Information Technology, Privacy

Email unsubscribe functions must be CASL compliant

News that Rogers Media Inc. was fined $200,000 by the Canadian Radio-television and Telecommunications Commission (CRTC) is a warning that companies doing business in Canada must ensure email unsubscribe mechanisms are compliant with anti-spam legislation, says Toronto technology and business lawyer Peter Murphy.

Murphy, who specializes in privacy, data protection and anti-spam, as well as technology law, says this most recent fine issued by the CRTC under Canada's Anti-Spam Legislation (CASL) highlights CASL's requirements for unsubscribe functions.

The CRTC states the apparent violations stretched from July 2014 to July 2015, when consumers found emails came with an unsubscribe option that wouldn’t function properly and wasn't valid for the requisite 60 days.

Murphy, partner with Shibley Righton LLP, says while the CRTC’s press release doesn’t go into extensive detail, it is clear that Roger's unsubscribe mechanism was at issue. He tells that under CASL, the action of unsubscribing must be readily performable.

“This means if you click ‘unsubscribe’ you should be presented with a simple electronic opt-out mechanism, such as being taken to a landing page where you can unsubscribe without any barriers,” he says. “It has to be straightforward. If, for example, you are required to enter a password before opting out, that would probably not be considered readily performable under the legislation.”

Another requirement for the unsubscribe mechanism is that it must be valid for a minimum of 60 days following the date of the message.

Murphy says companies that are in the process of changing and upgrading their CASL compliance have to ensure that old unsubscribe landing pages stay valid for at least 60 days from date the last message was sent.

The third aspect of CASL-compliant unsubscribe functions is that companies must honor a request to unsubscribe from receiving future commercial electronic messages within 10 business days of notification.

“When the unsubscribe request is made, it has to be put into effect within a window of 10 business days,” Murphy says.

He says an interesting aspect is that Rogers entered into an undertaking with the CRTC, which is essentially an agreement where the company agrees to get up to par with CASL and pay a fine.

“It's like a settlement,” Murphy explains. “If you enter into the undertaking with the CRTC, it prevents future claims or repercussions for that particular violation. It’s important that Rogers appears to have co-operated with the CRTC and they agreed to implement a CASL compliance program.”

This is in stark contrast to the first fine issued under CASL back in March, where Quebec-based corporate training company Compu-Finder was fined $1.1 million for emailing consumers without their consent and did not properly allow recipients to unsubscribe from the mailings.

“My understanding is Compu-Finder did not pursue entering into an undertaking with the CRTC,” says Murphy. “Given the relatively large fine it received, there is an implication there that co-operating with the CRTC and negotiating an undertaking with them is the best way to proceed when facing CRTC CASL enforcement activity.”

To Read More Peter Murphy Posts Click Here