Legal Definitions - Canadian Anti-Spam Law of 2010: Introduction and Abbreviations

CASL stands for the Canadian Anti-Spam Law.

Enacted in 2010, CASL is a comprehensive piece of legislation designed to protect Canadians from various forms of electronic threats, including unsolicited commercial electronic messages (often called "spam"), malware, and other online deceptions. Its primary goal is to regulate the sending of Commercial Electronic Messages (CEMs) and the installation of computer programs. The law aims to ensure that individuals and organizations only receive electronic communications they have consented to, thereby fostering trust in the digital economy and reducing the costs and nuisances associated with unwanted electronic messages.

Key requirements under CASL include:

• Obtaining consent (either express or implied, under specific conditions) before sending a CEM or installing a computer program.
• Clearly identifying the sender of the message or the installer of the program.
• Providing an easy-to-use unsubscribe mechanism in every CEM, allowing recipients to opt out of future communications.

Here are some examples illustrating how CASL applies:

• Example 1: Promotional Email Newsletter

  A Canadian online bookstore wants to send its customers a weekly email newsletter featuring new releases and special discounts. Under CASL, the bookstore must have obtained proper consent from each customer to receive these promotional emails. This consent could have been gathered when a customer made a purchase (which might provide implied consent for a limited period) or, more robustly, by having them actively check a box on the website to subscribe to the newsletter (express consent). Each newsletter email must clearly state that it is from the bookstore, provide its contact information, and include a functional "unsubscribe" link that allows recipients to easily stop receiving future messages.

  How it illustrates CASL: This scenario directly addresses CASL's core requirements for sending Commercial Electronic Messages: obtaining consent, clearly identifying the sender, and providing an unsubscribe option.

• Example 2: Software Installation with Hidden Features

  A software company offers a free desktop application designed to organize digital photos. When users download and install this application, the installation process also secretly installs a separate program that monitors the user's internet browsing habits and sends data back to the company for market research, without clearly disclosing this additional functionality during installation. Under CASL, the company would be in violation. While users might consent to the photo organizing software, they did not provide explicit consent for the installation and operation of the separate browsing tracker. CASL requires clear disclosure and consent for all functionalities of any computer program being installed, especially those that might be unexpected or intrusive.

  How it illustrates CASL: This example highlights CASL's regulation of computer program installation, emphasizing the need for clear disclosure and explicit consent for all functionalities, particularly those that go beyond the user's reasonable expectations.

• Example 3: Business-to-Business (B2B) Sales Outreach

  A marketing agency in Vancouver wants to reach out to potential corporate clients in Toronto to offer its services. An employee finds a list of company email addresses online and begins sending unsolicited emails pitching the agency's expertise. Even though these are business-to-business communications, CASL still applies. The agency must have either express consent from each recipient or be able to demonstrate an existing business relationship or other specific exemption that allows them to send the CEM. Simply finding an email address online does not constitute consent. Each email sent must still clearly identify the marketing agency, provide its contact details, and include an unsubscribe mechanism.

  How it illustrates CASL: This demonstrates that CASL applies broadly to commercial electronic messages, including those sent between businesses, and that consent or a valid exemption is required even for B2B outreach.