Skip to main content

Keeping an eye on Canada's tough anti-spam law

North American marketers take note:  Canada is set to finalize one of the toughest anti-spam laws in the world.   Canada had fallen behind when it came to introducing anti-spam legislation, but it is now making up for lost time.  Ottawa's new Bill C-28-- known as "CASL" and expected to be finalized early in 2013 -- has severe fines for violations and is viewed by many as too tough.

In a nutshell, CASL requires a business to obtain express or implied consent from the recipient before it sends out commercial electronic messages.  CASL is not limited to email; consent must be given for any electronic message, which could also include messages sent via social media, text messaging, instant messaging, sound or video.

It applies to all messages sent from, or received in, Canada, which means American firms marketing in Canada fall under its jurisdiction. A recent study found 60 per cent of American marketing executives were completely unaware of the new law.

Individuals who breach the law can face penalties of up to $1 million, while corporations are liable for as much as $10 million. Officers and directors may also be held liable if they participated in, or acquiesced to the breaches. The act also creates a private right of action for CASL violators, paving the way for potential anti-spam class actions, with remedies capped at $1 million per day.

The Canadian law is more stringent than its U.S. counterpart, 2003’s CAN-SPAM Act, meaning most U.S. firms will not be compliant when CASL comes into force. CAN-SPAM allows companies to send messages unless consumers opt-out with an unsubscribe mechanism. CASL reverses the onus, requiring recipients to opt-in by consenting up front.

Our friends at Canadian law firm Blakes have put up an excellent microsite resource containing a wealth of information on CASL.



Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.