What Businesses Should Know About Canada's New Anti-Spam And Anti-Spyware Laws: Implications For Electronic Communications


On December 15, 2010, anti-spam and anti-spyware legislation passed in Canada (Bill C-28, Fighting Internet and Wireless Spam Act). Expectations are that the law will be brought into force sometime this year. The law aims to deter the most damaging and deceptive forms of spam, such as identity theft, phishing and spyware, and to help drive spammers out of Canada. However, its reach is much broader, and it is likely to affect most businesses that market to Canadians. Businesses have a few months to prepare for the law's wide net, to set policies and shore up consent to sending emails, etc., to their marketing lists.

With few exceptions, any commercial electronic message sent without consent and that is not in the prescribed format will be considered spam. This includes emails, instant messages, messages sent through social media sites and texts.

Consent may only be implied in a narrow set of circumstances, and otherwise must be express (i.e. recipients need to opt-in). Generally a message requesting consent to send emails, texts, etc., will itself be considered spam. For express consent, the opt-in must: (1) identify why consent is being sought, and (2) identify the person seeking consent as well as the person on whose behalf consent is being sought, along with other prescribed information. Consent may be implied where there has been an existing relationship in the past two years, and if an address is conspicuously published without a statement to not send unsolicited messages, and the communication relates to that person's business. If there is a personal relationship, communications are exempt, so viral marketing is not affected. Faxes, voice recordings and messages subject to Canada's "Do Not Call" legislation are also exempt. There are other exceptions, and some will be set out in the regulations.

Electronic messages must: (1) identify the person who sent the message; (2) provide contact information for the sender (that is valid for at least 60 days); and, (3) set out an unsubscribe mechanism. The unsubscribe mechanism must enable opt-outs using the same electronic means by which the message is sent, and give a link or address to opt-out.

Bill C-28 also prohibits false or misleading representations in electronic messages, including in subject lines and headers. So marketers will need to be mindful to ensure teasers in subject lines and...

To continue reading