Getting to know Canada’s Anti-Spam Legislation (CASL)

By BrainStation December 4, 2019

If your business sends emails in Canada, you’re going to want to get comfortable with the ins and outs of CASL. Despite the name, Canada’s Anti-Spam Legislation (CASL) doesn’t only apply to spammers. In fact, it’s often described as the most comprehensive law of its kind in the world, and it seems to be making an impact. 

Between the first of April and the end of September in 2018, the Spam Reporting Center received 5,000 emails a week detailing complaints from Canadian consumers. Since the legislation was introduced, there has been a 37 percent decrease in Canada-based spam email. 

Overview of CASL

CASL is a federal law that was introduced in 2014 in response to a rise in instances of phishing, identity theft and the spread of malicious software. It establishes the rules around commercial electronic messages (CEM) and is meant to protect the inboxes of Canadians and to make Canadian businesses more competitive in the global digital market. 

In general, the law covers:

  • Sending unsolicited emails, text messages, and social media communications
  • Installing software without consent
  • Using misleading information to sell products or promote services
  • Accessing computers or electronic devices without consent in an effort to collect personal information 
  • Collecting and using emails without consent (harvesting)

The positive impact of CASL

According to the Government of Canada’s website, businesses have actually benefited in some ways from the introduction of the law. 

In particular, the law has forced businesses to be more deliberate with their CEMs. As a result, click-through-rates have actually increased and bounce rates have decreased. 


Become a Digital Marketer in just 12 weeks!

BrainStation’s Digital Marketing Diploma Program is a full-time, 12-week program that equips professionals with the skills and experience to start a new career in marketing.

Speak to a Learning Advisor

The proportion of emails reaching the intended recipient rose from 79 percent to 90 percent (compared to 80 percent worldwide). Interestingly, the number of emails opened and read have also increased, rising from 26 percent to 32 percent.

Getting consent

Consent plays a huge role in CASL compliance. Businesses sending emails or text messages to potential or existing customers need to first obtain their consent. In the case of a complaint, your business needs to be able to provide evidence of this consent. This means keeping copies of electronic forms, screenshots, audio recordings, and documents that outline your CASL procedures.

There are two types of consent: express consent and implied consent.  

Express consent is when the receiver has voluntarily opted-in to receiving communications from your business. This can be done verbally, electronically or in writing. There’s no time limit on this unless the receiver revokes their consent. When you’re looking to get someone’s express consent, you must do the following:

  • Explain clearly why you’re looking for consent
  • Make obvious who is asking for consent, whether it’s you or if you’re acting on behalf of a third party
  • Provide the address of the party looking for consent, including web and mailing address and phone number
  • Let the receiver know that they can revoke consent at any time

An important detail to note about providing express consent is that the individual must be asked to complete an action that proves their intent. For example, you can ask them to type in their email address or check a box. You can’t, on the other hand, have the box already checked and expect the individual to uncheck it themselves to opt-out. 

Implied consent can only exist if the receiver has an existing relationship with your business. This relationship can be business or non-business related. 

Examples of a business relationship with implied consent:

  • Someone buys one of your products or services 
  • Someone has sent you an inquiry in the last 6 months 
  • You’ve entered into a written contract with someone

Examples of a non-business relationship with implied consent:

  • Someone has visibly published their email online and hasn’t clearly stated that they don’t want to receive emails
  • Someone has given you their business card which includes their email 
  • Someone has made a donation to your charity (for non-profits)

It’s important to note that implied consent is valid for 2 years, a timeframe that renews with each transaction (ie. buying a product).

Complying with CASL

Here are some questions you might want to ask yourself the next time you send out a CEM.

Have they agreed to hear from you?

If you have express consent, be sure to keep a record of it. If you have implied consent, double-check that you’re within the two-year time period. 

Does your email include the appropriate contact information? 

Your email needs to include the contact information of the sender, whether that’s your business or a third party’s. Contact information includes mailing address, name, phone number, email and website address. This information needs to be valid for at least 60 days after the communication was sent. 

Are the contents of your communication truthful?

Your CEM should not contain any misleading or false information. 

Have you given the receiver the opportunity to opt-out of hearing from you? 

It must be made clear to the receiver how they can unsubscribe from future communication. Your unsubscribe mechanism should be functioning at all times, even if that means it can be done simply by replying to your email. There should also be no cost (financial or otherwise) to the individual. Once you’re alerted to an opt-out request, you have 10 working days to comply. 

The consequence of not complying

While the responsibility for CASL compliance rests primarily with the Canadian Radio-television and Telecommunications Commission (CRTC), there are actually three governing bodies working together on enforcement: the CRTC, the Office of the Privacy Commissioner of Canada, and the Competition Bureau. 

For serious violations, businesses can be fined up to $10 million, while individuals can be fined up to $1 million. In 2015, Rogers Media was fined $200,000 for failing to provide receivers with a functioning unsubscribe mechanism. Porter Airlines was fined $150,000 for sending emails to people who had previously unsubscribed. 

Don’t be an uninvited guest

Outside of the financial penalty, it’s not worth rubbing existing or potential customers the wrong way by dropping into their inboxes without an invitation. 

And if post-CASL click-through and bounce rates have shown us anything, it’s that the legislation is in lockstep with changing customer expectations around digital etiquette.

Test your CASL knowledge by taking their short quiz. To learn more about CASL compliance, visit the Government of Canada’s website

Learn more about digital marketing tools and trends with our Digital Marketing Diploma Program