During our recent webinar on CASL, we got a number of questions that we were unable to answer. Today, I will try to answer some more of those questions. You may wish to read (or review) my earlier post on this topic before continuing.
As we begin, let me start by reminding people that I'm not an attorney. You shouldn't accept this as legal advice. And, you should certainly consult your own counsel to answer your specific questions concerning how CASL applies to what you're doing.
- Shaun mentioned three primary requirements for CEM. He mentioned consent and jurisdiction. What's the third?
- The third was a working unsubscribe mechanism.
- We give the option to sign up for our newsletter in our checkout. Can you advise if an unselected checkbox or a mandatory Yes/No option would provide a better opt in than having the ability to skip over the question?
- Mechanisms such as an unchecked opt-out box, or a pre-checked opt-in box cannot be used to obtain express consent. Express consent must be obtained through an opt-in mechanism; that is, the end-user must make a positive action to indicate that he or she provides consent. Therefore, a default toggling state that assumes consent on the part of the end-user cannot be used as a means of obtaining express consent under CASL. Further, silence or inaction on the part of the end-user cannot be construed as providing express consent. So, either of these things is acceptable as long as as the default state would not add someone to the list.
- Should we change our default to "Do Not Allow" immediately regardless of CASL?
- I think that this is a best practice from a deliverability (but not necessarily a marketing) standpoint. The best way to make sure that the people who get your mail are the people who want it is to never assume that they'll extend permission. Think of it like going into their home. You would never presume permission to go through the door and into their living room, rather you would wait until they gave you some indication that they want you to come inside.
- CASL's insistence upon consent is fully compatible with that standpoint, only it approaches from a legal standpoint.
- How long does a company have to comply once an unsubscribe message has been received?
- Under CASL, an unsubscribe must be honored "without delay." In practical terms, it means that the mechanism must be "readily performed." It is acceptable for an unsubscribe link to direct the consumer to a web page confirming his or her desire to unsubscribe; however, the link must be set out clearly and prominently in the message and the options given to the consumer on this web page be accessed without delay and should be simple, quick and easy for the consumer to use. In no case may that time period exceed 10 business days. ExactTarget clients who are using our systems to process unsubscriptions should rest assured that unsubscribe requests are honored immediately.
- I thought I heard: If they ever made a purchase and are not email opt-out, we can email the customer for 3 years. I also heard if the customer made a purchse we can contact them for 12 months. Can you clairify this?
- CASL has what some folks refer to as a "grandfather period." Any address which was obtained prior to the time that the law goes into force (July 1), may be mailed for a period of three years. The purpose of this time frame is to allow companies who had gotten addresses with minimal consent to obtain express consent. After the law comes into force, new addresses which are obtained using CASL's "implied" consent standard may be mailed to for a period of 24 months post-purchase.
- My company primarily sends transactional emails. Does Canada have any specific ways that they define transactional emails vs marketing emails.
- The short answer here is "no."
- The short version of a longer answer is found in Industry Canada's Regulatory Impact Analysis Statement: "If the message involves a pre-existing commercial relationship or activity and provides additional information, clarification or completes the transaction involving a commercial activity that is already underway, it would not be considered a CEM since, rather than promoting commercial activity, it carries out that activity."
- In fact, this pretty well tracks the language found in the statute under Section 6(6) (which gives the long answer) where the law itself defines certain classes of email as exempt.
- All of this serves to make Canada's definition of a transactional email much like the one that people are familiar with under CAN-SPAM. A transactional message is one which looks back on a transaction and provides something vital to it.
- ÂIf the individual checks the box themselves, does that count? Also, if it is in our legal agreement when signing up?Â
- If an individual checks the box themselves, then that would certainly comply with what the Canadians are looking for. What is being sought is for the subscriber to undertake some positive action which indicates that they are giving knowing consent to receive commercial electronic messages from you.
- However, merely placing a "consent statement" in the legal agreement would not comply. In Compliance and Enforcement Information Bulletin CRTC 2012-548, the CRTC said this: "The Commission considers that requests for consent contemplated above must not be subsumed in, or bundled with, requests for consent to the general terms and conditions of use or sale. The underlying objective is that the specific requests for consent in question must be clearly identified to the persons from whom the consent is being sought. For example, persons must be able to grant their consent to the terms and conditions of use or sale while, for instance, refusing to grant their consent for receiving CEMs." So, the CRTC appears to be saying that requiring consent as part of the sale is not permissible, which makes simply putting a "consent statement" in the legal agreement or the privacy policy out of bounds.
That will do it for our second set of questions. Stay tuned, though -- we still have lots more.