Suggestions for improving CASL? We have a few…

  • January 22, 2019

You don’t have to ask us twice: invited by Innovation, Science and Economic Development Canada to suggest improvements to Canada’s Anti-Spam Legislation, several CBA Sections were happy to weigh in.

In a submission to government, Privacy and Access Law, Charities and Not-for-Profit Law and the Canadian Corporate Counsel Association make a number of recommendations, starting with refining the definition of “commercial electronic message,” which the Sections say is overly broad and vague. “CASL requires thoughtful amendments to clarify what is and is not a CEM and to ensure it focuses on the purpose of the legislation,” the Sections say, recommending the definition be amended to specify that a CEM have encouraging economic activity as its “primary or principal purpose.”

The Sections also note that while messages without any sales or promotional component can still be considered to be CEMs, public service announcements should not have an “unsubscribe” option.

“It is not appropriate, and is potentially misleading, to require an unsubscribe in such messages,” the Sections say. “There should not be any suggestion that a recipient can require a sender not to send public services messages in the future and such an interpretation of CASL’s intent would not be accurate.”

Technology has moved along since CASL was drafted, and has left parts of the legislation behind. Installing, or causing to be installed, a computer program on another’s system without consent sounds like a bad thing until you think about all the apps installed via third parties like the Apple App Store and Google’s Play Store.

“If consent was not obtained from a user for an app installation because consent was not needed, the maker of the app also would not have received consent to ‘push’ updates to that user … This could have the unintended effect of restricting companies from sending critical security updates and bug fixes to app users, exposing users to greater risks from hackers and other cyber criminals.”

This has an easy fix however – including security and other updates to the list of allowable installations.

The Sections say they would also welcome the chance to discuss with officials how to make the requirements for consent more practical and efficient for businesses and consumers alike – and to ensure that the requirements “reflect the original legislative intent.”