So I’m taking off my foodie hat and putting on my lawyer hat today, to talk about Canada’s new anti-spam laws! Exciiiiting, right? Those of you who come for the recipes, I apologize. This is just a short little break from regularly scheduled programming, and I will be back with food stuff, I promise!
If you are still reading, then you are probably a blogger type or a web type, or else just really really bored and looking for something to read. For those in the latter category, might I suggest this.
For those in the former category, welcome! If you are confused or panicked or just plain curious about the new anti-spam law, and how it might affect your blogging activities, you have come to the right place!
Now before I begin, a disclaimer: I ain’t your lawyer, and this is not legal advice, y’hear? This is what we call legal information. If you have questions about how the new law applies to your particular circumstances, or you find yourself caught in an anti-spam pickle, you will need to retain a lawyer to help you.
With that out of the way, let’s get on with what will hopefully be the quickest and dirtiest, but most helpfully simplified, summary of the anti-spam law that you will find on the interwebs.
“Anti-spam”? What you talkin’ about Willis?!
Yes, anti-spam. Canada has a new anti-spam law that goes into effect July 1, 2014. The new law has a few different parts, but the most important part for bloggers? No sending emails without consent. You got that? I repeat: NO SENDING EMAILS WITHOUT CONSENT. And by emails I mean not just *emails* but text messages and messages sent through social media platforms (like Facebook and Twitter) too. The law calls these “commercial electronic messages”. No sending commercial electronic messages without consent! Write that on your hand.
And when you do send these “commercial electronic messages”, you’ve also got to make sure that the message you are sending meets a few simple form and content requirements. (More about that later.)
What happens if you break this new law? You can get fined up to $1 million (for individuals; $10 million for corporations). Yikes!
So what the heck is “consent” and how do I get it?
Good question. The most important thing is that (subject to a few exceptions, which I will talk about in a bit) the consent must be EXPRESS. The subscriber/reader must opt-in to receiving your messages. This means no already-ticked check boxes, and no “thanks for purchasing the world’s best dog bone; we’ve added you to our database!”. You can only send messages to folks who have actively taken some step to say YES, I want to get your messages.
When you ask folks for express consent, the law says you must tell them the following: (1) the purpose for which you are seeking their consent (i.e. what do you want to send them?), (2) the name of the person or business asking for the consent, (3) the mailing address and either a phone number, email address or web address of the person or business asking for consent, and (4) a statement that the person can withdraw their consent at any time.
And…what about these “exceptions” to express consent?
There are a few situations in which you can send a message without express consent. I won’t cover all the exceptions, as that would
bore you to death make this article way way too long, but here are some of the important ones for bloggers:
- Where the message is not commercial in nature. Remember, the law only applies to commercial electronic messages. If your blog is totally educational, and you aren’t making a cent on advertising, sponsorship, or otherwise, it’s arguable that the law doesn’t apply to your messages. Arguable. (Don’t you just love lawyers?) When in doubt, get consent. Do it.
- Where you have a “personal relationship” or a “family relationship” with the recipient. Yes, your mother-in-law can email you without obtaining your express consent. Sorry.
- Where you are sending a message through an “electronic messaging service” (e.g. a social media platform) that has its own “unsubscribe” mechanism and the person you are sending the message to “consents to receive it either expressly or by implication”. This is a bit of a head-scratcher, but at least makes it clear that we don’t need to add an unsubscribe mechanism when we send Facebook messages!
- Where the consent can be IMPLIED. In some cases, even though the anti-spam law applies and you need consent, you can rely on implied consent instead of express consent. A couple of the important situations in which implied consent will be sufficient:
- Where you have an existing business relationship with the recipient. If you and the recipient have engaged in certain types of business activities (example: the recipient purchased a product or service from you) at some point in the last two years, or the recipient made an email inquiry at some point in the last six months, then you’ve got something called implied consent and you don’t need express consent. The crappy thing about implied consent is that it’s time-limited; it does not last forever! Express consent is way better—it lasts until the recipient withdraws the consent (i.e. unsubscribes). But the great thing about implied consent is that you can use the implied consent as permission to send an email asking the person to grant express consent. Does your head hurt yet? Sorry. Keep on reading down to “Do I need to obtain consent from my existing subscribers?” and this will all become a little clearer.
- Where the recipient has “conspicuously published” his/her email address (e.g. on a website) or disclosed it to you (e.g. on a business card), without any indication that emails are unwelcome. Consent is implied here too. So if a PR company says “contact us at firstname.lastname@example.org for more information about media opportunities” or a brand says “we love to hear from you; drop us a note at email@example.com”, or a blogger at a conference gives you a business card for their consulting business, you can send an email without express consent. Provided, of course, that the email relates to the service or product on offer. (No emails about, you know, “enlargement” or anything like that.)
Do I need to obtain consent from my existing subscribers?
In the past couple of weeks, you’ve probably received your fair share of “Please confirm that you’d like to continue to receive emails from us” emails. And you may be wondering: S*#t! Do I have to do that?
The answer (wait, wait, wait for it): you might. Doh!
Whether or not you need to reach out to your list to confirm consent (i.e. to get express consent) depends on how you got these email addresses in the first place. In my case, all my subscribers joined my list through a double opt-in process (kinda like this one). That is, they opted in first by entering their email address on my site, and second by confirming their subscription by email. My email service provider does this for me. I’m pretty satisfied that all of these subscribers have granted their express consent. Clap, clap, clap!
Now, it would be a different story if some or all of my subscribers had come to me via some other route. For example, if they had purchased a product or service from me, or made an email inquiry at some point in the past, or given me a business card at an event. I might have implied consent for some of these folks; for others I might have no consent. (Remember, implied consent is time-limited. If they came to be on my list as a result of a business relationship that ended three years ago, there is no implied consent.) So I could try to separate my list into (1) people who have given express consent, (2) people who have given implied consent, and (3) people who have not given consent (or for whom implied consent has expired). OR, I could save a lot of time and just email my whole list to get their express consent. This is what many large companies seem to be doing.
The downside to doing that? You may end up with a list that is the fraction of the size it used to be. The upside? You will know that those who are on the list really do want to hear from you. Sure, you’re making your list smaller, but you’re also making it better :-).
One last thing on this: it appears that my express consents will still be valid after July 1, 2014, even though I DID NOT include all the required information when requesting the consents (e.g. I have never had on my site any statement that subscribers can withdraw their consent at any time). However, come July 1, I will have to make sure that all my requests for consent contain this information.
If you are going to send an email to confirm your subscribers, make sure you do it before the law comes into effect on July 1. Because a mere request for consent is itself a commercial electronic message that, under the new law, cannot be sent without consent. Ack!
Does this new law apply to all email addresses everywhere in the world?
No. Well, not really. The law applies to all commercial electronic messages sent or accessed using a computer located in Canada. BUT…the law does NOT apply if you are sending a message that you “reasonably believe” will be accessed in one of the foreign countries listed here (it’s a LONG list), provided you make sure that the message conforms to the law of that foreign state. So if you are sending emails to subscribers in Botswana, Namibia or—more likely—the USA, then it’s time to start reading up their anti-spam laws. (This is the part that makes me want to crawl under a very large rock.)
And what about these form and content requirements?
I mentioned the form and content requirements. All messages to which the law applies must meet some specific form and content requirements. So make your messages exciting, compelling, graphic, and all that good stuff. But before you send them, make sure they also include the following:
(1) the name of the person or business sending the message;
(2) the mailing address and either a telephone number, email address or web address of the person or business sending the message; and
(3) an unsubscribe mechanism that is totally free and valid for at least 60 days.
If you work out of a home office, you do NOT need to disclose your home address to meet these requirements. You can use a PO box or general delivery address instead.
If you take only one thing away from this article, make it this: if you want to send commercial electronic messages, you need to (1) get consent, (2) identify yourself and your business in the request for consent and in all messages, and (3) make it possible for people to unsubscribe. That’s the gist.
You can also check out the CRTC’s anti-spam FAQs right here.