Book a Demo

Everything You Need to Know About Canada’s Anti-Spam Legislation

by | Data Privacy

As a marketer, it’s your responsibility to comply with anti-spam regulations like Canada’s Anti-Spam Legislation (CASL), but like most legislation, CASL is a bit of an arduous read. That’s why we’ve written this guide to help you understand the basics.

A quick disclaimer: We’re not lawyers or legislators, so this article is not intended as legal advice. Always consult with your legal team to ensure you’re compliant with applicable legislation.

What is Canada’s Anti-Spam Legislation?

Canada’s Anti-spam Legislation (CASL) is a set of regulations designed to protect Canadians from spam and other electronic threats while allowing businesses to operate electronically. CASL legislates the conditions under which businesses are allowed to send Commercial Electronic Messages (CEMs) to Canadians, and lays out the penalties for non-compliance. You can read the entire Act online here.

CASL doesn’t apply just to emails. A CEM can be any form of electronic communication where your purpose is to engage the recipient in a commercial activity. This can include communication through SMS or instant messaging.However, CASL does not apply to unsolicited telecommunications which are regulated under different legislation.

CASL legislates the conditions under which businesses are allowed to send Commercial Electronic Messages (CEMs) to Canadians.

In addition to spam, CASL also includes regulations pertaining to malware and spyware, address harvesting, and false or misleading promotional information. Since email marketing is one of the most important tools in your marketing toolbox, we’re going to focus on spam specifically in this article.
A woman sitting and looking at her tablet while smiling. There is an email notification icon above her.

Who Does CASL Apply to?

CASL applies to any CEM that is sent to a Canadian citizen. That means that if your company is located outside of Canada, but you’re sending CEMs to Canadians, CASL applies to you.

CASL does not apply when a Canadian entity sends a CEM to a foreign recipient. However, the recipient’s country’s anti-spam laws do apply. Even if CASL doesn’t apply, the Canadian government encourages all senders to follow best practices when sending CEMs.

The 3 Main Provisions for Sending CEMs

Under CASL, you can only send a CEM if:

  1. You have obtained consent from the recipient
    • Consent can be implied or express consent – more on that later
  2. You provide information identifying the sender, whether that is you or the person/company on behalf of whom the CEM is being sent, and include contact information
    • The contact information must be valid for at least 60 days after the CEM is sent
  3. The message includes a way to unsubscribe
    • The unsubscribe mechanism must be readily accessible – i.e. clearly marked and easily accessed by the recipient

There are a few exceptions to these rules, such as if the message is a quote or estimate or if the message is part of a commercial transaction that the receiver previously agreed to. These exceptions are quite specific, so make sure they apply to your CEM before sending.

The Ins and Outs of Consent

Similar to other privacy legislation like the GDPR and CCPA, consent is a pillar of CASL. Under CASL, you must obtain consent from the recipient before sending them a CEM, and you need to be able to provide proof of consent.

There are two kinds of consent: implied and express. Express consent is simple: you ask someone if you can send them a CEM and if they say “yes”, that’s consent! It’s important to know that express consent is indicated by a positive action, but not inaction; express consent is obtained through opt-in mechanisms. For example, ticking a box to agree to subscribe to a newsletter is express consent, but if that box is already pre-checked, it does not constitute providing express consent. Express consent is also not time-limited, but the recipient can withdraw their consent at any time.

“…express consent is indicated by a positive action, but not inaction”

Implied consent can be a bit more tricky, and under CASL is only accepted under certain circumstances. Consent can be implied if there is an existing business or non-business relationship, or if the recipient’s email is published publicly and the CEM relates to the recipient’s role or activities. Implied consent is generally time-limited and you can find the specific conditions and details in the Act itself.

Remember: the onus is on you, the sender, to be able to provide proof of consent.

A graphic of a computer window with a newsletter sign up. There is a checked box that says "I agree to receive emails" and a mouse is clicking the submit button.

The Penalties for Non-Compliance

It may be cheap to send out spam, but it will cost you more in the long run. Violating CASL can lead to fines of up to $1 million for individuals and $10 million for businesses. In addition to monetary penalties, sending unsolicited CEMs is a surefire way to ruin your relationship with potential and existing customers.

CASL has cleaned up Canadian’s inboxes, but it has also benefited marketers. Since 2014 when CASL came into effect, the open rate of commercial emails in Canada increased from 26% to 32%. Businesses also saw higher click-through and lower bounce rates. By ensuring you have consent before sending messages, you will build trust and loyalty and have greater success with your email marketing campaigns.

Helpful Resources

The Canadian government provides many helpful resources where you can find out more about CASL and your responsibilities as a business: