Sunday, October 14, 2012
Earlier this year, I told you that the Canadian Radio-television and Telecommunications Commission (CRTC) had issued final regulations regarding its part of implementing Canada’s new anti-spam law (CASL). The CRTC issued two new, additional sets of guidelines regarding those rules on October 10, 2012. If you haven’t read the previous post concerning those requirements, you should probably read that first (and even if you have, you might want to review it before continuing).
In “Compliance and Enforcement Information Bulletin CRTC 2012-548,” the CRTC sets out guidelines regarding who and what has to be identified in a commercial electronic message, the format an unsubscribe mechanism can take, information that needs to be included in a request for consent to send commercial electronic messages, and consent requirements material to computer programs.
I think that “Compliance and Enforcement Information Bulletin CRTC 2012-549” can fairly be called the death knell of the pre-checked box as a means of gathering consent to send commercial messages in Canada. This bulletin deals solely with how to use check boxes and form fields in order to obtain consent.
There isn’t a whole lot to the introductory material except to point out that paragraph 4 reminds the reader that the earlier regulations remain operative and will come into force on schedule. This document is really intended to provide guidelines for clarification and guidance in interpretation of the regulations issued earlier this year, so nothing has changed.
Section 2 of the CRTC’s regulations require that a message give some identifying information concerning the sender, and in some cases, the person on whose behalf the message is sent. The CRTC clarifies that to say that this does not include “persons situated between the person sending the message and the person on whose behalf the message is sent.” They give an example of someone who facilitates the distribution of a message but does not have a role in the content of the message or the selection of the recipients of the message.
Among the items of information required to be included in a commercial electronic message is the address of the sender (and the person sending the message, if applicable). These guidelines clarify that requirement in a way that brings it solidly into line with what most North American marketers are accustomed to with life under CAN-SPAM in the United States by allowing just about any valid postal address to be used as long as it remains valid for at least 60 days after the message is sent.
The CRTC’s regulations provided the somewhat squishy standard of “must be able to be readily performed” in order to be compliant. These guidelines clarify that somewhat. They give an example of what is essentially a subscriber subscription center. The mandate is very close to what North American marketers are accustomed to with life under CAN-SPAM: the subscriber should be able to opt-down or completely opt-out from all mailings from this page. The CRTC will be looking for something that is “accessed without difficulty or delay” and that is “simple, quick, and easy for the consumer to use.”
If you are sending SMS messages, then the guidelines look to be requiring the use of both the keyword “STOP” and “Unsubscribe” in order to opt-out of further messaging. If your marketing program is already following the Mobile Marketing Association’s best practices guide, then this something that you will find covered in Section 1.6-2. If you are using an ExactTarget shared short code, this is already taken care of for you.
If you are covered by the requirement to gather different types of consent separately, the CRTC has good news for you. The consent requests can all happen on the same form, at the same time, but they must all be separately agreed to using individual check boxes. The guidelines have a couple of example screens that you can look at to make sure that you know exactly what the CRTC is thinking about here.
If you are trying to obtain consent, CASL lays the burden of proof on the marketer to prove that consent exists. When it comes to obtaining consent orally, such as at point of sale or over the telephone, the CRTC is looking for something that can be verified by an independent third party or where a complete and unedited audio recording is retained. This makes the use of oral consent for mailing to Canadian recipients considerably more difficult to accomplish.
Consent that is obtained “in writing” can happen on paper or electronically. When obtaining consent electronically, marketers should keep the date, time, purpose, and manner of consent at a minimum. The content of paper forms are not covered in the guidelines, but should probably contain the same information that you would keep electronically. Marketers who are collecting consent at point of sale in a bricks-and-mortar store should probably prefer the use of a paper form to trying to figure out how to maintain and verify oral consent information.
The second bulletin released by the CRTC provides guidelines on the use of what they refer to as “toggling.” What they are referring to is the use of a check box to obtain consent. The rule that they have developed in this bulletin is pretty simple: The subscriber needs to take an action to extend consent, not to revoke it.
I think that it’s fair to say that this bulletin spells the death of the use of the pre-checked box as a means of gathering consent to market to Canadians. The CRTC considers the use of a pre-checked box to be, in essence, an opt-out mechanism and states that “express consent cannot be obtained through opt-out consent mechanisms.”
Do you have questions about how this might impact you and if your existing programs need to change the default states of their check boxes? The CRTC has helpfully provided examples in the guidelines which clearly demonstrate both what they do and do approve of.
Keep checking back as our email deliverability team continues to monitor this law as it develops.
Note: I am not an attorney licensed to practice in any jurisdiction. I can only provide my own understanding as an expert in email related issues. For actual legal advice, you need to pay an attorney for his time so that the vagaries of the law as they may apply in your specific circumstances can be accounted for.