On December 16th, 2003, President George W. Bush signed the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM) into law. Ten years later, our neighbor to the north has followed suit. Canada’s new Anti-Spam Law (“CASL”) is scheduled to take effect in effect in July 2014, Unlike CAN-SPAM, the CASL applies to non-Canadian emailers that send messages to Canadians, and it is therefore important that U.S. email marketers are aware of its requirements.
1. Opt-Out vs. Opt-In: CAN-SPAM incorporates an opt-out model, in which a business can send promotional emails unless the recipient opts out by informing the sender that he or she no longer wishes to receive them. Consent to receive such emails is therefore a non-issue. In contrast, the CASL features an opt- in model, in which the recipient must affirmatively give the sender express consent via a website click box or similar mechanism.
2. Applicability: CAN-SPAM applies to commercial emails whose “primary purpose” is to advertise or promote a product or service. It does not cover emails that relate to a business transaction or relationship, nor does it cover any other form of electronic message (i.e., texts). The CASL covers “commercial electronic messages” which are defined as “any means of telecommunication, including a text, sound, voice or image message. This broad definition would likely cover customer service messages sent via email or text.
3. Existing Business Relationship: One of the exceptions to compliance with the consent requirements of the CASL is if there is an existing business relationship (EBR) between the parties. The law defines an EBR as a business relationship between the recipient and the sender of the message arising from any of the following activity taking place within the two-year period immediately before the day on which the message was sent:
(a) the purchase or lease of a product or service by the recipient from the sender;
(b) the acceptance by recipient, of a business, investment or gaming opportunity offered by the sender;
(c) the bartering of anything mentioned in paragraph (a) between the recipient and the sender;
(d) a written contract entered into between the recipient and the sender, if the contract is currently in existence or expired within the two-year period; or
(e) an inquiry or application, within the six-month period immediately before the day on which the message was sent, that is submitted by the recipient to the sender regarding any of the above.
4. Unsubscribe Mechanism: CAN-SPAM requires every email to incorporate an unsubscribe mechanism for the recipient to use to opt-out of receiving further emails. The unsubscribe mechanism can be in the form of a “functioning return electronic mail address or other Internet based mechanism” contained within the body of the email, or a “list or menu” from which the recipient may chose not to receive further messages from the sender, and must remain active for the recipient to use for at least 30 days after the original email was sent. The sender of the email must act on the opt-out request within 10 business days of receiving it.
Under the CASL, the unsubscribe mechanism “must be able to be readily performed” such that it “should be accessed without difficulty or delay, and should be simple, quick, and easy for the consumer to use,” and the unsubscribe mechanism must remain active for at least 60 days. The sender of the email must act on the opt-out request within 10 business days of receiving it.
5. Content Requirements: CAN-SPAM requires that an email to include “clear and conspicuous” identification that the message is an advertisement or solicitation, and the postal address of the sender. The CASL requires that the CEM “clearly and prominently” disclose the sender’s name and mailing address, and either a telephone number with an active response voicemail, an email address, or a web address.
6.Liability: Under CAN-SPAM, only regulators and ISP’s who have been “adversely affected by a violation” can take legal action against violators. Like our own Telephone Consumer Protection Act (TCPA), the CASL grants a private right of action to individuals who receive unsolicited emails, and liability may extend to the sender’s directors, officers, and employees.
7.Penalties: The CASL imposes significant monetary penalties for violations, including a maximum penalty of $1,000,000 per violation in the case of an individual, and $10,000,000 per violation for business entities.
In most cases, the CASL is far more restrictive, and the penalties more severe. The private right of action provision may even spawn a cottage industry for consumers and plaintiff’s attorneys, as the TCPA has done here. Email marketers should therefore take special care and scrub Canadian addresses when sending out mass emails or other forms of electronic communication for a commercial purpose.