I believe it only applies to messages originating from a server located in Canada, in case anyone was wondering.
EDIT: I am indeed wrong! A non-Canadian company could hypothetically get in trouble for violating these rules. I wouldn't expect that to happen often.
Also, thankfully, the Canadian rules seem pretty reasonable. Everyone probably should have to get explicit (more than a prechecked box) permission before adding you to a mailing list.
Saying CASL applies to any message accessed in Canada is meaningless. Canadian law can't be applied to foreign entities. Reminds me of what happened with the national do-not-call list.
Sure, there are limits to foreign jurisdiction. IANAL, but if you have customers in Canada and you also send email to Canada you may have to care about CASL. Even if the message originates from a US server.
Canadian law can't be applied to foreign entities.
Of course it can. If they do business in Canada or maintain any assets their those transactions can be blocked or the assets frozen. Many developed countries have reciprocal agreements on things like court judgments, asset seizure and so forth. It's not the same as for a firm based in Canada, but it's not toothless either.
This law has been a giant PITA for me, only because there are a bunch of businesses running around trying to sell "compliance" services to my clients (who don't need them, because why would I set them up with email marketing tools that aren't opt-in only). Truth is that CASL isn't very different from CAN-SPAM and so anyone who was already doing email marketing in the US is probably fine, but there seems to be a whole new cottage industry in Canada around scaring people into paying for protection from this (more or less completely sensible) new law.
Like most anti-spam legislation, this will both hurt legitimate businesses trying to send email to people they've done business with in the past, as well as do nothing to stop spam. Spammers are still going to spam. They don't care about Canadian laws.
Spam filtering is pretty good these days, I don't get much spam to my inbox that isn't CAN-SPAM compliant. The interesting take away is that Canadians are still getting pissed off enough at CAN-SPAM passable spam to pass new legislation.
In other words "legitimate business" is pissing people off so much that the state is willing to intervene.
Because running a business and trying to contact you is such a terrible thing. Instead of adopting a self-entitled stance that I have the right to not be disturbed and any violation is an attack on my ego driven need for individual sovereignty, I have learned to respect and even root for the small businesses trying to make a dollar for themselves while everyone else is busy wasting their life away being wage slaves for giant soulless corporations. I don't get mad, I evaluate the email if I'm interested.
So you (or the people running your mailbox) don't filter spam? At all? Really? Or do the dollar signs in your eyes shift your perspective about the handful of spam that gets through the automated filters?
I can tell you our lawyer is looking at this very carefully and making sure we're in compliance. That entails going through our mailing lists and scrubbing anyone who was opt-out, which I've always felt was a shitty and shady practice. It won't hurt us much, and it will make Canadian businesses treat our customers better.
Plenty of "legit" businesses rely on marketing emails. If users don't want them, those emails are by definition spam.
If your business needs to send me emails to stay solvent, maybe you should re-think your business model because the overwhelming majority of internet users don't want to be part of your fucking "sales funnel". The standard response is that the user actually does want your product, they just don't know it yet. Which is of course a complete load of bullshit.
Seems like lead generation services are up shit creek. Glad I got out of that long ago. Is there any way for them to legally transfer the ability to email someone to another company?
If not, I assume users filling out the wrong country (so you can filter out Canadians from your lists, except those who put in the wrong country) doesn't protect you either.
These new rules seem reasonable and no different from what businesses are/should already be doing.
Does "consent" apply to websites which add an "opt in" checkbox but check it off by default and hope that nobody sees it?
This really irritates me and I would argue does not constitute my having given my consent to receive emails. That said, I don't see an easy way to distinguish this kind of practice from a legitimate opt-in checkbox.
If the user has signed up explicitly for the purpose of receiving the newsletter, that's an opt-in and you're fine. if you want to use that list to send emails outside the scope of what the users initially signed up for, you're getting into grey area.
1. CASL is opt-in, while CAN-SPAM is opt out;
2. Canada has an opt-in exception for existing business relationships that must be renewed every two years; and
3. CASL applies not only to email but to any electronic message, including a message sent via an installed program.
For more information, see: http://www.mcmillan.ca/Files/172403_Key%20Differences%20betw...