The CRTC just released a new FAQ on CASL, replacing the old one that it released in December 2013 (“December FAQ”). Those hoping the CRTC would take this opportunity to clarify some of the more vexing aspects of CASL and the accompanying Guidelines will be disappointed, as the new FAQ largely incorporates and reiterates material found in the Guidelines and the Regulatory Impact Assessment Statement.
While there are few new tidbits, in some key respects the new FAQ only further muddies the waters. Below are some select issues.
What’s New and/or Clearer
There are a few new or expanded points to note:
- The new FAQs make it repeatedly clear that whether or not a message is or is not compliant will be determined “on a case-by-case” basis. This will be no comfort to businesses which are attempting to achieve a degree of certainty in their business processes.
- A computer system located in Canada must be used to send or access a commercial electronic message (“CEM”) in order to be caught by s. 6 of CASL. Simply routing a CEM through Canada will not be sufficient to engage s. 6 of CASL.
- The “personal relationship” exemption is restricted to actual persons; corporate persons are excluded. In addition, personal relationships require real identities be used; aliases, avatars, and virtual identities will not be sufficient. Likewise, a personal relationship cannot be established merely by a connection through social media.
- Direct messages sent within social media sites are CEMs, but will be exempt from the requirements of s. 6 of CASL if there are adequate information and unsubscribe mechanisms available in the user interface of such sites.
- The Guidelines have been clear that when a CEM is sent on behalf of multiple persons, such as affiliates, all of these persons must be identified in the CEM. What hadn’t been clear was whether intermediaries or marginal participants in the sending of a CEM needed to be identified. In the new FAQs, the CRTC goes a few steps further with some language that will be of particular interest to messaging service providers (emphasis added):
…only the persons who play a material role in the content of the CEM and/or the choice of the recipients must be identified. For example, an email service provider that provides a service to its clients to send emails, where the email service provider has no input on the content of the message, nor on the recipient list, does not need to be identified in the CEMs sent by clients using its service.
The FAQs are quick to point out, however, that the email service provider continues share responsibility for ensure compliant consent and unsubscribe mechanism.
What’s Still Muddy and/or Muddier
Grandfathering of Express Consents
Whether or not pre-July 1, 2014 express consents will be grandfathered once CASL comes into force is a question of great concern (and significant business implications) to companies.
The December FAQ said the following on grandfathering express consents (emphasis added):
If you obtained valid express consent prior to CASL coming into force, you will be able to continue to rely on that express consent after CASL comes into force, even if your request did not contain the requisite identification and contact information. However, all CEMs sent after CASL comes into force must contain the requisite information, meet all form requirements and contain an unsubscribe mechanism.
The new FAQ departs from this and states (emphasis added):
In contrast, express consent does not expire after a certain period of time has passed. If you obtain valid express consent before July 1, 2014, then that express consent remains valid after the legislation comes into force. It does not expire, until the recipient withdraws their consent.
Companies with pre-July 1, 2014 PIPEDA-compliant or common law-compliant consents were hoping for greater clarity, and perhaps a more definitive statement that these consents will be grandfathered.
Companies are now left uncertain as to whether the new FAQs are a departure from the previous understanding of what types of consents would be grandfathered.
Encouraging Participation in a Commercial Activity
The December FAQ offered some insight on how to determine if a message was a CEM. The key question, according to the December FAQ, was (emphasis added) “whether it would be reasonable to conclude that the purpose or one of the purpose of the message is to encourage participation in a commercial activity.”
What was missing from this statement was any indication of the required nexus between the message and the encouragement. Did a message have to encourage the recipient to participate in a commercial activity? Or was the net broader than just the recipient, and any message which encouraged participation by anyone in a commercial activity was caught?
The new FAQ seems to address this, and claims the key question now is whether (emphasis added) “one of the purposes [is] to encourage the recipient to participate in commercial activity.” While this narrowing of scope may have companies breathing a sigh of relief, it is worth noting that CASL uses the broader language, the FAQ itself uses both terms, as does the RIAS. Nonetheless, while ambiguous, the guidance in the FAQ suggests that the nexus between the commercial activity and message is not infinite.
There is some helpful material in the new FAQs, in large part because they consolidate information in one place. However, on certain key questions no clarity has been achieved and other significant concerns of business were simply not addressed.
For instance, many were hoping that this new CRTC FAQ would help clarify the “6(6)” issue. The “6(6)” issue stems from the fact that only electronic messages with commercial content are caught by CASL; the corollary is that messages without any commercial content ought not to be CEMs. Yet in s. 6(6) exemptions from consent are provided for a number of “commercial electronic messages” regardless of the fact that most would appear to have no commercial content (e.g. invoices, warranties, confirmations of transaction, etc). This has sparked questions about whether these types of messages are CEMs or not. Unfortunately, the FAQ provides no new guidance on this topic.
Many had also hoped that the CRTC would provide clarification as to whether the B2B exemption would apply to CEMs sent to “organizations” where the recipient organization is a sole proprietorship (such as in CEMs sent to independent sales represents who resell products of a distributor/manufacturer). Again … silence on this point.