Why CASL is Bad for Canada’s Economy and How to Lighten It
This article was originally published on tbk Creative’s blog on October 11, 2016 and is re-purposed here for your convenience. This article explains in detail why CASL is anti-competitive for our Canadian businesses and is followed by three (3) recommendations for reform. These recommendations were echoed in Canadian Lawyer magazine on March 27, 2017 and again in the Financial Post on May 18, 2017. #LightenCASL is urging the federal government to lighten CASL so Canadian businesses can easily comply with it while still protecting consumers.
Canada’s Anti-Spam Legislation (CASL) is anti-competitive for our Canadian businesses and it’s a large thorn in Canada’s dream of developing a world-leading ‘digital economy’.
CASL is a problem for two primary reasons and I’ll explain both in more detail throughout this article.
First, CASL is anti-competitive. For companies who wish to comply with CASL, there are a number of requirements they must meet—more so than any privacy legislation of its kind in the world—prior to being allowed to send out commercial electronic messages (CEMs).
For instance, when seeking express consent on a website, a company’s subpage must have a form that has the company’s name; their mailing address; their phone, email, or web URL; a consent message detailing what the business plans to do with the recipient’s email; a statement in the consent message clearly stating that the user may withdraw their consent at anytime; and an unchecked checkbox the user must check in order to provide express consent.
Even if businesses adhere to this stringent checklist, the mere fact that they are required to follow it puts them at a competitive disadvantage with the vast majority of businesses outside of Canada, who either aren’t aware of CASL or routinely ignore it.
The result of this conundrum is that pound for pound, our Canadian businesses acquire marketable emails at a slower pace than our foreign counterparts, who may wish to adhere to the US’s CAN-SPAM Act (a much less thorny version of CASL) instead.
An example: an accounting firm releases a report that can be downloaded via a subpage landing page. The accounting firm may have put considerable effort into producing the report but, to acquire express consent, they need people to check the consent box when they download the report. Unfortunately, usually 50% or less of users are checking the consent box when they download a report of this nature, yet, 100% of the users are accessing the report.
A second example: a retailer running a sweepstake (e.g., a weekend family getaway to Niagara Falls) spends their resources on prizes, advertising, and crafting the right legal terms (e.g., complying with the Competition Act, Criminal Code, etc.). In the end, contestants are gaining value (the chance to win a prize) from the retailer (after answering a skill-testing question of course), yet, usually 50% or less of entrants are providing express consent.
A third example: a reputable engineering firm holds an educational webinar to help the construction industry, which has a new methodology for reducing building costs. The engineering firm spends money on setting up the webinar, advertising, building the visual presentation, and incurring payroll costs for an engineer to facilitate the webinar. Once again, unfortunately, usually 50% or less of entrants are providing express consent.
In all of the above situations, it can be argued that each business (the accounting firm, retailer, and engineering firm) doesn’t have implied consent since their users aren’t purchasing a product or service nor are they inquiring about a product or service. Therefore, they are only allowed to send CEMs to those who check the consent box, which again, in practice, is usually 50% of users or less (I’ve seen consent checkboxes get checked as low as 25% of the time).
The above examples—as well as many others—can be coined unilateral, which means one party gains value but the other doesn’t. It’s unbalanced. One-sided. Inequitable. Unfair.
CASL isn’t just unfair in instances of express consent, it’s also unfair in instances of implied consent too. Essentially, when someone is inquiring about a product or service, the vendor is given 6 months from the date of inquiry and 2 years from the date of last purchase to send CEMs, but, for some unknown reason, CASL requires the business to remove the person from their list after the consumer’s implied consent expires.
There are many industries where it’s not logical for such an expiry date to exist. For instance, an April 2011 study (conducted by Google/Shopper Sciences) found that 7% of consumers shopping in the automotive industry and 6% of consumers shopping in the technology industry take over 1 year to make a purchase decision. In these circumstances, it would make no sense for the given vendors to purge consumers from the e-mail marketing list after 6 months, which would be right in the middle of the consumer purchase cycle. Moreover, it’s completely normal for consumers to re-purchase certain kinds of products after 2 years: home renovation purchases, and house, vehicle, and appliance purchases—products within some of Canada’s largest industries—have re-purchase cycles that far exceed 2 years.
While thinking about applying proper reform to this area of the legislation, our elected officials and bureaucrats need to remember that recipients of CEMs can unsubscribe at anytime—and it’s not difficult either. It’s much more difficult to get off a Canada Post list (apparently, there’s no way to) or join the Do-Not-Call list.
When legislation forces businesses to purge their contact list after 6 months, it doesn’t protect consumers, but it does create a large, costly compliance barrier (we discuss this later) that takes away a consumer’s liberty to choose which emails they receive.
It’s also important to remember that Canada doesn’t exist inside a vacuum. For example, when you compare Canadian businesses to their American counterparts, our Canadian companies will always have a substantial amount of could-be leads who they are prohibited from sending CEMs, whereas, due to the CAN-SPAM Act’s drafting, US companies in similar lead-generating situations (e.g., the three noted above) are legally allowed to send commercial electronic mail messages (the American term for CEMs) to 100% of their leads (in cases they don’t have consent, they only merely need to mention that the communication is an advertisement). Thus, if 50% of Canadian leads aren’t providing express consent, American companies have twice as many marketable leads, which creates a competitive advantage for American companies.
An argument can be made that CASL applies to companies outside of Canada too and that such companies can face regulatory sanctions or civil lawsuits—the Canadian Radio-television and Telecommunications Commission (CRTC) even published a Memorandum of Understanding with the US’s Federal Trade Commission that outlines, amongst other things, an agreement for mutual assistance in enforcing each other’s commercial email laws. However, in practice, this argument fails. CASL has been in effect for nearly 3 years and, to date, 100% of the CRTC’s published fines and settlements as they pertain to electronic messages have been inflicted on Canadian companies. Even if they issue one or two fines outside of Canadian borders (with substantive help from the given foreign regulatory regime), that’s not going to slow down CASL’s anti-competitiveness long-term. It is far more expensive for the CRTC or consumers to go after foreign companies (e.g., think about the process to lodge a lawsuit against companies in China, Denmark, Nigeria, United Arabic Emirates, etc.) than to target a Canadian household name.
Thus far, and it’s expected to continue, it is our Canadian companies—not foreign companies—who feel the largest brunt of CASL’s deviant effects. It’s a shame too because, according to the legislation, CASL’s intentions are to “promote the efficiency and adaptability of the Canadian economy”—not hinder it.
Let’s shift to the second reason why CASL is bad for the Canadian economy: CASL is excessively expensive for Canadian companies to comply with.
I don’t use “excessive” for special effect or emphasis—I use it quite literally. In CASL’s current version, if a company were to comply, it would be excessively expensive and, for most small companies, financially destructive.
To explain, let’s say a Canadian company sells windows and doors and generates $10 million per year in revenue. This window and door company typically sends their e-mail marketing list one CEM per month. If a consumer fills out a form and doesn’t check the consent box, no express consent is established, but this isn’t too bad because the business can lean on the 6-month existing business relationship rule—they have that customer’s implied consent to send out CEMs for up to 6 months.
However, this is where it gets expensive. To automate database tracking of consent in these situations, the business needs to create a software that connects their client relationship management software (CRM) or enterprise resource planning software (ERP) to their e-mail marketing software. This program needs to ensure that customers on the e-mail list are purged after 6 months if they don’t purchase a product; however, if a customer does complete a purchase, the software must change the purge date to 2 years from the purchase date. Furthermore, if a customer makes a re-purchase in this new 2-year window, the software needs to reset the purge date again, pushing the date by another 2 years. To add more spice to the mix, if the lead provides express consent in one of these 6-month or 2-year periods, the software must change this consumer’s label and create a no-purge date. You could rely on staff to do these functions, but you would face the inevitable threat of human error and up to $10 million per corporate offence. I don’t know about you, but, I don’t think it’s worth the risk.
You may have manually tracked the above labyrinth-like scenario for the 6-month and 2-year rules, but, keep this in mind: this example only had one lead. Now scale the above example to over 5,000 or 10,000 potential leads in a database. It would take a hefty technological solution that would cost in most cases, at the bare minimum, $50,000-$150,000 to build; it would likely be much higher for larger companies who need to integrate thousands of employees, and multiple business divisions and systems.
And this isn’t hypothetical either. In the last 5 years, tbk Creative, one of my companies, has worked with no less than 4 window companies who earn over $10 million per year in revenue and who each have thousands of leads in their databases. The problem described above is alive and well and is a situation being imposed on many of our Canadian companies because of CASL.
For example, take our $10 million window and door company (who has over 5,000 leads). In order to comply with CASL, they need to spend at least $50,000 to develop this consent-tracking software. Now scale that across the approximate 1 million companies in Canada. Yes, this money could be put towards the legal and technology industries but, in the end, we still wouldn’t be as competitive as the foreign companies who aren’t aware or don’t care about CASL. Instead of engaging in unreasonable legal and software bills in order to satisfy a hapless piece of legislation, our Canadian businesses would be better off spending their money on hiring, innovation, and capital expenditures (e.g., building expansion).
Recently, the CRTC announced that they have received over 300,000 complaints about alleged CASL violations. At least one article has taken this large number and implied it is evidence that CASL is a good legislation. But that’s merely perception—you can look at the same dataset and say that it’s clear evidence that CASL’s provisions are too difficult to comply with.
When you take the anti-competitiveness of CASL and combine it with the excessive expenditure of compliance, you quickly realize that CASL was poorly drafted and is in need of urgent repair.
Most Canadian companies respond to CASL in 1 of 3 ways, but there is a common denominator: no one I’ve met has found the right solution.
Some companies choose to install software that helps ensure outgoing e-mails have sender information and unsubscribe mechanism details, but this software doesn’t solve the previously mentioned window and door company’s implied consent example: they need to tie purchase tracking information to a moving purge target to automate the process of complying with the rules for existing business relationships.
Then there are companies who choose to scale down their email marketing efforts. According to a CyberImpact survey, 10% of respondents report that they have stopped sending CEMs entirely and, sadly, I believe this statistic is not too far from the truth. Two years ago, I led a workshop on CASL in London, Ontario and a marketing manager to one of Canada’s biggest accounting firms was in the audience. With a sense of despair, she said that her compliance department had recently sent out a memo stating that accountants can no longer send e-mails to their clients that offer services; if a service is to be offered, the accountant is to discuss it with the client via phone or in person. Essentially, the firm responded to CASL by banning all commercial emails.
Then there’s the largest segment: those companies who have their heads in the sand. But, in light of CASL’s creation, can you blame them? I’ve visited a number of company offices (large and small) and I can confirm that the vast majority of our Canadian companies aren’t compliant with CASL. The only reason alarms aren’t going off yet is because the CRTC has shown constraint—that, and, they have reportedly denounced only 5 companies to date. So if you’re 1 in over 1 million Canadian companies, your odds are still pretty good.
However, this may change as of July 2017 as CASL’s Private Right of Action provision commences. According to the legislation, consumers will be able to lodge legal proceedings against alleged CASL violators. Naturally, our Canadian businesses will be the largest brunt of these lawsuits and, according to at least two lawyers I’ve spoken to, based on the drafting of the legislation, a large volume of legal proceedings are expected to occur. Instead of only being able to lodge claims for actual damages done to consumers, which would be minimal, section 51 of the Act allows for penalties (in addition to damages) of up to $1 million per day.