CASL's Second Course

Covered Serving TraySpam was the first course served up by Canadian legislation. Let's take a look at the rest of the meal.

There is an abundance of information about Canada's Anti-Spam Legislation (CASL), mostly focused on...well, spam. But there is much more to the law than that. As Davis LLP notes here, when the first part of the law went into effect July 1, 2014

"...It generated a lot of "buzz" both nationally and abroad: consumers were inundated with requests from businesses for their consent; charities and other organizations openly worried about CASL's effect on their operations; and lawyers and business people hotly debated the efficacy and approach of CASL.

Lost in that discussion was the important fact that CASL is not really an anti-spam law. Instead, it regulates most electronic interactions, with the broad intent of preventing activities that undermine them."

The legislation is a meal of three courses. The first, already consumed, took effect July 1, 2014, and was the majority of the legislation. It addressed the sending of commercial electronic messages (CEMs) and associated consent, and is much more than an anti-spam law.

Next on the table, as noted above, is the section dealing with the installation of computer programs, changing device settings, software updates and other things, and cases which require consent. It will come into force on January 15, 2015. Finally, the sections that deal with the private right of action will come into force on July, 1 2017. 

McMillan goes on to refer to the part 2 legislation as "Canada's Software Installation Law" ("CSIL"), so let's follow suit. At bottom are several links to details about CSIL. We have no intention of delving into the specifics here, rather we will take a high level look. 

CSIL, like CASL (and many other privacy laws around the world) is very broad and unclear, and has caused some serious indigestion. It states in section 8A that a "...person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person’s computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system..."

At first glance this seems to be aimed at malware, but that is not the case. It applies in fact, to all computer programs. And the term "computer system" covers not only desk and laptop computers, but tablets, smartphones, wearable technology and more.

CSIL's broad terminology left people wondering about self-installed programs, software on a CD, apps, automatic updates, and even an app store which, after all, lets people download and install programs from. To help businesses digest the law, the Canadian Radio-television Telecommunications Commission (CRTC) which governs the legislation, issued a plain language Guidance.

The Guidance was published November 10th, 2014, barely ahead of January 15, 2015 which is when the laws come into force. While some issues still need further clarification, the Guidance did provide much needed interpretation and pragmatic examples.

Davis LLP published a very helpful bulletin which explains the explanations in the Guidance. (You know compliance is challenging when a firm needs to offer a comprehensible interpretation of the plain language Guidance of the original law.) A few of the notable points in the Guidance, here taken from the bulletin, include:

CASL does not apply to installations on a users own computer. It only applies when you install or cause the installation of a computer program on another person's device in the course of commercial activity. The Guidance gives the following examples of self-installed software not covered by CASL:

  • an app is purchased and downloaded to a mobile device from an app store
  • software on a CD is purchased from a store and installed on a computer;
  • software from a website is downloaded and installed on a device;
  • software is installed by a small business on its devices used by its employees;
  • a previously-installed app offers an update, and the user installs the update. However, in this case, the Guidelines state that if the app installs the update in the background, without prompting or informing the user, then CASL applies.

- See more at: http://www.davis.ca/en/publication/casl-compliance.../#sthash.tyoXRVou.dpuf

If you are hungry for something meaty to chew on, explore the links below for more on CASL and CSIL.

Green Eggs And Spam: The Surprising Side Dish...



CRTC Clarifies That Anti-Spam Law Won't Apply To Self-Installation Of Computer Programs - Most Of The Time