1 / 32

Daniel G. C. Glover Partner Direct Line: (416) 601-8069 E-Mail: dglover@mccarthy

What Publishers Need to Do Now to Become CASL Compliant A Joint Presentation for the LPG, ACP and eBound Canada. Daniel G. C. Glover Partner Direct Line: (416) 601-8069 E-Mail: dglover@mccarthy.ca. May 22, 2014. CASL: The Clock Is Ticking. Jan. 15, 2015. July 1, 2014.

mackensie-short
Download Presentation

Daniel G. C. Glover Partner Direct Line: (416) 601-8069 E-Mail: dglover@mccarthy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What Publishers Need to Do Now to Become CASL CompliantA Joint Presentation for the LPG, ACP and eBound Canada Daniel G. C. Glover Partner Direct Line: (416) 601-8069 E-Mail: dglover@mccarthy.ca May 22, 2014

  2. CASL: The Clock Is Ticking Jan. 15, 2015 July 1, 2014

  3. The Title Says it All • An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23) • Thankfully known as “CASL” • Not just about spam andspyware • All businesses deeply affected

  4. Why Should I Care? • Fines of up $10 million for a corporation • In 2017, CASL will permit lawsuits allowing: • compensation for loss, damages and expenses; PLUS • awards capped at $1 million per day for breach of CASL with risk of class actions • Exposure for directors, officers and agents including for “procuring” a CASL violation • In force dates: July 1, 2014 (SPAM), Jan. 15, 2015 (Spyware), July 1, 2017 (private lawsuits) • CASL reaches across borders

  5. The Breadth of CASL

  6. What Exposes Publishers to CASL? • CASL casts a VERY wide net and raises real questions for all kinds of organizations that do NOT sell Viagra or spy on their customers • All that is needed is for a publisher to: • Send or cause to be sent unsolicited messages to customers or other businesses (through e-mail, SMS, Facebook, Twitter or other accounts) – whether or not they seem like “SPAM” • A pitch to a potential new partner • A request for consent falls afoul of CASL in most cases • “Legacy consents” may not meet the new standard • Banner ads not covered • Provide or cause apps or other software to be installed on customers’ computers without disclosure and consent – “Spyware” • Use mailing lists that may have been compiled using “address harvesting” computer software • Send false or misleading electronic messages or headers

  7. No-Risk and Lower-Risk Activities But careful with direct messaging…

  8. Is CASL Limited to Advertising or Promotional Messages? A “commercial electronic message” is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity … How may hyperlinks, corporate logos, contact information “encourage participation in a commercial activity”? CASL governs business-to-business CEMs if the organizations don’t “have a relationship” or if the message isn’t relevant to the recipient’s business

  9. What Is a Commercial Activity? A “commercial activity” is any particular transaction, act or conduct or any regular course of conduct that is of a commercial character whether or not the person who carries it out does so in the expectation of profit…” (s.1(1)). How clear is the term? See Decision P2013-d-01 (Alta.) “To adapt a colloquial phrase, if it looks like a commercial activity, and walks like a commercial activity, then it is a commercial activity.” E-mail to a university bookstore? E-mail sent by a not-for-profit? E-mail confirming a purchase? 9

  10. The Anti-SPAM Prohibition:Consent, Form and Unsubscribe It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic messageunless: The person to whom the message is sent has consented to receiving it, whether the consent is express or implied; The message sets out prescribed information that identifies the person who sent the message; The message sets out information enabling the person to whom the message is sent to readily contact the sender; and The message sets out a “clear and prominent” and “readily performed” unsubscribe mechanism.

  11. Key Full Exceptions Responses to requests, inquiries or complaints. But not for “quotes” or “estimates”?!? Where parties have a close personal or family relationship. An inquiry or application to a person engaged in a commercial activity. Messages sent within an organization. B2B messages where a relationship exists. Messages that a sender reasonably believes will be accessed in a foreign state and conform to its laws. Charitable fundraising messages. Political fundraising messages?!?

  12. A Closed Set of Partial Exceptions (with a “Best Before” Date) Where there is an ‘existing business relationship’ Where the recipient has “conspicuously published” the electronic address without a statement that the person does not wish to receive unsolicited CEMs AND the message is relevant to the person’s business, role, functions or duties in a business or official capacity; Where the recipient has disclosed, to the person who sends the message, the electronic address without indicating a wish not to receive unsolicited CEMs, AND the message is relevant to the person’s business, role, functions or duties in a business or official capacity; Most expire within 2-3 years

  13. What’s an Existing Business Relationship? It is a business relationship arising from: the purchase or lease of a product, goods, a service… within the 2-year period immediately before the day on which the message was sent; the bartering of anything mentioned in (a)... a written contract entered into between the recipient and the sender in respect of a matter not referred to in any of (a) to (b), if the contract is currently in existence or expired within a two-year period; or an inquiry or application made by the recipient to the sender, within the last 6 months, in respect of (a) or (b).

  14. PIPEDA NotGrandfathered • Consents to collect, use or disclose information under PIPEDA are not necessarily valid for the purposes of CASL • CASL will create a conflicting consent regime with the consent regime in PIPEDA and provincial privacy laws since “implied consents” are a list of closed categories • Consents cannot be inferred by conduct as in Australia or New Zealand • PIPEDA consents are not necessarily “grandfathered” • Best practice is to get “opt-in” consents now

  15. No pre-checked boxes!

  16. GETTING EXPRESS CONSENTS Obtaining consent: s. 10(1): A person who seeks express consent must, when requesting consent, set out clearly and simply the following information: (a) the purpose or purposes for which the consent is being sought; (b) prescribed information that identifies the person seeking consent and, if the person is seeking consent on behalf of another person, prescribed information that identifies that other person; and (c) any other prescribed information.

  17. CONSENT MUST BE “SOUGHT SEPARATELY” 14. … in order to meet the requirement of seeking consent separately, the person seeking consent must identify and obtain specific and separate consent for each act contemplated by the sections of the Act... 15. For example, … persons must be able to grant their consent for the installation of a computer program while refusing to grant their consent for receiving CEMs.However, the Commission does not consider it necessary for consent to be sought separately for each instance of the acts listed in paragraph 13 above...

  18. REQUESTS CAN’T BE SUBSUMED OR BUNDLED WITH TERMS & CONDITIONS 16. The Commission considers that requests for consent contemplated above must not be subsumed in, or bundled with, requests for consent to the general terms and conditions of use or sale. The underlying objective is that the specific requests for consent in question must be clearly identified to the persons from whom the consent is being sought. For example, persons must be able to grant their consent to the terms and conditions of use or sale while, for instance, refusing to grant their consent for receiving CEMs.

  20. Mandatory Disclosure – Consents (a) the business name of the person seeking consent; (b) the business name of any other persons receiving consent; (c) a statement indicating who is seeking consent and who is the recipient of the consent; (d) the mailing address, and (for each person above) one of a telephone number, an email address or a web address; and (e) a statement indicating consent can be withdrawn.

  21. HOW DO I PROVE consent? 24. … the term “in writing” includes both paper and electronic forms of writing. 25. The Commission considers that the requirement … is satisfied by information in electronic form if the information can subsequently be verified. 26. Examples of acceptable means of obtaining consent in writing include checking a box on a web page to indicate consent where a record of the date, time, purpose, and manner of that consent is stored in a database; and filling out a consent form at a point of purchase.

  22. Mandatory Disclosure – CEMs (a) the business name of the person seeking consent; (b) the business name of any other persons receiving consent; (c) a statement indicating who is seeking consent and who is the recipient of the consent; (d) the mailing address, and (for each person above) one of a telephone number, an email address or a web address; and (e) a “clear and prominent” unsubscribe mechanism.

  23. Unsubscribe Requirements • The unsubscribe mechanism must enable no-cost and “readily performed” unsubscribes, using (i) the same electronic means by which the message was sent, or (ii) if using those means is not practicable, any other electronic means that will enable the person to indicate the wish; and • All CEMs must specify an electronic address, or link that can be accessed through a web browser, to which the indication may be sent (the address or web page must be valid for 60 days).

  24. Text Messages and Other Small Formats CRTC FAQ: • “If it is not practicable for you to include identification, contact, and unsubscribe information directly in your message, as with text messages, the information may be posted on a web page on the World Wide Web that is readily accessible and at no cost to the recipient. The link to the web page must be clearly and prominently set out in the message.”

  25. CASL: The Clock Is Ticking

  26. The “Spyware” prohibition A person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person’s computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless: the person has obtained the express consent of the owner or an authorized user of the computer system and complies with [the disclosure requirements of] subsection 11(5); or the person is acting in accordance with a court order. [Rare]

  27. MINIMUM DISCLOSURE (s. 10(3)) “Minimum disclosure” applies to computer programs generally: A person who seeks express consent, must when requesting consent, also, in addition to setting out any other prescribed information, must clearly and simply describe, in general termsthe function and purpose of the computer program that is to be installed if the consent is given. 27

  28. ENHANCED DISCLOSURE (S. 10(4)) DISCLOSURE REQUIREMENTS TO COMPLY WITH “MALWARE” AND “SPYWARE” PROVISIONS If the computer program meets a “malware” or “spyware” criterion, the person must “clearly and prominently, and separately and apart from the licence agreement, • describe the program’s material elements that perform the function or functions, including the nature and purpose of those elements and their reasonably foreseeable impact on the operation of the computer system; and • bring those elements to the attention of the person from whom consent is being sought in the prescribed manner”. 28

  29. ENHANCED DISCLOSURE TRIGGERS (s. 10(5)) DISCLOSURE REQUIREMENTS TO COMPLY WITH “MALWARE” AND “SPYWARE” PROVISIONS The enhanced disclosure standard applies where the program performs functions that the person knows and intends will cause the computer system to operate in a manner that is contrary to the reasonable expectations of the owner or authorized user of the computer… • Imports a subjective intent element (for installer) and an objective standard (for user) 29

  30. LISTED FUNCTIONS (s. 10(5)-(6)) DISCLOSURE REQUIREMENTS TO COMPLY WITH “MALWARE” AND “SPYWARE” PROVISIONS • collects personal information; • interferes with control of the computer; • changes or interferes with settings preferences or commands; • obstructs, interrupts, or interferes with access to data; • causes the computer to communicate with another computer without authorization; • installs a program that can be activated by a third party; • installs a bot; or • performs any other function set out in the regs; [none yet] but not if the function onlycollects, uses or communicates transmission data or performs an operation set out in the regs 30

  32. VANCOUVER Suite 1300, 777 Dunsmuir StreetP.O. Box 10424, Pacific CentreVancouver BC V7Y 1K2Tel: 604-643-7100 Fax: 604-643-7900 Toll-Free: 1-877-244-7711 CALGARY Suite 4000, 421 7th Avenue SWCalgary AB T2P 4K9Tel: 403-260-3500 Fax: 403-260-3501 Toll-Free: 1-877-244-7711 TORONTO Box 48, Suite 5300Toronto Dominion Bank TowerToronto ON M5K 1E6Tel: 416-362-1812 Fax: 416-868-0673 Toll-Free: 1-877-244-7711 MONTRÉAL Suite 25001000 De La Gauchetière Street WestMontréal QC H3B 0A2Tel: 514-397-4100 Fax: 514-875-6246 Toll-Free: 1-877-244-7711 QUÉBEC Le Complexe St-Amable1150, rue de Claire-Fontaine, 7e étageQuébec QC G1R 5G4Tel: 418-521-3000 Fax: 418-521-3099 Toll-Free: 1-877-244-7711 UNITED KINGDOM & EUROPE 125 Old Broad Street, 26th FloorLondon EC2N 1ARUNITED KINGDOMTel: +44 (0)20 7786 5700 Fax: +44 (0)20 7786 5702

More Related