Canada’s Anti-Spam Legislation (CASL) is anti-competitive for our Canadian businesses and it’s a large thorn in Canada’s dream of developing a world-leading ‘digital economy’.
CASL is a problem for two primary reasons and I’ll explain both in more detail throughout this article.
First, CASL is anti-competitive. For companies who wish to comply with CASL, there are a number of requirements they must meet—more so than any privacy legislation of its kind in the world—prior to being allowed to send out commercial electronic messages (CEMs).
For instance, when seeking express consent on a website, a company’s subpage must have a form that has the company’s name; their mailing address; their phone, email, or web URL; a consent message detailing what the business plans to do with the recipient’s email; a statement in the consent message clearly stating that the user may withdraw their consent at anytime; and an unchecked check box the user must check in order to provide express consent.
Even if businesses adhere to this stringent checklist, the mere fact that they are required to follow it puts them at a competitive disadvantage with the vast majority of businesses outside of Canada, who either aren’t aware of CASL or routinely ignore it.
The result of this conundrum is that, pound for pound, our Canadian businesses acquire marketable emails at a slower pace than our foreign counterparts, who may wish to adhere to the US’s CAN-SPAM Act (a much less thorny version of CASL) instead.
An example: an accounting firm releases a report that can be downloaded via a subpage landing page. The accounting firm may have put considerable effort into producing the report but, to acquire express consent, they need people to check the consent box when they download the report. Unfortunately, usually 50% or less of users are checking the consent box when they download a report of this nature, yet, 100% of the users are accessing the report.
A second example: a retailer running a sweepstake (e.g., a weekend family getaway to Niagara Falls) spends their resources on prizes, advertising, and crafting the right legal terms (e.g., complying with the Competition Act, Criminal Code, etc.). In the end, contestants are gaining value (the chance to win a prize) from the retailer (after answering a skill-testing question of course), yet, usually 50% or less of entrants are providing express consent.
A third example: a reputable engineering firm holds an educational webinar to help the construction industry, which has a new methodology on reducing building costs. The engineering firm spends money on setting up the webinar, advertising, building the visual presentation, and incurring payroll costs for an engineer to facilitate the webinar. Once again, unfortunately, usually 50% or less of entrants are providing express consent.
In all of the above situations, it can be argued that each business (the accounting firm, retailer, and engineering firm) doesn’t have implied consent since their users aren’t purchasing a product or service nor are they inquiring about a product or service. Therefore, they are only allowed to send CEMs to those who check the consent box, which again, in practice, is usually 50% of users or less (I’ve seen consent check boxes get checked as low as 25% of the time).
The above examples—as well as many others—can be coined unilateral, which means one party gains value but the other doesn’t. It’s unbalanced. One-sided. Inequitable. Unfair.
CASL isn’t just unfair in instances of express consent, it’s also unfair in instances of implied consent too. Essentially, when someone is inquiring about a product or service, the vendor is given 6 months from the date of inquiry and 2 years from the date of last purchase to send CEMs, but, for some unknown reason, CASL requires the business to remove the person from their list after the consumer’s implied consent expires.
There are many industries where it’s not logical for such an expiry date to exist. For instance, an April 2011 study (conducted by Google/Shopper Sciences) found that 7% of consumers shopping in the automotive industry and 6% of consumers shopping in the technology industry take over 1 year to make a purchase decision. In these circumstances, it would make no sense for the given vendors to purge consumers from the e-mail marketing list after 6 months, which would be right in the middle of the consumer purchase cycle. Moreover, it’s completely normal for consumers to re-purchase certain kinds of products after 2 years: home renovation purchases, and house, vehicle, and appliance purchases—products within some of Canada’s largest industries—have re-purchase cycles that far exceed 2 years.
While thinking about applying proper reform to this area of the legislation, our elected officials and bureaucrats need to remember that recipients of CEMs can unsubscribe at anytime—and it’s not difficult either. It’s much more difficult to get off a Canada Post list (apparently, there’s no way to) or join the Do-Not-Call list.
When legislation forces businesses to purge their contact list after 6 months, it doesn’t protect consumers, but it does create a large, costly compliance barrier (we discuss this later) that takes away a consumer’s liberty to choose which emails they receive.
It’s also important to remember that Canada doesn’t exist inside a vacuum. For example, when you compare Canadian businesses to their American counterparts, our Canadian companies will always have a substantial amount of could-be leads who they are prohibited from sending CEMs, whereas, due to the CAN-SPAM Act’s drafting, US companies in similar lead-generating situations (e.g., the three noted above) are legally allowed to send commercial electronic mail messages (the American term for CEMs) to 100% of their leads (in cases they don’t have consent, they only merely need to mention that the communication is an advertisement). Thus, if 50% of Canadian leads aren’t providing express consent, American companies have twice as many marketable leads, which creates a competitive advantage for American companies.
An argument can be made that CASL applies to companies outside of Canada too and that such companies can face regulatory sanctions or civil law suits—the Canadian Radio-television and Telecommunications Commission (CRTC) even published a Memorandum of Understanding with the US’s Federal Trade Commission that outlines, amongst other things, an agreement for mutual assistance in enforcing each other’s commercial email laws. However, in practice, this argument fails. CASL has been in effect for nearly 3 years and, to date, 100% of the CRTC’s published fines and settlements as they pertain to electronic messages have been inflicted on Canadian companies. Even if they issue one or two fines outside of Canadian borders (with substantive help from the given foreign regulatory regime), that’s not going to slow down CASL’s anti-competitiveness long-term. It is far more expensive for the CRTC or consumers to go after foreign companies (e.g., think about the process to lodge a lawsuit against companies in China, Denmark, Nigeria, United Arabic Emirates, etc.) than to target a Canadian household name.
Thus far, and it’s expected to continue, it is our Canadian companies—not foreign companies—who feel the largest brunt of CASL’s deviant effects. It’s a shame too because, according to the legislation, CASL’s intentions are to “promote the efficiency and adaptability of the Canadian economy”—not hinder it.
Let’s shift to the second reason why CASL is bad for the Canadian economy: CASL is excessively expensive for Canadian companies to comply with.
I don’t use “excessive” for special effect or emphasis—I use it quite literally. In CASL’s current version, if a company were to comply, it would be excessively expensive and, for most small companies, financially destructive.
To explain, let’s say a Canadian company sells windows and doors, and generates $10 million per year in revenue. This window and door company typically sends their e-mail marketing list one CEM per month. If a consumer fills out a form and doesn’t check the consent box, no express consent is established, but this isn’t too bad because the business can lean on the 6-month existing business relationship rule—they have that customer’s implied consent to send out CEMs for up to 6 months.
However, this is where it gets expensive. To automate database tracking of consent in these situations, the business needs to create a software that connects their client relationship management software (CRM) or enterprise resource planning software (ERP) to their e-mail marketing software. This program needs to ensure that customers on the e-mail list are purged after 6 months if they don’t purchase a product; however, if a customer does complete a purchase, the software must change the purge date to 2 years from the purchase date. Furthermore, if a customer makes a re-purchase in this new 2-year window, the software needs to reset the purge date again, pushing the date by another 2 years. To add more spice to the mix, if the lead provides express consent in one of these 6-month or 2-year periods, the software must change this consumer’s label and create a no-purge date. You could rely on staff to do these functions, but you would face the inevitable threat of human error and up to $10 million per corporate offence. I don’t know about you, but, I don’t think it’s worth the risk.
You may have manually tracked the above labyrinth-like scenario for the 6-month and 2-year rules, but, keep this in mind: this example only had one lead. Now scale the above example to over 5,000 or 10,000 potential leads in a database. It would take a hefty technological solution that would cost in most cases, at the bare minimum, $50,000-$150,000 to build; it would likely be much higher for larger companies who need to integrate thousands of employees, and multiple business divisions and systems.
And this isn’t hypothetical either. In the last 5 years, tbk Creative, one of my companies, has worked with no less than 4 window companies who earn over $10 million per year in revenue and who each have thousands of leads in their databases. The problem described above is alive and well and is a situation being imposed on many of our Canadian companies because of CASL.
For example, take our $10 million window and door company (who has over 5,000 leads). In order to comply with CASL, they need to spend at least $50,000 to develop this consent-tracking software. Now scale that across the approximate 1 million companies in Canada. Yes, this money could be put towards the legal and technology industries but, in the end, we still wouldn’t be as competitive as the foreign companies who aren’t aware or don’t care about CASL. Instead of engaging in unreasonable legal and software bills in order to satisfy a hapless piece of legislation, our Canadian businesses would be better off spending their money on hiring, innovation, and capital expenditures (e.g., building expansion).
Recently, the CRTC announced that they have received over 300,000 complaints about alleged CASL violations. At least one article has taken this large number and implied it evidence that CASL is a good legislation. But that’s merely perception—you can look at the same data set and say that it’s clearly evidence that CASL’s provisions are too difficult to comply with.
When you take the anti-competitiveness of CASL and combine it with the excessive expenditure of compliance, you quickly realize that CASL was poorly drafted and is in need of urgent repair.
Most Canadian companies respond to CASL in 1 of 3 ways, but there is a common denominator: no one I’ve met has found the right solution.
Some companies choose to install software that helps ensure outgoing e-mails have sender information and unsubscribe mechanism details, but this software doesn’t solve the previously mentioned window and door company’s implied consent example: they need to tie purchase tracking information to a moving purge target to automate the process of complying with the rules for existing business relationships.
Then there are companies who choose to scale down their email marketing efforts. According to a CyberImpact survey, 10% of respondents report that they have stopped sending CEMs entirely and, sadly, I believe this statistic is not too far from the truth. Two years ago, I led a workshop on CASL in London, Ontario and a marketing manager to one of Canada’s biggest accounting firms was in the audience. With a sense of despair, she said that her compliance department had recently sent out a memo stating that accountants can no longer send e-mails to their clients that offer services; if a service is to be offered, the accountant is to discuss it with the client via phone or in person. Essentially, the firm responded to CASL by banning all commercial emails.
Then there’s the largest segment: those companies who have their heads in the sand. But, in light of CASL’s creation, can you blame them? I’ve visited a number of company offices (large and small) and I can confirm that the vast majority of our Canadian companies aren’t compliant with CASL. The only reason alarms aren’t going off yet is because the CRTC has shown constraint—that, and, they have reportedly denounced only 5 companies to date. So if you’re 1 in over 1 million Canadian companies, your odds are still pretty good.
However, this may change as of July 2017 as CASL’s Private Right of Action provision commences. According to the legislation, consumers will be able to lodge legal proceedings against alleged CASL violators. Naturally, our Canadian businesses will be the largest brunt of these lawsuits and, according to at least two lawyers I’ve spoken to, based on the drafting of the legislation, a large volume of legal proceedings are expected to occur. Instead of only being able to lodge claims for actual damages done to consumers, which would be minimal, section 51 of the Act allows for penalties (in addition to damages) of up to $1 million per day.
So, what do we do about CASL?
Aside from filing a Charter challenge (as there is mounting legal opinion that CASL is unconstitutional and violates, at the least, section 2 of Canada’s Charter of Rights and Freedoms), our elected officials and bureaucrats can make three simple changes to CASL’s electronic message provisions that will make the legislation very easy to comply with and allow consumers to still be protected. Before I provide the recommendations, note that some of CASL’s software provisions may still need to be reformed, but this article is only addressing the electronic mail provisions.
First, change the definition of ‘implied consent’ to ‘one party providing their contact information to a second party’. If a consumer provides their contact information into a web form and downloads an accounting firm’s e-report—something they put time and their professional expertise into—call it implied consent and let the accountant send you a CEM. You’re still protected from fraudsters overseas (who may be trying to send you weird pharmaceutical offers or are phishing for your bank login details) and if you don’t like the accountant’s emails, remember: you can simply unsubscribe at any time.
Second, remove implied consent’s 6-month and 2-year purging requirements. Remember, as per the examples and statistics provided earlier: some consumers take more than 6 months to make a purchase decision and some industry re-purchase cycles go past 2 years. Just because there’s a lack of consumer interaction, it doesn’t mean the consumer has lost affinity with the brand or doesn’t want to receive branded communications. Let’s not take liberty away from the consumer: allow them to unsubscribe when—and if—they want to.
Third, consider it implied consent if two people are mutually connected on a social network (as both voluntarily entered into the relationship). The unsubscribe requirements will still remain in effect, and recipients will be further protected since many social networks have their own built-in mechanisms to thwart ongoing, unwanted electronic messages. There isn’t a social network I’m familiar with that doesn’t have the ability to stop users from sending unwanted direct messages, which is usually accomplished with blocking or un-following features.
Maintaining express consent should remain in the legislation and be applied to cases where one party is sharing a contact’s email address with another party (found in section 5 of the Electronic Commerce Protection Regulations). This situation is often required at conferences where registrant emails are shared with third-party exhibitors.
As of July 2017, the public will be allowed to sue companies for alleged violations of CASL and, as expected, our Canadian companies will be on the largest receiving end of this provision. Private Right of Action can be a useful policy mechanism but not if organizations can’t practically comply with the legislation (either because it’s too complex or too costly). The current landscape CASL has created just isn’t fair and it’s hurting our Canadian economy.
In sum, keep the stiff penalties and the Private Right of Action, but only if the legislation becomes economical and easier to comply with.
Now is the time to act. According to section 65 of CASL, some time after July 2017, a review of the legislation is required to occur by, “any committee of the Senate, of the House of Commons or of both Houses of Parliament.” If our elected officials and bureaucrats implement the above recommendations, our companies will be able to more easily comply with CASL, business communities across Canada will rejoice, spammers overseas will still be prohibited from sending CEMs to Canadians (as they still won’t be able to meet the consent rules), and our consumers will remain protected.
I continue to work on a project to see CASL lightened through government reform or declared unconstitutional through a Charter challenge (more on this to come). Please reach out to me personally if you’d like to talk or help in some way. I can be reached at Andrew@tbkCreative.com.
If you’re an elected official or bureaucrat, or represent a policy think-tank, I’d be more than delighted to speak with you too.
Let’s help our Canadian businesses prosper by building one of the most intelligent digital economies in the world—one other countries will look to for assistance when crafting their own regulations. For us to achieve this vision, we must make progressive and balanced policy decisions now.