B2B Business Relations and Consent Requirements under the New Canadian Anti-Spam Law 

publication 

January 2014

Privacy Bulletin
Last month, the Minister of Industry announced that Canada's new Anti-Spam legislation ("CASL") will come into force on July 1, 2014. Industry Canada published the final version of its Electronic Commerce Protection Regulations ("IC Regulations") while the Canadian Radio-television and Telecommunications Commission had previously published its final regulations ("CRTC Regulations"). These two sets of regulations provide additional requirements for complying with CASL.

While most businesses understand that CASL provides for a stringent opt-in type of model, many are not so clear on what kind of impact this piece of legislation may have on businesses that conduct B2B activities. An electronic message that contains a request for consent to send CEM is considered to be a commercial electronic message covered under CASL.1 This means that an organization cannot contact a potential customer by email to obtain consent, unless there is a pre-existing relationship or the message is exempted under CASL. With the coming into force of CASL, can B2B businesses still contact other potential businesses by email as part of their business development efforts similar to what they have done in the past?

Type of Messages Regulated by CASL

For the purposes of CASL, an "electronic message" is broadly defined as a message sent by any means of telecommunication, including a text, sound, voice or image message,2 although the anti-spam restrictions in CASL do not apply to a commercial electronic message that is an interactive two-way voice communication between individuals,3 that is sent by means of a facsimile to a telephone account,4 or that is a voice recording sent to a telephone account.5 An "electronic address" means an address used in connection with the transmission of an electronic message to an electronic mail account, an instant messaging account, a telephone account or any similar account.6

A commercial electronic message (or CEM) is an electronic message for which it would be reasonable to conclude that it has the purpose of encouraging participation in a commercial activity (having regard to the content of the message, where it links to certain commercial content or contact information is contained in the message).7 Under CASL, "commercial activity" means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit.8 CEMs include, for instance, a message that: offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;

  • offers to provide a business, investment or gaming opportunity; or

  • advertises or promotes any person engaged in anything mentioned above (offer to purchase, to sell, offer to provide business, etc.).9

There are certain types of situations (such as when consent is implied) and certain types of messages which are exempted from the consent requirement which B2B businesses may use to support the position that they can contact potential business partners by email.

Scenario No 1: Implied Consent if Existing Business Relationship

Under CASL, it is prohibited for a business to send or cause or permit to be sent to an electronic address a CEM unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.10 CASL states that consent is implied if the person who sends the message, the person who causes it to be sent or the person who permits it to be sent has an existing business relationship with the person to whom it is sent.11 An "existing business relationship" means a business relationship between the person to whom the message is sent (customer) and any person who sent or caused or permitted the message to be sent (sender), arising from:

  • the purchase or lease of a product, goods, a service, land or an interest or right in land, within the two-year period immediately before the day on which the message was sent12 or the bartering of any activity mentioned in this paragraph;13

  • the acceptance by the customer, within the two-year period immediately before the day on which the message was sent, of a business, investment or gaming opportunity offered;14

  • a written contract entered into between the customer and any of those other persons in respect of a matter not referred above [under the two bullets above], if the contract is currently in existence or expired within the two-year period immediately before the day on which the message was sent; or15

  • an inquiry or application, within the six-month period immediately before the day on which the message was sent, made by the customer, in respect of anything mentioned above (purchase or lease, business or investment or gaming opportunity etc.).16

For instance, if a potential business customer makes a request for information to a business for one of their products on January 5th, then the business can send to this potential business customer CEMs for a period of six months (i.e., until July 5th of the same year). If this business customer purchases something on April 14th, 2014, then the business has a new period of two years to send CEMs to this customer – i.e., it has implied consent to send CEMs until April 14th, 2016, unless the customer purchases another product within this timeframe, in which case the business has a new period of two years to send CEMs to the customer. This means that organizations must ensure that their databases of customers' email addresses keep track of when (the date) a transaction or a request for information last took place, in order to be able to benefit from the implied consent under CASL.

Scenario No 2: Implied Consent if the Business Contacted has Published or Disclosed an Email Address

CASL states that consent is implied if the person to whom the message is sent has conspicuously published, or has caused to be conspicuously published, the electronic address to which the message is sent (for instance, the email address is made available on his or her business website), the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person's business, role, functions or duties in a business or official capacity.17 Similarly, CASL states that consent is implied if the person to whom the message is sent has disclosed (for instance, he or she has provided his or her business card at an industry conference), to the sender, the electronic address to which the message is sent without indicating a wish not to receive unsolicited CEMs at the electronic address, and the message is relevant to the person's business, role, functions or duties in a business or official capacity.18

The challenge with these types of implied consent provisions is to determine how "message is relevant to the person's business, role, functions or duties in a business or official capacity" will be interpreted. For example, my business email address is made available on McMillan's website and is not accompanied by a statement that I do not wish to receive unsolicited commercial electronic messages. I could also provide my business card to someone attending a privacy conference or an industry event. While a third party could probably legally contact me in to promote a conference pertaining to privacy law (which is my area of expertise), it is less clear whether a third party marketer could legally contact me to sell me or McMillan office furniture, business software products or provide me with discounts on business flights within Canada.

Scenario No 3: Exclusions for Employees and Business types of Email Messages

There are certain types of CEMs that are excluded from the application of CASL, as set out under the IC Regulations, including a CEM that is sent by an employee, representative, contractor or franchisee of an organization to another employee, representative, contractor or franchisee of the organization and that concerns the affairs of the organization, or to an employee, representative, contractor or franchisee of another organization if the organizations have a relationship at the time the message was sent and the message concerns the activities of the organization.19

This exemption will most likely support the view that B2B emails are acceptable in these types of situations, although, similar to what has been raised under option 2 above, there is certain uncertainty as to how the wording "if the organizations have a relationship" and "the message concerns the activities of the organization" will be interpreted by the CRTC or the relevant courts.

Scenario No 4: Referral Marketing

One last option that may be used by B2B businesses to avoid having to obtain an opt-in (express) consent will be to use the referral marketing provisions available under CASL. For instance, under the IC Regulations, there is no need to have prior consent to send CEMs in certain situations involving referral marketing, but this exception is limited to one single email. More specifically, the consent requirement does not apply to the first CEM that is sent by a person for the purpose of contacting the individual to whom the message is sent following any referral by any individual who has an existing business relationship with the person who sends the message, as well as with the individual to whom the message is sent; provided that the CEM discloses the full name of the individual or individuals who made the referral and states that the message is sent as a result of the referral.20 These individuals (making the referral) must have an existing business relationship (details on this notion are provided above) with the organization contacting the individual who has been referred to the organization.21

While there are various legal provisions that may be used by B2B businesses in order to make the case that they don't need an opt-in (express) consent prior to contacting certain potential business customers, there is still certain uncertainty on how some of these provisions will be interpreted by the CRTC and relevant courts. Therefore, businesses will need to use caution and may wish to contact their legal advisor if they want to benefit from these implied consent provisions or CEM exemptions in order to limit their legal risk and their potential liability under CASL. 

by Éloïse Gratton

1 CASL, s. 1(3).
2 CASL, s. 1(1).
3 CASL, s. 6(8)(a).
4 CASL, s. 6(8)(b).
5 CASL, s. 6(8)(c).
6 CASL, s. 1(1).
7 CASL, s. 1(2).
8 CASL, s. 1(1).
9 CASL, s. 1(2).
10 CASL, s. 6(1)(a).
11 CASL, s. 10(9)(a).
12 CASL, s. 10(10)(a).
13 CASL, s. 10(10)(c).
14 CASL, s. 10(10)(b).
15 CASL, s. 10(10)(d).
16 CASL, s. 10(10)(e).
17 CASL, s. 10(9)(b).
18 CASL, s. 10(9)(c).
19 IC Regulations, s. 3(a).
20 IC Regulations, s. 4(1).
21 IC Regulations, s. 4(2).

a cautionary note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2014