How do you say CAN-SPAM in Canadian?
February 27, 2014
Speakers
Xavier Beauchamp-Tremblay
Lawyer, Trade-mark Agent, Norton Rose Fulbright Canada
Xavier Beauchamp-Tremblay practises in all areas of intellectual property law and
advertising law. He focuses primarily on matters pertaining to advertising,
copyright and trade-marks, including the management of trade-mark portfolios and
the commercialization of intellectual property rights.
2
Copyright © 2014 Norton Rose Fulbright
Speakers
Christine Carron
Senior Partner, Norton Rose Fulbright Canada
Christine Carron practises primarily in corporate and commercial litigation and in the
areas of banking, privacy, product liability, consumer protection and e-commerce. She is
chair of our Canadian privacy and access to information team. She has been involved in
a wide range of commercial litigation, including the defence of class actions in the
financial services, retail and tobacco industries and represents corporate clients in
disputes involving damages for breach of commercial contracts or for latent defects and
in shareholder disputes.
Ms. Carron also acts as defence counsel in major class actions. She has represented
clients in parliamentary commissions on the adoption and amendment of Quebec’s
privacy legislation for the private sector and participated in the consultation process for
Quebec’s legislation on new technologies.
Ms. Carron is chair of our Canadian Pro Bono Committee.
3
Copyright © 2014 Norton Rose Fulbright
Speakers
Sue Ross
Sr. Counsel, Norton Rose Fulbright United States
Sue Ross joined the New York office as senior counsel in 2007. Sue's extensive
experience with technology and technology contracts includes negotiating, drafting,
and interpreting computer hardware and software, consulting, outsourcing, Internet,
electronic signatures, web hosting, application service providers and non-disclosure
agreements, many of which were for a federal government contractor.
Another area Sue handles is US privacy matters, including CAN-SPAM, security
breach laws, Gramm-Leach-Bliley and HIPAA. She is experienced counseling
clients on advertising and contests and sweepstakes matters.
4
Copyright © 2014 Norton Rose Fulbright
E-Mail and Privacy
 Mid-1990s, unsolicited commercial e-mails were rapidly
increasing and states began enacting laws, with Re: line
(“ADV”), no false origin, and opt-out requirements – differed
between and among states
 Congress reacted with CAN-SPAM in 2003
(15 U.S.C.
§§ 7701-7713)
 This law and the FTC’s regulation (16 CFR Part 316)
• Establish requirements for senders of commercial e-mail
• Include penalties – up to $16,000/violation
• Give consumers opt-out rights
5
Copyright © 2014 Norton Rose Fulbright
CAN-SPAM
 What’s the acronym stand for?
Controlling the Assault of Non-Solicited Pornography And Marketing Act
of 2003
 The law covers e-mail whose primary purpose is
advertising or promotion a commercial product or service,
including content on a web site
 Generally exempt from CAN-SPAM are “transactional or
relationship messages,” facilitating an agreed upon
transaction or updating a customer in an existing business
relationship—but even these are prohibited from using false
or misleading routing information
6
Copyright © 2014 Norton Rose Fulbright
CAN-SPAM (continued)
 Contains broad pre-emption language, providing national
standard
 State laws relating to fraud and computer software (e.g.,
viruses and other malware) are likely NOT pre-empted.
 5 Basic Requirements
– Accurate header information
– Not have false or misleading subject lines
– Contain a valid physical postal address
– Provide the user with functional “opt out” ability
– Prohibition on contact after “opt out”
 Special requirements for sexually explicit e-mails
7
Copyright © 2014 Norton Rose Fulbright
Opt-Out/Opt-In
 Opt Outs
– Opt Out ability must remain functional for at least 30 days after
sending the e-mail message
– Senders have 10 business days to halt e-mails once user sends “opt
out”
 Wireless phones and other mobile devices are
OPT IN only
• Applies to electronic messages to cell phones if the message
uses an Internet address that includes an Internet domain
name
• Exception for “established business relationship”
8
Copyright © 2014 Norton Rose Fulbright
CAN-SPAM Summary
U.S.
Consent required to send first unsolicited e-mail?
Content requirements for e-mail?
Opt-out/unsubscribe required in each e-mail?
How quickly must the opt-out be honored?
No
Yes
Yes
10 business days
How long must the opt-out function work?
30 days
Consent presumed for existing business relationship (a “soft n/a
opt-in”)?
9
Can e-mails be sent to personal e-mail addresses?
Do opt-outs affect affiliates or different brands?
Yes
Depends
“sender”
Are there requirements for purchasing third party lists?
FTC action
Copyright © 2014 Norton Rose Fulbright
upon
Privacy legislation in Canada:
 Canada has general privacy legislation that applies to all
commercial relations with an individual and highly regulates
the collection, use and disclosure of personal information
 CASL – the acronym for Canada’s anti-spam legislation, is
another facet of privacy legislation but it applies not only to
individuals but also to B2B relationships
 Most of its provisions will come into force July 1, 2014 – so
you need to be prepared!
10 Copyright © 2014 Norton Rose Fulbright
To whom does CASL apply and to what media?
 As noted, CASL applies B2B as well as to communications
with consumers
 What kinds of communications?
 Not to telephone communications – just yet –it will likely
apply to those communications in the future, like robo-calls
and voice-mail messages, once the government decides
how to integrate Canada’s legislation respecting “do not
call” lists into the general CASL scheme
11 Copyright © 2014 Norton Rose Fulbright
To whom does CASL apply and to what media?
 This future regulation of telephone voice communications is
apparent from the fact that CASL contains a provision
repealing
its
own
provision
exempting
these
communications from the application of CASL!
 Other than voice communications, CASL applies to all
electronic messages: text, SMS, twitter, Facebook, emailyou name it - that are commercial in nature!
 But don’t be fooled: the definition of commercial messages
is quite broad and encompasses not-for-profit commercial
electronic messages, like solicitations for charitable,
political purposes or for clubs, associations or professional
organizations as well as gaming and bartering activities
12 Copyright © 2014 Norton Rose Fulbright
What does CASL mean for most businesses?
 First, save for certain exceptions noted in the chart, it means that
all your electronic messages must contain an unsubscribe
mechanism whose function complies with the regulations and
contains the information required by the regulations
 What are these unsubscribe requirements? See line 04 of table:
 Almost every electronic message sent for commercial purposes like marketing – can only be sent with the consent of the
intended recipient: so ask yourself if the electronic message is
being sent for one of the purposes described in the last line of
the first page of our chart
13 Copyright © 2014 Norton Rose Fulbright
What does CASL mean for most businesses?
 If the message is for one of these purposes you will need
consent from the intended recipient before you send your
email
14 Copyright © 2014 Norton Rose Fulbright
What kind of consent will you need?
 Consent can be either express or implied and in all cases
must be obtained in the way dictated by the legislation
 Express consent means just that: it is an opt-in consent (as
opposed to opt-out or toggling), and at the time consent is
given, you must explain the type of emails the recipient is
consenting to receive
o Consent must be sought separately:
 Requests for consent cannot be subsumed in, or bundle with,
requests for consent to the general terms and conditions for use
or sale.
 Consumers should be allowed to grant their consent to the terms
and conditions of sale while refusing to grant their consent for
receiving messages.
15 Copyright © 2014 Norton Rose Fulbright
What kind of consent will you need?
 In other words the purpose for which emails will be sent must be
clearly explained in a transparent manner, without resort to
euphemisms like “for the purpose of better serving you and
responding to your needs”
 Once that consent is obtained, emails can be sent only for the
purposes explained to the intended recipient
 Organizations bear the burden of demonstrating consent. When
consent is obtained orally, the CRTC considers that the following
forms are sufficient to discharge the onus:
o Where oral consent can be verified by an independent third party.
o By retaining a complete and unedited audio recording of the
consent.
16 Copyright © 2014 Norton Rose Fulbright
What kind of consent will you need?
 That is fairly onerous, so are there any circumstances in which
you can send an electronic message without specific consent?
 We mentioned earlier “implied” consent: the legislation specifies
when – and only when - consent will be implied and you cannot
argue that it will be implied in circumstances not contemplated by
the legislation
17 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
 These are explained in line 2 of the chart
 One of the situations in which consent is “implied” within the
meaning of the legislation is where there is an existing
business relationship:
o That is described in the first box of line 2 of the chart:
o However, you must keep in mind the transitional
provisions of the law which are described in the
footnote
18 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
o What these provisions mean is that if you have business
relationship any time before 2017 and you have sent an
electronic commercial message to the intended recipient
of your email, you can send your email, if it has an
unsubscribe mechanism, to the intended recipient
o After 2017, however, you need to have had an existing
relationship with the intended recipient in the previous
two years in order to send your email
o Practically speaking, this means you need to keep
track of when your last contract, subscription or dealing
was with the intended recipient, and the date the
contract or subscription expired
19 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
 There are other useful situations in which consent will be
implied:
o These are listed in the box 2 of line 2 of the chart:
o Up until 2017, you can respond, by including an
unsubscribe mechanism, no matter when the inquiry or
application was received
o After that date, the inquiry or application must have been
received within the last six months
20 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
 There are still other useful circumstances in which consent
will be implied:
o They are described in boxes 3 and 4 of line 2 of the
chart
o So if the address was conspicuously published, or it
was given to you by the intended recipient AND there
was no mention that the person did not want to receive
unsolicited electronic messages, AND the intended
recipient has not otherwise told you they did not want to
receive your messages, you can send your message
with an unsubscribe mechanism
21 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
o So practically speaking, this means that you need to
keep track of how you got the intended recipient’s
email:
 Were you data mining public sites where it was
published without restriction on use an your electronic
message relates to the recipient’s functions or
activities?
 Were you at a trade show and the recipient gave
you his or her card in exchange for the chance to
win an iPad and your message relates to the
recipient’s functions or activities and the recipient has
not told you they don’t want to receive your
messages?
22 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
 Referrals (line 08, box 5): You can send one email.
 There are other times when consent will be implied for charitable,
political or other not-for-profit activities and of course, there are
times when you will need to send a message as a result of a legal
obligation or where you have a family or personal relationship (if the
message is sent under the personal name of the person having a family
or personal relationship).
 Finally, there are a limited number of exceptions where consent is
not required, i.e. when the message answers to an information request
from a consumer (box 1 in line 06) or when it relates immediately to a
product or service that has been purchased by a consumer (boxes 2 to
4 in line 06), e.g. when the message completes or confirms an online
transaction, provides warranty information or sends an update the
recipient is entitled to receive under a subscription.
23 Copyright © 2014 Norton Rose Fulbright
In what circumstances will consent be implied?
 You can look at these on the chart and ask us questions at
the end of our presentation but before you ask your
questions, we would like to talk to you about some of the
sanctions for not complying with the legislation because
they are heavy
24 Copyright © 2014 Norton Rose Fulbright
What are the sanctions for non-compliance?
 There are two types of remedies:
o Administrative sanctions for sending emails which do not
comply with the legislation and
o A private right of action, including a class action, for the
same reason
25 Copyright © 2014 Norton Rose Fulbright
What are the sanctions for non-compliance?
 An important thing to note is that you can eliminate the
threat of a private right of action, including a class action, if
you negotiate with the regulator (the CRTC) a voluntary
undertaking to comply with the legislation and fix the
problem leading to non-compliance BEFORE a private
citizen sues you
 Therefore there is a strong incentive to go to the regulator,
once you realize you have breached the law, and negotiate
a deal
26 Copyright © 2014 Norton Rose Fulbright
How much are the administrative penalties?
 The maximum administrative monetary penalties are:
o $1 million per violation for an individual;
o $10 million per violation for corporations
 It is noteworthy that the amount of the penalty is to be set
by taking into consideration that the purpose of the penalty
is to encourage compliance, not to punish
27 Copyright © 2014 Norton Rose Fulbright
Other compliance tools
o Issuance of notices to produce documents to verify
compliance with CASL
o Issuance of warrants
o Injunctions
o D&O liability
o Due diligence is a defence
28 Copyright © 2014 Norton Rose Fulbright
Questions?
29
Disclaimer
Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP, Norton Rose Fulbright South Africa (incorporated as Deneys Reitz Inc) and Fulbright & Jaworski LLP,
each of which is a separate legal entity, are members (“the Norton Rose Fulbright members”) of Norton Rose Fulbright Verein, a Swiss Verein. Norton Rose Fulbright Verein helps coordinate the
activities of the Norton Rose Fulbright members but does not itself provide legal services to clients.
References to “Norton Rose Fulbright”, “the law firm”, and “legal practice” are to one or more of the Norton Rose Fulbright members or to one of their respective affiliates (together “Norton Rose
Fulbright entity/entities”). No individual who is a member, partner, shareholder, director, employee or consultant of, in or to any Norton Rose Fulbright entity (whether or not such individual is
described as a “partner”) accepts or assumes responsibility, or has any liability, to any person in respect of this communication. Any reference to a partner or director is to a member, employee or
consultant with equivalent standing and qualifications of the relevant Norton Rose Fulbright entity.
The purpose of this communication is to provide information as to developments in the law. It does not contain a full analysis of the law nor does it constitute an opinion of any Norton Rose
Fulbright entity on the points of law discussed. You must take specific legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your
usual contact at Norton Rose Fulbright.