The industry is abuzz with talk about the Canadian Anti-Spam Law or CASL, which went into effect on July 1, 2014. If you’re a Canadian email sender or you send email to Canadian residents, you’ll need to comply with CASL. This article is intended to help provide you with some guidance for complying with CASL. This article does not constitute legal advice, nor is it intended supplement or otherwise affect your rights or obligations under your service agreement with Dyn, including your obligations under Dyn’s Acceptable Use Policy. If you have questions about CASL or the legality of your sending practices, we encourage you to speak with an attorney who specializes in that subject matter.

I. What’s Covered by CASL?

CASL and its related regulations applies to any “commercial electronic message” sent from or to Canadian computers and devices in Canada; however, electronic messages that are merely routed through Canadian computer systems are not subject to CASL.

A “commercial electronic message” is any message that:

– is in an electronic format, including emails, instant messages, text messages, and some social media communications.
– is sent to an electronic address, including email addresses, instant message accounts, phone accounts, and social media accounts; and
– contains a message encouraging recipients to take part in some type of commercial activity, including the promotion of products, services, people/personas, companies, or organizations.

II. Are there any types of messages that are exempt from CASL?

These types of electronic messages are exempt from CASL for various reasons.

– Messages to family or a person with established personal relationship.
– Messages to an employee, consultant, or person associated with your business.
– Responses to a current customer, or someone who has inquired in the last six months.
– Messages that will be opened or accessed in a foreign country, including the U.S., China, and most of Europe.
– Messages sent on behalf of a charity or political organization for the purposes of raising funds or soliciting contributions.
– Messages attempting to enforce a legal right or court order.
– Messages that provide warranty, recall, safety, or security information about a product or service purchased by the recipient.
– Messages that provide information about a purchase, subscription, membership, account, loan, or other ongoing relationship, including delivery of product updates or upgrades.
– A single message to a recipient without an existing relationship on the basis of a referral. The full name of the referring person must be disclosed in the message. The referrer may be family or have another relationship with the person to whom you’re sending.

If your message does not meet one of these criteria, consent is required under CASL. Please note, however, that just because the above types of messages are exempt from CASL, it does not mean that they are permitted under your service agreement with Dyn. Not all of the message listed above are permitted under Dyn’s Acceptable Use Policy.

III. What is “express consent”?

Under CASL, “express consent” means a written or oral agreement to receive specific types of messages. For example “You want to receive monthly newsletters and weekly discount notifications from Dyn.”

Express consent is only valid if your request for consent clearly and simply describes the following information:

– Your purpose in obtaining consent,
– A description of messages you’ll be sending,
– Requestor’s name and contact information (physical mailing address and telephone number, email address, or website URL).
– A statement that the recipient may unsubscribe at any time.

The requestor can be you or someone for whom you’re asking. If you’re requesting consent on behalf of a client, the client’s name and contact information must be included with the consent request.

IV. What is “implied consent”?

Under CASL, you may only obtain implied consent when certain circumstances exist, including when:

– A recipient has purchased a product, service or made another business deal, contract, or membership with your organization in the last 24 months;
– You are a registered charity or political organization, and the recipient has made a donation or gift, has volunteered, or attended a meeting organized by you; or
– A professional message is sent to someone whose email address was given to you, or is conspicuously published, and who hasn’t published or told you that they don’t want unsolicited messages.

V. What type of consent is required?

Between July 1, 2014 and July 1, 2017, you may continue to send messages to recipients from whom you have implied consent, unless they unsubscribe. After July 1, 2017, you may only send to recipients with express consent or whose implied consent is currently valid under CASL (see item IV – What is “implied consent”?).

VI. Some additional requirements.

In addition to understanding what qualifies as CASL-regulated message, and what type of consent is needed, there are a few other details to keep in mind.

– You must retain a record of consent confirmations.
– When requesting consent, checkboxes cannot be pre-filled to suggest consent. Each subscriber must check the box themselves for consent to be valid.
– All messages sent must include your name, the person on whose behalf you are sending (if any), your physical mailing address and your telephone number, email address, or website URL.
– All messages sent after consent must also include an unsubscribe mechanism, and unsubscribes must be processed within 10 days.

VII. Where can I find more information on CASL?

If you wish to learn more about CASL, you can find the full text of the law here. The Canadian Radio and Telecommunications Commission has also set up an FAQ page and some guidelines for obtaining consent. If you have any questions, we encourage you to contact an attorney who is familiar with the law.

VIII. Dyn’s Acceptable Use Policy.

In many cases, Dyn’s Acceptable Use Policy is more stringent than CASL requirements. It’s important that you review Dyn’s Acceptable Use Policy to help ensure your compliance with our policies.