COVID-19 and Canada’s anti-spam law CASL
Since going into social isolation and working from home I have been inundated by unsolicited emails. Many of these are from businesses I have never heard of or dealt with before. They offer goods or services that directly or indirectly relate to the COVID19 pandemic – how to get stuff delivered to your house, how to order that, how to entertain your kids, how to get virtual care, how to stay connected…. Many of these messages come from organizations trying to survive during this crisis, businesses announcing an adapted online or virtual business model, organizations truly trying to be helpful, or attempting to be relevant and discovered. Increasingly, they are using email marketing as a way to stay connected in a time of quarantine.
I’m sure you have noticed the same thing. You know what I mean – you have undoubtedly been getting many of these unsolicited commercial electronic messages also. Like me, I’m sure you find some useful. Others maybe not so much. But, if you’re like me, you know what’s going on and likely read some or just delete those that are not of interest.
The sad reality is that just about all of these emails are illegal under Canada’s anti-spam law, CASL. CASL bans sending “commercial electronic messages” (CEMs) without consent. Even asking for consent to send them is illegal. The definition of CEM is dramatically open-ended and it sweeps in all messages that might have a “commercial” purpose including those you have been receiving telling you about products and services that can help you in this crisis.
CASL has some exceptions to where a prior consent is not required to send a CEM. However, the exceptions are rigid and close-ended. The exceptions would be very unlikely to apply to the many unsolicited messages we all have been getting from organizations we haven’t dealt with before. I had several clients call to ask whether they could send messages about a government program their customers were entitled to if the customers had unsubscribed from receiving commercial electronic messages from the business. CASL threatened to prevent customers from receiving commercial electronic messages they clearly would have wanted to receive but perhaps made illegal to send – even during this crisis.
CASL regulates and puts restrictions on sending the preponderance of legitimate electronic messages Canadians receive that aren’t damaging or deceptive SPAM. During this crisis, the number of legitimate messages being sent is going up like crazy, as is the corresponding number of useful emails that are illegal to send. Organizations that violate CASL even during this crisis can be subject to millions of dollars in administrative monetary penalties (AMPs). Directors and officers can be vicariously liable for AMPs as well.
There is no question that CASL infringes freedom of speech rights. The government has admitted this in open court. Even in normal times it is hard to see how its restrictions can be reasonably justifiable in a free and democratic society under the Charter tests established by numerous Supreme Court precedents including Oakes, Dagenais, RJR, Irwin Toy, Guignard, Rocket, and United Foods.(The Federal Court of Appeal will rule on this issue in the Compu-finder case soon. The case was argued (by Dan Glover and I) more than one year ago.)
In these hard times – when communicating using electronic messages has become essential, for both organizations and individuals – it is extraordinarily hard to see how CASL could be regarded as “minimally impairing” (to pass muster under the Charter any restriction on speech must be carefully tailored so that rights are impaired no more than necessary) or meet the proportionality test (for a restriction on speech to be Charter compliant, there must be proportionality between the objective and the measures adopted by the law and between the salutary and deleterious effects of the law).
CASL was reviewed by a Parliamentary Committee which identified its many flaws and recommended it be fixed. Its sweeping provisions could never be justified just to combat the most damaging forms of SPAM. Its restrictions against sending unsolicited electronic messages during this pandemic should not apply. There should not be concerns about whether the anti-spam portions of CASL are needed to protect the public from the recent increases in malware, spyware, phishing, and cyber-attacks. Installing malware and spyware on someone’s computer without consent would still be illegal under CASL’s computer program provisions. Phishing attacks (fraudulent attempts to obtain sensitive information such as usernames and passwords by including misleading or deceptive information in emails, URLs, or re lines of emails that promote a product or service) are illegal under the amendments made to the Competition Act by CASL, and many cyberattacks would be offences under the Criminal Code.
For more information on CASL, see Barry Sookman, CASL: the unofficial FAQ, regulatory impact statement, and compliance guideline.
This article was first posted on barrysookman.com. This update is part of our continuing efforts to keep you informed about COVID-19. Follow our COVID-19 hub for the latest updates and considerations for your business.