What Publishers Need to Know About the Canadian Anti-Spam Legislation (CASL)


Canadian Anti-Spam Legislation (CASL) is a law enforced by the Canadian Radio-Television and Telecommunications Commission (CRTC).  The law came into effect on July 1, 2014 with the purpose of protecting Canadians from unsolicited commercial electronic messages (CEMs).  CEMs can take many forms, including texts, emails, and social media and instant messages.  


In short, yes.  CASL does not discriminate based on physical location.  The law extends not only to those actually living in Canada, but also anyone around the world who sends commercial electronic messages to someone in Canada.  Thus, if your company is located in Canada and/or you are advertising to people in Canada, you must comply with the CASL or face hefty risk penalties.


This wordy law can be distilled into three basic points to remember: Consent, Identity, and Unsubscribe.


  • In order to send emails to your subscribers, you must first get consent.  Under CASL, there are two types of consent: express and implied.

Express consent is when permission is explicitly asked for, and consent is granted either verbally or in writing, for example by subscribing to an email list.  Once express consent is granted, it can last forever, until such time the person actively unsubscribes from receiving your CEMs.  

PRO-TIP: If you want to be extra sure you’re in compliance, you may want to have a “double opt-in” process, which requires someone to voluntarily subscribe and confirm their intent to subscribe via an automatically-generated email.  Replying to the email or clicking a confirmation link demonstrates express consent.  

Implied consent is a bit trickier, and typically occurs via an existing business relationship based on a previous commercial transaction, or an existing non-business relationship, such as volunteer work or club membership, so long as the relationship predates July 1, 2014.  Implied consent is also deemed granted where a person publishes their email address on a website, making it publicly available. An example of this is when you purchase a product from a store’s online website, and then you start receiving emails from that store.  Although you didn’t sign up for their mailing list, they assume that since you choose to do business with them, you would be interested in receiving further emails.

PRO-TIP:  Publishers CAN send CEMs to email addresses found online, but only when: 1) there is no statement in connection with the email address indicating the person does not want to receive CEMs; and 2) the CEM content is relevant to the recipient’s business or official job capacity.

How to protect yourself:  As an advertiser, presumably the sender of the CEMs, you bear the burden of showing consent has been granted.  If it’s been awhile since you reviewed your mailing list, now would be a good time to check and see who’s still listening.  For those subscribers who only provided implied consent in the past, now’s your chance to touch base and request their explicit consent.  


  • Bad news for all of you elusive types – under CASL, your true identity must be revealed.  The law requires that, on all commercial electronic messages, you must include the following information:
    • Your name (a company name is ok)
    • A physical mailing address
    • A working email address
    • A phone number and/or website address
    • If the message is being sent on your behalf by a third-party.

How to protect yourself:  If this information is not readily identifiable in your advertising, some revisions may be needed in order to comply with CASL.  Also be sure that your communications do not contain any false or misleading information, including your identity as the sender.


  • It happens to the best of us.  We grow older, tastes change, relationships grow distant, and one party wants to break it off.  CASL requires that you provide an easily identifiable way to do so, such as in the footer at the bottom of an email or text at the bottom of an advertisement.

How to protect yourself:  Make sure all CEMs you send out contain a visible link to unsubscribe that remains active for at least 60 calendar days from the date of the communication.  Additionally, all requests to unsubscribe must be processed within 10 calendar days, although some marketing automation systems can process unsubscribe requests almost instantaneously.


Currently, the CRTC is in charge of enforcing the law.  If you are found in violation, the CRTC can levy Administrative Monetary Penalties (AMPs) as high as $1m for individuals and $10m for businesses.  Penalties may be charged per violation, and violations may be incurred for each day of non-compliance.  

How to protect yourself: If the CRTC starts knocking on your door, it’s not the end of the world.  First, you have the right to challenge any AMPs alleged against you.  Additionally, if you are found in violation of the CASL, the CRTC will take many factors into account (e.g., the nature and scope of the violation, your ability to pay, and any other relevant factors) when calculating the final penalty amount.


Well, maybe. The CRTC can come after you, but as of right now, individuals cannot. While a private right of action was scheduled to take effect July 1, 2017, allowing individuals harmed by your CASL violations to bring private lawsuits against you, this right was postponed at the eleventh hour.  At this time, it is unclear when this private right of action will take effect, either in its current form, in an amended form, or if at all.


As an advertiser, make sure every recipient of your CEMs has granted you their express consent to receive such messages.  The messages you send should clearly identify who you are, how to find you, and also how to leave you.