Fighting Internet and Wireless Spam Act

From Wikipedia, the free encyclopedia

The Fighting Internet and Wireless Spam Act (the Act, French: Loi visant l’élimination des pourriels sur les réseaux Internet et sans fil), is Canada's anti-spam legislation (also known as CASTL) that received Royal Assent on December 15, 2010.[1] The Act replaced Bill C-27, the Electronic Commerce Protection Act (ECPA), which was passed by the House of Commons, but died due to the prorogation of the second session of the 40th Canadian Parliament on December 30, 2009. The Act went into effect July 1, 2014.

The Act applies to "all communications sent by Canadian companies, to Canadian companies or messages simply routed through Canadian servers".[2] This includes personalized communications such as email or SMS messages delivering any form of communication, such as text, images, voice or sounds, or technologies not yet available.[3][4] However, the Act exempts communications sent via telephone or facsimile,[5] as these are already regulated under the Telecommunications Act.[6][7]

The Act requires that marketers may only send email to individuals who opt into receiving them.[8] There are two types of consent: Implied and Explicit. Implied consent includes information that was acquired by engaging in a transaction with a company, or by virtue of having one's telephone number or email address listed in a public directory.[9] Records collected by marketers via implied consent have a time limit.[10] This act makes it necessary for marketers to send a one-time double opt-in subscription request to all its subscribers whose consent has not been explicitly taken till the date this act came into force. As companies' email lists expand over the years and their consent type and source does not remain clear, most of the companies sent the double opt-in email to all their subscribers once the Act came into force.[11] No matter the type of consent, it is mandatory for senders to enable recipients to opt out of receiving messages. Most email marketing and Marketing Automation Software (MAS) platforms help manage consent and the opt-out clause. Emails following CASTL must also include the contact information and address of the sender of the communication.

An email address has always been considered personal information per the Personal Information Protection and Electronic Documents Act, (PIPEDA) which can require implied or explicit consent before an email address is collected or used.[12][13] The Act added additional protections in PIPEDA to prevent companies from relying on PIPEDA exceptions relating to fraud prevention or debt collection to generate email lists by data mining or automatic crawling without consent.[14]

The Act is enforced by three organizations: the Competition Bureau, the Canadian Radio-television and Telecommunications Commission (CRTC) and the Office of the Privacy Commissioner.[15] It includes a "private right of action that will allow Canadian consumers and businesses to take civil action against those who violate the legislation".[16] The CRTC may levy fines of up to $1 million for an individual or $10 million for a business that contravenes the Act .[17] Each violation may result in a fine.[18]

The Act has been criticized by some, such as David Poellhuber, who says "It’s not going to change the spam you and I receive in our inboxes"[19] because about 70 per cent of spam originates from botnets operating in other countries, notably Brazil, Russia, and the United States;[20] and by academics who argue that it is unconstitutional.[21][22] However, one analysis found a 29% reduction in spam received by Canadians and a corresponding 37% reduction in spam sent by Canadians once the Act took effect.[23]



  1. ^ LEGISinfo
  2. ^ Ouellette
  3. ^ Inbox Marketer
  4. ^ Lam: "Canada’s law is also broader in that it covers all personalized electronic messages, whether emails, SMS (text) messages, or any other electronic technologies which may be in use in the future."
  5. ^ Canada's Anti-Spam Legislation, SC 2010, c 23, sub-section 6(8)
  6. ^ Telecommunications Act, SC 1993, c 38, section 41 et seq
  7. ^ CRTC, Telemarketing and Unwanted Calls
  8. ^ Lam
  9. ^ Lam: "If a person or business’s address or phone number has been "conspicuously published or disclosed" and there’s no statement saying that the recipient doesn’t want unsolicited commercial messages, that also counts as implied consent. The messages sent do have to be deemed relevant to the recipient, however."
  10. ^ Androich: One element of Bill C-28 that appears inevitable, says Belton, is that there will be time limits associated with implied consent records.
  11. ^ Melnyk, Jenn (2 July 2014). "CASL - MOVING FORWARD". SiteWyze. Archived from the original on 2 April 2015. Retrieved 13 March 2015.
  12. ^ OPC, PIPEDA Case Summary #2005-297
  13. ^ OPC, Report of Findings #2016-005, "Accuracy of Email Addresses"
  14. ^ SC 2010, c 23, Canadian Anti-Spam Legislation, Legislative Summary, section 2.11, "Under PIPEDA as it currently exists, there is a list of exceptional circumstances under which personal information can be collected, used and/or disclosed by a private sector organization without consent, such as in life-threatening emergencies or for debt collection. Bill C-28 introduces a caveat: in the case of the collection and/or use of an electronic address obtained through data mining or other automated crawling, most of the PIPEDA exceptions do not apply."
  15. ^ Competition Bureau
  16. ^ Competition Bureau
  17. ^ Webb
  18. ^ Androich: "Senders that violate the law face fierce fines: up to $10 million for an organization and up to $1 million for an individual. The penalties will be imposed per violation and sometimes will even be treated separately for each day the law is violated."
  19. ^ Webb
  20. ^ Webb
  21. ^ Crowne, Emir and Provato, Stephanie, Canada's Anti-Spam Legislation: A Constitutional Analysis (November 13, 2014). John Marshall Journal of Information Technology & Privacy Law, Vol. 31, No. 1, 2014 . Available at SSRN:
  22. ^ "Expect Canada’s anti-spam law could face Charter challenge, law professor says",
  23. ^ Cloudmark, 2015 Q1 Security Threat Report

External links[edit]