A Quick Guide to Understanding Canada’s Anti-Spam Law and Social Media Compliance
May 6, 2015
Canada’s Anti-Spam Legislation (CASL), which went into effect July 1, 2014, has many businesses wondering how it impacts social media communication. As I discussed in a prior post, the new law requires businesses to have consent to send “commercial electronic messages” (CEMs) via email, telephone, (i.e. text), instant messaging, or similar account. The law gives recipients the option to opt-in to CEMs they wish to receive, and will prevent commercial businesses from sending spam.
Businesses that don’t comply with CASL could face serious penalties. Two recent cases resulting in heavy fines — $1.1M to Compu-Finder and $48,000 to PlentyOfFish — highlight the importance of businesses to double-check their social media strategies to ensure that communication is compliant. Both cases are examples of CASL violations where the “unsubscribe” mechanisms in emails did not function properly.
Given our focus on social media compliance, we have received a number of inquires on what and how social media activity should be handled under this new legislation, so I wanted to share some quick tips.
One challenge is that Canada’s anti-spam law takes a technology-neutral approach. While there are certain provisions that apply only to electronic messages, CASL does not specifically define unique requirements for every unique type of social media communication. At a glance, there are three key categories of requirements from CASL:
Here are 4 key takeaways for staying compliant with CASL:
1. CASL does not apply to public social media posts or broadcasting
Although some might consider a tweet or a Facebook post a “commercial electronic message”, the act of publishing is not affected by CASL because it is public, akin to content shared on your own website. Under CASL, businesses can tweet, update their company status, and post Instagram photos without consent and identification requirements. See the guidance issued by Industry Canada.
However, any 1-to-1 or 1-to-few communication via social media, including but not limited to private or direct messages, chats and posting to groups, requires CASL compliance unless there is a clear exception as provided by CASL. The same rules that your organization would normally have in place to ensure email complies with CASL, should also be applied to the direct messaging (for example, LinkedIn InMail, Facebook Messages or Twitter Direct Messages) on social media.
As such, the mere pushing of content on social media (i.e. wall postings, LinkedIn status updates, tweets) is not affected by CASL. According to the Regulatory Impact Analysis Statement, “Another concern is how CASL might apply to CEMs on popular social networking services or instant messaging services. Where they are not sent to electronic addresses, the publication of blog posts or other publications on microblogging and social media sites does not fall within the intended scope of the Act.”
2. A connection or a “like” does not equal express consent
A mere connection, follow, or friendship on social networks does not constitute “express” or “implied” consent for somebody to reach out via email or direct message to solicit for product or services. According to the Competition Bureau FAQ on CASL, “Using social media or sharing the same network does not necessarily reveal a personal relationship between individuals. The mere use of buttons available on social media websites – such as clicking “like”, voting for or against a link or post, accepting someone as a “Friend”, or clicking “Follow”– will generally be insufficient to constitute a personal relationship.
3. You must allow recipients to “opt out”
According to CASL, there must be an unsubscribe mechanism in emails/direct messages. However, because there is no automated way to ‘unsubscribe’ a recipient from receiving a direct message via a Facebook message or InMail, the sender should offer a manual unsubscribe option. We suggest including in each message a disclosure stating that if the recipient does not wish to receive further messages from you, they should reply directly indicating as such. The best practice here is to have a template with approved unsubscribe language, and a documented process for how the responses are handled
4. Be cautious when making new “connections” or “friends”
Reaching out and requesting a connection or friend via LinkedIn or Facebook could constitute a CEM and therefore require CASL compliance, unless the individual can prove an existing relationship.
For more information, download our Global Social Media Compliance Requirements for Financial Services Infographic, or read What You Need to Know for Social Media Compliance Under CASL.
Disclaimer: The material available in this article is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of information provided herein.