October 23, 2017

Canada’s Anti-Spam Legislation (CASL)—A brief history.


Shortly after CAN-SPAM passed into law in 2003, the Canadian government organized a group of professionals from several different industries, including marketing, technology, private business, not for profits, and the legal community, to consider the potential structure of what would ultimately become known as Canada’s Anti-Spam Legislation (CASL). Here’s a brief history of CASL. 

The group of stakeholders, known as the Federal Anti-Spam Task Force (FAST-F), held several meetings over the course of a year and produced a highly-regarded document entitled Stopping Spam: Creating a Stronger, Safer Internet in 2005. Many of the recommendations from this initial document went on to become the foundation of CASL passed in 2010.

Excerpt from page iii of Stopping Spam: Creating a Stronger, Safer Internet

Passing CASL into law was more challenging than many of us in the Canadian email community imagined. The Canadian government was forced to restart the process several times between 2005 and 2010.

While the legislative process churned on, the early version of the law bore a couple of other names, including C-27 – The Fighting Internet and Spam Act (FISA) and C-28 – The Electronic Commerce Protection Act (ECPA). During the committee review process, the official name of the law — An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act – was dropped, and the industry eventually gave the bill a much shorter and more logical nickname: Canada’s Anti-Spam Legislation (CASL)

After finally becoming law, a couple years passed before the regulations from the various enforcement agencies finalized, leading to a 2014 enforcement date.

The most immediate impact on Canadian recipients was the flurry of subscription confirmation emails sent from businesses before the enforcement date, primarily during the Canadian summer of 2014.

After CASL became law, it triggered three deadlines businesses had to meet:

  1. The first deadline was the kick-off for enforcement, July 1, 2014, targeting CEMs and data collection, unsubscribe management, and the message form requirements.
  2. The January 15, 2015, deadline mandated businesses in the software space update their install software for compliance.
  3. The final deadline was July 1, 2017, when the full enforcement of all provisions of the law activated, and the transition period (Section 66) of the act came to a close. This deadline covered the expiration of implied consents collected pre-CASL. Weeks before this deadline, CASL’s Private Right of Action (PRA) was also scheduled for introduction at this time but was delayed indefinitely.

During the transition period, several cases, mostly led by the Canadian Radio-television and Telecommunications Commission (CRTC), were filed with fines ranging from $10,000 (CAD) for the CEO of on organization responsible for various alleged violations to $1.1 million (CAD) against a Quebec corporation.* We also saw one case where the CRTC used its powers under CASL to help the international community take the Dorkbot virus offline by raiding a data center where one of the command nodes was operating.

CASL has now reached its three-year review period and is under the microscope of the review board to determine if any required changes to the legislation are necessary, and to evaluate the effectiveness of the legislation to accomplish the function outlined within its mandate.

Many businesses that completed a proper CASL-compliance exercise may already be much further ahead in their compliance readiness for the E.U.’s General Data Protection Regulation (GDPR), whose implementation date is May 25, 2018.

For more information on CASL, please review the official site FightSpam.gc.cafor more details on the rules and regulations of the law.

Keep coming back to the 250ok blog for more information about CASL, the GDPR, and compliance with both laws, as I share insights into these laws and how they impact your email marketing program.

* On October 19, 2017, this fine was reduced by Commission to $200,000 (CAD).

Comparison of CASL and CAN-SPAM

Author: Matthew Vernhout

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (CIPP) with more than a decade of experience in email marketing. Matt is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee.

You may also like...

The Year in Email 2019

It’s hard to believe we are nearing the end of yet another exciting year in email, and 2019 proved to be one of the most momentous and active years to date. Over the past year, the number of new technologies, mergers and acquisitions, mailbox provider (MBP) announcements, news, and highlights is evidence of the versatility […]

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Ready to get started?