|Interview with Shaun Brown, Canadian lawyer practicing at nNovation LLP and Canadian Anti-Spam Law (CASL) expert
These are the opinions of the guest and not that of Harland Clarke. This does not serve as legal advice and is informational only. Facts and circumstances vary, so please seek the advice of counsel on the topics discussed below if you have further questions.
HC: In the lead up to CASL’s final form, what surprised you most about the Canadian government’s approach to promulgating this law?
SB: The fact that it happened at all. It was a big undertaking, and it’s a fairly aggressive approach. When you look at federal privacy legislation, which has been in place for almost 15 years, the government has been working since 2006 to make relatively minor amendments to that law, and it still hasn’t happened.
In the same time period, CASL was drafted from scratch, addressing a variety of issues, and although it draws on the experiences from other countries, it was largely new. So, I think the most surprising thing was the government having the energy to draft and get CASL through the legislative process.
HC: What do you consider to be CASL’s strengths as an anti-spam law?
SB: In many ways, the government tried to capture and reflect industry best practices.
HC: Conversely, what are its weaknesses?
SB: CASL is very prescriptive. It’s a very detailed set of rules for sending email. While spam and malware can bring huge problems/threats, the vast majority of businesses are doing things right, and the emails they send aren’t a huge problem for most consumers. So, we have ended up with a large number of rules, in some cases redundant/overlapping to other laws, which now causes challenges for compliance. For example, there are various requirements for capturing opt-in consent, such as the requirement to provide more specific contact information and telling a person he/she can unsubscribe — these things can be a hassle.
HC: Based on your dialogue with industries and businesses, what are the top misconceptions/questions you heard prior to CASL’s launch?
SB: A lot of people weren’t aware of allowances to transition existing databases, such as the transition provision for extending the time periods for implied consent, and the ability to grandfather those with existing consent obtained in compliance with privacy legislation.
Also, some didn’t understand the breadth of some of the implied consent provisions, specifically within the B2B space. For example, consent can be implied if someone gives you his/her email address, or if he/she conspicuously publishes his/her email address, so long as the information you send is relevant to what the recipient does in his/her business capacity. This can be quite helpful for B2B marketing where you have to essentially “cold call” people by email, which is less appropriate in B2C context.
Another example was how Canadian Radio-television Telecommunications Commission (CRTC) was going to enforce the legislation. With penalties of up to $10 million per violation, there was a lot of concern that the CRTC would begin penalizing everyone for minor violations. This hasn’t been the case.
HC: What are the top misconceptions/questions you heard since CASL’s launch?
SB: Generally the same as pre-launch, but the computer program rules in CASL went into force the week of Jan. 12 of this year. So for some businesses, the focus has moved to these rules, which are potentially more complicated as are the involved scenarios. The software portion of CASL does not impact as many businesses, whereas the anti-spam portions apply to anyone doing email marketing.
The computer rules don’t apply as broadly as a lot of people think at first glance. CASL only applies when a business is installing software on someone else’s computer, not self-installed software. A large number of software programs are self-installed, i.e., apps.
HC: We are six months post-CASL’s official start date (7/1/14). What did you anticipate we’d be experiencing at this point?
SB: I thought we might see a few published enforcement actions by now, although I knew it would take some time. The fact that we haven’t seen anything yet is not a bad thing.
This indicates, to me, that the CRTC investigations are complex, and they’re not coming out looking to tag some bigger business with “borderline” enforcement issues. This suggests that they are looking at the worst behavior going on, and it’s complex with multiple levels and players potentially in various countries.
Of course that is largely speculative at this point. There were comments pre-launch that maybe this was going to dramatically change email marketing, and people weren’t going to use email any more. I haven’t seen any indication of that.
HC: Related to that, what has actually transpired related to CASL enforcement thus far?
SB: The indications, so far, are that the CRTC is going to tend to be reasonable, and for the time being focus on the worst actors causing actual harm to consumers.
HC: Looking ahead, what do you anticipate we’ll have seen occur when we reach the first anniversary of CASL’s launch?
SB: More of the same. We could see some enforcement actions based on my assumptions about the type of situations being investigated. I don’t know if that’s going to result in guidance to the average email marketer however.
For example, there are outstanding questions about what constitutes a Commercial Electronic Message (CEM) vs. a transactional message. I don’t know if the CRTC is focusing on those types of specific questions/scenarios. I don’t think they’re focused on things that impact the day-to-day reality of marketers. I could be wrong, but don’t expect to see anything that will dramatically impact what email marketers are doing in the next six months.
Shaun, I want to thank you for taking some time to talk with me and share your thoughts on CASL with our readers.
UPDATE: Following my interview with Shaun, the first CASL enforcement has coincidentally occurred.
CRTC Chief Compliance and Enforcement Officer issues $1.1 million penalty to Compu-Finder for spamming Canadians