Thursday, January 13, 2011

Canada's New Spam Act: What Does It Mean For Small Businesses?

The Canadian government passed the Fighting Internet and Wireless Spam Act late last year, just before the holiday break. The law was long overdue as Canada was one of the last large First World countries to pass an anti-spam act. However, now that it is in place, many small business owners are unsure about their obligations under the Act - what are the legal questions surrounding the sending of an electronic newsletter, for example? Does that qualify as spam? How about a mass coupon emailing?

Looking at the Act, the new prohibited actions are fairly straightforward. Section 7 outlines the actual act of spamming: sending or causing/permitting the sending of a commercial e-message unless it meets all of these qualifications:
  • the person has consented to receiving it
  • the message identifies the sender and their contact information, and
  • an unsubscribe mechanism is included with the message.
"Consent" goes beyond express consent and encompasses implied consent as well. According to section 11 of the Act, businesses can assume implied consent when the receiver has:
  • bought, leased or traded with the sender within the last two years,
  • provided a business or investment opportunity to the sender within the last two years,
  • entered into a contract with the sender within the last two years, or
  • received an inquiry from the sender within the last six months.
Furthermore, consent can arise from non-business relationships, such as when the message recipient has made a donation, performed volunteer work or been a member of the sending organization within the last two years.

The prohibition doesn't apply when the mail is sent between friends and family, or when someone sends a commercial email inquiring about another person's commercial services (asking for a quote on a service, for example). It also doesn't apply to someone providing a quote or estimate, warranty information, or other sorts of communication that would facilitate an ongoing business transaction or inquiry.

(It also doesn't apply to electronic messages that are two-way voice conversations, voicemail messages or faxes, so telemarketers and junk-faxers can rejoice that their annoying business models remain legal for now.)

Sections 8 and 9 are largely not applicable to small business owners as they respectively concern themselves with man-in-the-middle-style hacking operations (the redirecting of email mid-transfer) and the surreptitious installation of malware or spyware in the course of commercial activity.

However, businesses with websites that require users to accept cookies should be aware that cookies are programs that install themselves on another person's hard disk and therefore, technically, are prohibited under the Act if the user does not consent to their installation. In practice this will not often be relevant since most people either set their web browsers to auto-accept cookies or set them to give prompts when a cookie is offered, but it is worth noting.

Finally, section 10 prohibits aiding, inducing, procuring or causing to be procured any of the activities prohibited in sections 7 through 9.

Ultimately, small business owners that are concerned about their vulnerability under the Act should carefully examine their newsletter practices and consider obtaining legal advice as to their obligations and responsibilities.
- Christopher Bird, Toronto
Visit our Toronto Law Firm website:

No comments: