CASL is more privacy law than anti-spam law

Michael Geist, a law professor in Canada, writes about the new CASL law, why it’s necessary and why it’s more about privacy and consumer protection than just about spam.

The law has at least three goals: provide Canada with tough anti-spam rules, require software companies to better inform consumers about their programs before installation, and update Canadian privacy standards by re-allocating who bears the cost for the use of personal information in the digital environment.

There are a lot of marketers out there that are really in a tizzy about CASL and about actually having to ask for and receive permission before sending mail to people. These are the same marketers who will tell you that they only do permission email. I’ve not quite gotten past the cognitive dissonance. They already do permission email, now they just actually have to keep some accurate records and have an audit trail.
The more cynical side of me says that the problem is that these senders who are stomping around ranting about how awful CASL is and how unfair are just pouty because they can no longer pretend they have permission. They actually have to have permission. They can’t bury an opt-in somewhere in a privacy policy, they have to have a real opt-in. They can’t tell a complainant “well, you opted in at some point, we just don’t know when” they have to be able to demonstrate the opt-in. They can’t just collect an email address and assume that address is a viable target forever, they have to either have a demonstrable relationship with the recipient or stop mailing the address after a few years.
Whenever I read about how awful CASL is, the underlying issue seems to me to be that marketers don’t like being told to stop taking permission from recipients. The marketers don’t like begin told they have to respect consumers. Not only that, they really hate that if they violate the law they may be held accountable for that.
Canada was one of the last western, industrialized nations to adopt an anti-spam law. I do not think it’s coincidence that CASL is extremely consumer friendly. Canada saw what happened with other laws and wrote a law that was a lot harder for marketers to ignore.

Don't wait to address delivery problems
Facts about engagement

Related Posts

Have fun storming the CASL!

I’ve given Humble Bundle my (tagged) email address a bunch of times – as part of purchases, as my username on their website, to download games and books I’ve bought.
And, naturally, they’ve sent me newsletters announcing when they have new sales. Did I check a checkbox or uncheck a checkbox? I don’t remember, and don’t really care. It’s a company I have a real relationship with and have purchased from, they’re sending content I want to see, and I trust them not to misuse my address and to honour an unsubscription request.
So … probably opt-in, and I’m fairly sure they’ve confirmed that it’s my email address. But did they explicitly tell me they’d use my email address for a newsletter? I and my email archive don’t remember that far back, and it’s quite possible that Humble Bundle’s current staff and records don’t either.
In todays newsletter, right above their talking about their summer sales, they had this:
 
All_Mailboxes__Found_118_matches_for_search_
 
They’re confirming that I want to keep getting newsletters, and stressing why I want to keep getting them. Their database probably dates back to the iron age, or at least 2010, and my clicking on the big, friendly green button both lets them know that I’m an engaged subscriber and lets them record in their database that “Yes! This subscriber has explicitly said they want our newsletters!”.
Gradually adding that information to their subscriber database will let them better make decisions in the future about what content to send, how often, whether to try and reengage with a subset of their subscribers.
Oh, and there’s CASL, of course.
If you or your recipients have a Canadian presence you have a little less than eighteen months to make sure you have documented, explicit consent from any recipients for whom you only have implicit (e.g. business relationship) consent or for whom you’ve lost the original records.

Read More

June 2014: The month in email

Each month, we like to focus on a core email feature or function and present an overview for people looking to learn more. This month, we addressed authentication with SPF.
We also talked about feedback mechanisms, and the importance for senders to participate in FBL processes.
In our ongoing discussions about spam filters, we took a look at the state of our own inboxes and lamented the challenge spam we get from Spamarrest. We also pointed out a post from Cloudmark where they reiterate much of what we’ve been saying about filters: there’s no secret sauce, just a continuing series of efforts to make sure recipients get only the mail they want and expect to receive. We also looked at a grey area in the realm of wanted and expected mail: role accounts (such as “marketing@companyname.com”) and how ESPs handle them.
As always, getting into the Gmail inbox is a big priority for our clients and other senders. We talked a bit about this here, and a bit more about the ever-changing world of filters here.
On the subject of list management, we wrote about the state of affiliate mailers and the heightened delivery challenges they face getting in the inbox. We got our usual quota of spam, and a call from a marketer who had purchased our names on a list. You can imagine how effective that was for them.
And in a not-at-all-surprising development, spammers have started to employ DMARC workarounds. We highlighted some of the Yahoo-specific issues in a post that raises more questions.
We also saw some things we quite liked in June. In the Best Practices Hall of Fame, we gave props to this privacy policy change notification and to our bank’s ATM receipts.
We also reviewed some interesting new and updated technology in the commercial MTA space, and were happy to share those findings.

Read More

Engaging recipients critical for delivery

One of the issues I have touched on repeatedly is the changing face of blocking and filtering at ISPs. Over the last 12 – 18 months, large, end-user ISPs have started rolling out more and more sophisticated filters. These filters look at a lot of things about an email, not just the content or the sending IP reputation or URLs in the message but also the recipient profile. Yes, ISPs really are measuring how engaged recipients are with a sender and, they are using that information to help them make blocking decisions.
There were two separate posts on Friday related to this.
Mark Brownlow has a great blog post speculating about a number of things ISPs might be looking at when making decisions about what to do with an incoming email. He lists a number of potential measurements, some of which I can definitively confirm are being measured by ISPs.

Read More