Tuesday, July 5, 2011
The Canadian Radio-television and Telecommunications Commission (CRTC) released its “Call for comments on draft Electronic Commerce Protection Regulations” on June 30, 2011. The Call for Comments stands in roughly the same place as a United States government agency’s Notice of Proposed Rulemaking. They are the CRTC’s notice that they have figured out what rules they want people to follow under a specific statute. In this instance, we’re talking about Canada’s Anti-Spam Law (CASL), which was given royal assent on December 15, 2010.
The Call for Comments does not give any explanations for the things that the CRTC proposes. It does lay out its authority to act and summarize what is being proposed. The actual proposed rule is attached as an appendix in the link above, and is short and to the point.
So, what do you need to know? First of all, you need to know that this is a consent-based law. As a rule, you should not assume consent (although there are provisions for implied consent within the law). This much is made clear by the method that is laid out for the granting of consent. The CRTC wants to see the following bits of information in a request for consent:
- The identity of the person seeking consent.
- If consent is being requested on behalf of another person, then that person must also be identified.
- If either of those entities is doing business by a different name, then that name must also be identified.
- The complete contact information of anyone required to be identified. This would include physical and mailing addresses, telephone numbers, email addresses, and web addresses.
- A statement that consent can be withdrawn at any time by using the contact information provided in the statement seeking consent.
Next, a message’s unsubscribe mechanism must be set out “clearly and prominently” and unsubscription must take less than “two clicks.” I think that this part is a bit vague, and it is in places like this where I would have liked that CRTC to have provided some explanation and insight into what they are looking for. For instance, if I click through from an email to an unsubscribe page, is that one click? Or does the count start when I arrive on the page? Even though a well-designed unsubscription form will not require many clicks, do any clicks required to express preferences (i.e.: clicking “unsubscribe from all”) count against that two click maximum? The CRTC doesn’t say.
Looking at the actual messages being sent, the CRTC wants an email to actually show all of the identification and contact information required to be present when consent was first obtained. However, they are willing to be somewhat lenient on that. If it is not practicable to include all of that information as well as the unsubscription mechanism that CASL demands, then they say that it is okay to put that information on a web page “accessed by a single click” or some other similarly easy method that does not cost the recipient anything to view.
And finally, the question that seems to be on everyone’s minds: When does this go into effect? Folks have been saying to wait for the rules to come out. Well, these rules are now out, and say that they will go into effect when they are registered. The last day for comments is August 29, 2011. So, it looks like the answer may be as early as September, but there will likely be several weeks lag after the comment period ends to give the CRTC time to read and evaluate any comments that come in.
Our team is continuing to monitor this law as it develops.
Note: I am not an attorney licensed to practice in any jurisdiction. I can only provide my own understanding as an expert in email related issues. For actual legal advice, you need to pay an attorney for his time so that the vagaries of the law as they may apply in your specific circumstances can be accounted for.