Canada has been called the “Great White North,” but starting July 1, it’s also poised to become the Great Spam-Free North.
That’s when Canada’s Anti-Spam Legislation (CASL) – one of the toughest laws of its kind in the world – reaches the end of a three-year transition period and its “private right of action” provisions take effect.
This means anyone who receives an unsolicited commercial electronic message — including emails, text messages, instant messages, and direct messages on social media — can pursue legal action against the sender. Fines are $200 per message, in addition to millions of dollars in penalties that the Canadian Radio-television and Telecommunications Commission can impose.
CASL’s impact stretches well beyond Canada’s borders because it applies not only to Canadian commercial email marketers but to those elsewhere sending messages to Canadian subscribers – so in effect anyone doing business in Canada (with some exceptions for political parties and charities). This means the stakes are high for marketers in the neighboring United States and around the world.
Under CASL, a business cannot send an email without explicit opt-in consent from the recipient or an existing relationship defined by certain parameters, such as a purchase in the preceding two years or an inquiry in the last six months.
Enforcement of CASL comes as marketers are grappling with the coming General Data Protection Regulation (GDPR), tough new rules governing how companies use an individual’s personal information, including email addresses, in the 28 European Union countries. GDPR becomes enforceable, with heavy fines, beginning May 25, 2018.
Between these two alphabet-soup laws, the days of unsolicited, non-opt-in emails could be coming to an end. In fact, the United States, unless new rules are enacted (which seems unlikely in the current political environment) could be left as the only major country lacking a nationwide anti-spam law mandating an opt-in.
CASL forces companies to perform the mammoth task of sifting through enormous databases of contacts and obtaining express consent for sending future communications.
The law also means marketers need to be asking a handful of questions:
- Does their communication ask for permission to send future electronic messages?
- Does it show that the recipient can easily unsubscribe at any time, preferably with one click?
- Does the company regularly test the unsubscribe function to make sure it’s working properly?
- Does the communication include the sender’s email address, phone number, and physical address?
- Is there a process for documenting when a recipient does or does not give consent? Is the company keeping good records of opt-ins and opt-outs?
The law also makes it necessary for companies to keep their databases up to snuff and properly account for people who have consented to receive messages and those who need to be purged.
CASL is good news for consumers tired of the spam flooding their inboxes and devices. It won’t be easy for companies to implement the new rules, but they should be okay as long as they design and implement strict processes and make sure that permission is the crucial watchword from July 1 forward.
David Fowler is Head of Privacy and Digital Compliance at Act-On Software, a marketing automation provider.