Skip to Navigation Skip to Content

Canada’s Anti-Spam Legislation (CASL) is a law that prevents businesses from sending unwanted commercial electronic messages to Canadians, whether the sender is based in Canada or not. The law requires businesses to get permission before sending marketing emails or texts, clearly identify themselves, and provide an unsubscribe option. Violations can result in fines up to $1 million for individuals and $10 million for companies per infraction.

Manage data privacy compliance with one tool!

Try GetTerms

The Purpose of CASL

Canada’s Anti-Spam Legislation (CASL) was enacted to shield Canadians from the detrimental effects of spam and the misuse of digital technology. The main goals of CASL include:

  • Reducing unsolicited messages sent to Canadian citizens.
  • Preventing identity theft, phishing, and the spread of malware.
  • Protecting personal information.
  • Promoting trust in the digital marketplace.

Before CASL, Canada was home to several of the world’s largest spamming organizations. By 2019, CASL successfully eradicated any Canadian organization from the list of the top 100 global spammers, showcasing the law’s effectiveness.

What is Spam?

At its core, spam refers to unsolicited electronic messages, commonly emails, but also includes texts, messages through social media platforms, and unwanted software installations. Spam can carry risks like phishing schemes, identity theft, or the distribution of malicious software (malware).

CASL focuses specifically on commercial electronic messages (CEMs), which are communications that promote or encourage participation in commercial activity, even if there’s no expectation of profit.

Key Requirements for sending commercial electronic messages (CEMs)

CASL sets strict guidelines for how businesses can send CEMs. Whether sending emails, texts, or other electronic communications, organizations must follow these key rules:

  1. Obtain Consent
    Before sending any CEM, businesses must receive express or implied consent from recipients. Express consent is when individuals clearly agree to receive messages, such as by checking an opt-in box on a website. Implied consent covers scenarios like existing business relationships.
  2. Provide Clear Identification
    CEMs must clearly identify the sender, including their business name and contact information, so recipients know exactly who is contacting them.
  3. Include an Unsubscribe Mechanism
    Every CEM must have a clear and easy-to-use method for recipients to unsubscribe. Once an unsubscribe request is made, it must be processed within 10 days, and businesses are prohibited from asking for confirmation.

Express Consent vs Implied Consent

One of the cornerstones of CASL is the requirement to obtain consent from individuals before sending them electronic messages. There are two types of consent recognized under CASL:

Express Consent

This is explicit permission provided by the recipient, often in writing or electronically. To be valid, organizations must clearly explain the purpose of the communication, who is seeking consent, and how recipients can opt-out later.

Implied Consent

In certain situations, consent may be implied. For example, if someone has an existing business relationship with the organization, they may be contacted without express consent. Additionally, if a person publicly shares their contact information (such as on a website or business card), implied consent may apply as long as the message relates to the recipient’s business activities.

Exceptions & Exemptions under CASL

While CASL is strict, there are several exemptions to the consent and unsubscribe requirements:

  1. Personal Relationships: Messages sent between family members or close friends are exempt from CASL.
  2. Business-to-Business (B2B): CEMs exchanged between organizations that have an ongoing relationship are also exempt, provided the communication is relevant to that relationship.
  3. Legal Obligations: Certain messages sent to comply with legal obligations (such as a service reminder or warranty notice) are also exempt.
  4. Charities and Political Parties: Registered charities can send CEMs for fundraising purposes without requiring consent, as can political parties when seeking donations.

CASL requirements for businesses in Canada

CASL requires businesses to be more disciplined in their electronic marketing efforts. Organizations must now:

  • Track and Manage Consent: All consents (both expressed and implied) must be documented, with details like the date, time, and method of consent kept for future reference in case a dispute arises.
  • Maintain Good Data Hygiene: Companies benefit from cleaner email lists, meaning better engagement rates. By communicating only with individuals who are interested in their products or services, businesses are more likely to see higher open and click-through rates.
  • Reduce the Risk of Penalties: Non-compliance with CASL can lead to severe penalties, including hefty fines and legal action. For businesses, ensuring CASL compliance protects both their reputation and finances.

How CASL Protects Consumers

Consumers benefit significantly from CASL, as it reduces the number of unwanted and potentially harmful electronic communications they receive. Studies have shown a notable reduction in spam reaching Canadian inboxes since the law took effect. In fact, within the first year of CASL’s implementation, there was a 37% decrease in Canadian-based spam, and the global spam rate dropped significantly in the following years.

Reporting Spam under CASL

The Spam Reporting Centre (SRC) allows Canadians to report unsolicited messages that violate CASL. Between October 2021 and March 2022, Canadians lodged more than 167,000 spam complaints. Most of these complaints involved emails sent without consent, but spam in the form of text messages is also becoming increasingly common. Reporting spam helps authorities take action against offenders and keep the internet safer for everyone.

CASL penalties & fines for non-compliance

CASL imposes strict penalties for organizations that fail to comply with the legislation. Violations can lead to:

  • Fines: Up to $10 million for businesses and $1 million for individuals.
  • Legal Liability: Company officers, directors, and agents can be personally held accountable for CASL violations.
  • Private Right of Action: Starting in July 2017, individuals can take legal action against businesses that violate CASL.

Frequently Asked Questions

  1. What is a CEM?
    A commercial electronic message (CEM) is any message sent electronically that promotes or encourages commercial activity, such as a sales promotion, coupon, or event notification.
  2. What happens if I don’t comply with CASL?
    Non-compliance can result in fines of up to $10 million for businesses, legal actions, and reputational damage.
  3. Do I always need express consent to send a CEM?
    Not always. Implied consent may apply in specific cases, such as existing business relationships or when recipients publish their contact information publicly.
  4. How do I unsubscribe from messages?
    All CEMs must provide a clear and free unsubscribe option, allowing recipients to opt out of future communications without hassle. Organizations must honor these requests within 10 days.

What to do next

Businesses should regularly review their marketing practices and train staff to ensure ongoing compliance with CASL. With the right processes in place, companies can maintain positive relationships with customers while avoiding the costly penalties associated with non-compliance.