Canada’s antispam legislation (CASL) is now expected to come into effect in the latter half of 2014. The underlying principle of the new legislation is that senders of commercial electronic messages (CEMs) should acquire the explicit consent from anyone receiving their messages – a principle I support and promote. However, there may be a rough road ahead.
Gaining consent to communicate with customers is a core best practice, which engenders both trust and engagement. This is essential for any business but especially true online where alternatives are only a click away and transgressions propagate quickly.
However, the CASL’s prescriptive approach could have unintended consequences.
Thank you for your business as long as it’s less than two years ago
CASL grants a two-year assumed consent after a transaction has occurred. To comply with the legislation a mechanism will be required to change recipients to an unsubscribed status when the most recent transaction is two years old. Since more than one transaction is likely to take place this effectively requires transaction systems and communications systems to be integrated.
Compare this to the current practice where a small business would use an Email Marketing Service (EMS) to send a newsletter and other notifications to people on their mailing lists. This company is only required to honour a request by recipients to opt out or unsubscribe. Most EMS systems available today have built in functionality that manages this automatically. No integration simple!
Systems integration is complex, especially considering the myriad systems that exist to track transactions and deliver messages. This level of technical sophistication favours larger companies, and will adversely affect smaller businesses without the resources to integrate.
A single period of two years applicable to all organizations also doesn’t make sense considering the range in the buying cycle between company types. An automaker has a buying cycle over two years; whereas a clothing retailer has a much shorter cycle.
Thank you for your inquiry as long as it’s less than six months ago
CASL treats inquiries in a similar way to transaction except the limit is six months instead of two years. I’ve already alluded to the technical challenges related to transactions but at least where there’s money there’s usually a date. What about an inquiry? Do companies need to track incoming phone calls and link these records to their communications systems? What if the call was a complaint? Would clicking on a link in an email or a website constitute an inquiry?
Please don’t pick the email addresses
A common B2B practice is to copy email addresses from company websites. The merits of this practice are debatable but it’s explicitly permitted under CASL. The exception is if
a notice has been posted on, for example, a Contact Us page instructing that email addresses should not be copied. But what if the notice is placed after the email addresses have been collected? Is it up to the sender to monitor every website where email addresses were copied?
Permission papers please
Participation in trade shows and other events is a common practice. Businesses and other organization types collect business cards or have people write their name and email address on a sheet of paper. This would be considered sufficient permission to communicate by most standards. Business cards might be scanned or names entered into an Excel spreadsheet for importing into a database. Once in the database a followup email could be sent.
So far so good. But how has permission been captured? What if someone complained they had not granted permission? Maybe they felt they had only granted permission for one type of communication but not another? How is an organization or business, accused of spamming, able to verify permission had been granted? What is the standard set of data the legislation deems acceptable?
Our American cousins
CASL applies to messages sent from Canada and received within Canada. This means US companies sending messages to Canadians are expected to comply with CASL.
This wouldn’t be an issue if the laws were the same in both countries but the US operates on an optout model. It isn’t hard to imagine US companies playing it safe and opting not to send to Canadian addresses, especially with fines up to $10 million for companies, $1 million for individuals and provision for fines of up to $200 per message (10,000 messages at $200 each is $2 million).
The principles behind these notions are well-intentioned: place a time limit on implied consent for purchases and inquiries; don’t copy email addresses from a website if it says not to; make sure you have permission to send messages; and apply Canadian law to messages that arrive in Canadian inboxes.
It’s hard to argue with such apparently self-evident and straightforward principles. You almost have to go back and reread my examples to remind yourself why there’s a problem
That’s the problem. Arguing against the current atni-spam regulations can be construed as being pro-spam.
This is especially true for politicians who need to be so careful in their use of language. It’s already the case that anyone arguing against this legislation is characterized as unsophisticated dinosaurs from a predigital age.
The change in principle introduced by CASL is to base the legislation on opt in versus opt out. This has resulted in a more prescriptive approach that could have a practical impact that’s worse than the problem it’s designed to fix.
● CASL will have little or no impact on spam from outside our borders, which is where most of it comes from.
● The prescriptive approach of CASL will impose an inordinate technical burden on Canadian business.
● The fines, combined with the cost of compliant, are potentially so high that it may discourage rather than promote commerce.
● The spam issues that inspired this legislation have mostly been solved by technology, which will continue to move much faster toward providing solutions than CASL.
While it is a sincere effort to improve online communications, some aspects of CASL impose inordinate complexity that misses the target. The imposition of two year and six month implied consent limits for transactions and inquiries respectively is a good example of this. Spam issues do not typically originate with companies the Canadian public is prepared to buy from and otherwise engage with. If companies do broadcast unwanted messages they are almost certainly going to be broadcast within the six months anyway. For messages sent within the first six months the implied consent rules are therefore irrelevant, which means consumers will need to deal with these messages the old fashioned way: opt out.
CASL takes an overly prescriptive approach that attempts to shield us from the most trivial of unwanted electronic messages by focusing too much on the sender. A better balance needs to be achieved between opt in where the onus is on the sender, and opt out where to onus is on the receiver. A simple change to CASL that would improve this balance is to remove the time limits on implied consent.
I can’t say I hold out much hope that a fundamental change like this is possible at this stage, because we’re already so far down the CASL road. But I believe a more balanced approach is right in principle, at least from a practical perspective.
Martin Millican is president at Envoke