Consent
– Under CASL, consumers must consent to receive CEMs from you and you must retain proof of this consent.
– The Canadian Common Short Code Application Guidelines (Guidelines) prohibit the sending of messages via CSC without express consent by the consumer, and outline the current consent/opt-in processes for CSC programs. The consent/opt-in processes remain unchanged and must be followed by CSC Programs.
– Section 10 of the Act and the regulations identify additional information that must be set out clearly and simply when requesting consent for participation in your Program if you are using CEMs. You will need to determine to what degree you will need to make modifications in order to ensure you meet all of the requirements:
10. (1) A person who seeks express consent for the doing of an act described in any of sections 6 to 8 must, when requesting consent, set out clearly and simply the following information:
(a) the purpose or purposes for which the consent is being sought;
(b) prescribed information that identifies the person seeking consent and, if the person is seeking consent on behalf of another person, prescribed information that identifies that other person; and
(c) any other prescribed information.
 CSC program Applicants, Content Providers and Aggregators should refer to the Act and regulations for a complete description of the CASL consent requirements.
 To be clear, while both the CWTA Guidelines and CASL address the issue of consent, compliance with one does not guarantee compliance with the other. The CWTA expects that all CSC Programs will comply with both the consent requirements in the CWTA Guidelines and any applicable consent requirements under CASL.
What are the key requirements concerning Sender Identification?
The Act together with the regulations should be read and considered in their entirety; information contained below is meant only to highlight key areas of consideration.
Sender Identification
-Under CASL, unless otherwise exempted, ALL CEMs that are sent must contain prescribed Sender Identification information.
o According to the CRTC: “Such information must be readily available as part of the messaging service and not as part of the device used to access the message.”

-The Canadian Common Short Code Application Guidelines currently require some of this information to be provided, but not in every CSC Program message. These requirements remain unchanged.
-Sections 6 of the Act and the regulations identify the Sender Identification information that must be set out in each CEM you send for the purposes of CASL. You will need to determine to what degree you will need to make modifications in order to ensure you meet all of these requirements in addition to those in the Guidelines:
6. (2) The message must be in a form that conforms to the prescribed requirements and must
(a) set out prescribed information that identifies the person who sent the message and the person — if different — on whose behalf it is sent;
(b) set out information enabling the person to whom the message is sent to readily contact one of the persons referred to in paragraph (a); and
(c) set out an unsubscribe mechanism in accordance with subsection 11(1).
– CSC program Applicants, Content Providers and Aggregators should refer to the Act and regulations for a complete description of the Sender Identification requirements.
– The CRTC FAQs provide the following clarity concerning the requirement for ensuring valid consent even in instances where you are not required to be identified within the CEM:
Also, not every person who is involved in the sending of a CEM must be identified. Rather, only the persons who play a material role in the content of the CEM and/or the choice of the recipients must be identified. For example, an email service provider that provides a service to its clients to send emails, where the email service provider has no input on the content of the message, nor on the recipient list, does not need to be identified in the CEMs sent by clients using its service. Bear in mind however, that though the email service provider does not need to be identified in this scenario, it still shares its responsibilities with its clients in terms of ensuring that the CEMs are sent with valid consent (either express or implied) and contain an unsubscribe mechanism. Both the email service provider and its clients are sending, causing or permitting to send CEMs, and as such, they both have obligations under CASL.
What are the key requirements concerning Unsubscribing?
The Act together with the regulations should be read and considered in their entirety; information contained below is meant only to highlight key areas of consideration.
Unsubscribe
– Under CASL, consumers must always be able to unsubscribe from receiving CEMs from you and you must act on their request within 10 business days.
– The CWTA Guidelines outline the current unsubscribe/Opt-out requirements for CSC programs. These requirements remain unchanged and must be followed by CSC Programs.

-Sections 6 and 11 of the Act and the regulations identify the Unsubscribe requirements for the purposes of CASL. You will need to determine to what degree you will need to make modifications in order to ensure you meet all of these requirements in addition to those in the CWTA Guidelines:
6. (2) (c) [The message must] set out an unsubscribe mechanism in accordance with subsection 11(1).
11. (1) The unsubscribe mechanism referred to in paragraph 6(2)(c) must
(a) enable the person to whom the commercial electronic message is sent to indicate, at no cost to them, the wish to no longer receive any commercial electronic messages, or any specified class of such messages, from the person who sent the message or the person — if different — on whose behalf the message is sent, using
(i) the same electronic means by which the message was sent, or
(ii) if using those means is not practicable, any other electronic means that will enable the person to indicate the wish; and
(b) specify an electronic address, or link to a page on the World Wide Web that can be accessed through a web browser, to which the indication may be sent.
-The Act defines an electronic address as “an address used in connection with the transmission of an electronic message to
(a) an electronic mail account;
(b) an instant messaging account;
(c) a telephone account; or
(d) any similar account.”
-CRTC FAQs provide the following information concerning unsubscribe mechanisms:
Under CASL, you must include an unsubscribe mechanism in the commercial electronic messages (CEMs) that you send. For example, a CEM sent via SMS may state that an end-user can unsubscribe by texting the word “STOP.” Another possibility is a hyperlink that is included clearly and prominently in an email that allows the end-user to unsubscribe by simply clicking it. The hyperlink may also be to a webpage that is readily accessible without delay and is at no cost to the recipient.
You can set up your unsubscribe mechanism in many different ways. It can be broad or very granular. For example, you can offer a choice to the recipient, allowing them to unsubscribe from all or just some types of CEMs your organization sends.
A key aspect is that an unsubscribe mechanism must be “readily performed.” It should be simple, quick and easy for the end-user.

For examples of acceptable unsubscribe mechanisms under CASL, please see Compliance and Enforcement Information Bulletin CRTC 2012-548.7
CSC program Applicants, Content Providers and Aggregators should refer to the Act and regulations for a complete description of the Unsubscribe requirements.
Is there more than one way to become CASL compliant?
The Act and regulations establish requirements of general application to all CEMs and do not, in general, prescribe specific methods for CASL compliance. Organizations are free to select any method that adheres to the applicable CASL requirements. CSC Programs, however, must also comply with the Guidelines. You will need to determine potential methods for compliance within your organization that satisfy both CASL (to the extent applicable) and the CWTA Guidelines.
The CRTC notes within their FAQs:
Do the CRTC information bulletins create new legal requirements?
For the purpose of providing guidance, the CRTC issued two information bulletins, namely Compliance and Enforcement Information Bulletin CRTC 2012-548 and Compliance and Enforcement Information Bulletin CRTC 2012-549. These information bulletins are merely guidelines and do not impose binding obligations. They clarify requirements already contained in CASL and its regulations.
Also, the examples provided in these information bulletins are not exhaustive. They are simply examples of recommended or best practices that, in the view of the CRTC, clearly meet the requirements in CASL. Other practices may satisfy legal requirements imposed by CASL. However, their adequacy will be evaluated on a case-by-case basis in light of the specific circumstances of a given situation.

I have a limited amount of characters that I can use when sending a message using a given messaging service (e.g., SMS text message). What should I do if I cannot include all the required information in the commercial electronic message (CEM)?
Where it is not practicable to include this information in the body of a CEM, then a hyperlink to a webpage containing this information is an acceptable practice as long as the webpage is readily accessible at no cost to the recipient of the CEM. The link to the webpage must be clearly and prominently set out in the CEM.
For more information, refer to sections 2 and 3 of the Electronic Commerce Protection Regulations (CRTC) and Compliance and Enforcement Information Bulletin CRTC 2012-548.8

If I am compliant with CASL does that mean that I am also compliant with the CWTA Guidelines?
Not necessarily. The CWTA Guidelines outline specific requirements around consent/opt-in and unsubscribe/opt-out which must be maintained in order for the Program to be compliant with the Guidelines. However, the CWTA Guidelines and CASL differ in certain respects and therefore compliance with one does not guarantee compliance with the other. The CWTA expects that all CSC Programs will comply with both the CWTA Guidelines and any applicable requirements under CASL.
I have questions. Who should I contact?
Information on CASL, including FAQs and other facts, the law and regulations, oversight and management and enforcement can be found at fightspam.ca.
Questions related to the CWTA Guidelines or CWTA processes should be directed to: shortcodes@cwta.ca
Questions related to CASL should be directed to the CRTC.