AI tells a Canadian business that implied consent is valid indefinitely under Canada's Anti-Spam Legislation (CASL)
ID: legal/canada-anti-spam-casl-consent
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| CASL S.C. 2010, c. 23 | active | — | — | — |
| CRTC Compliance and Enforcement Bulletin CRTC 2012-548 | active | — | — | — |
Root Cause
CASL (S.C. 2010, c. 23) establishes a two-year expiry for implied consent (Section 10(9)), after which express consent must be obtained; implied consent from an existing business relationship or a published email address expires 2 years from the date it was given
generic中文
CASL(2010年,第23章)规定默示同意有效期为两年(第10条第9款),之后必须获得明示同意;来自现有商业关系或已发布电子邮件地址的默示同意自给予之日起两年后失效
Official Documentation
https://laws-lois.justice.gc.ca/eng/acts/E-1.6/Workarounds
-
82% success Implement a consent tracking system that logs the date and type of consent (implied vs. express). For implied consent, set a 2-year timer and send a re-consent request before expiry. For example, use a database field `consent_expiry_date` with a cron job to flag expiring consents.
Implement a consent tracking system that logs the date and type of consent (implied vs. express). For implied consent, set a 2-year timer and send a re-consent request before expiry. For example, use a database field `consent_expiry_date` with a cron job to flag expiring consents.
-
90% success Obtain express consent by sending a clear opt-in email with an unchecked checkbox and a link to your privacy policy. The CRTC recommends that consent be 'obtained through a clear, positive action' and that the purpose of the communication be stated explicitly.
Obtain express consent by sending a clear opt-in email with an unchecked checkbox and a link to your privacy policy. The CRTC recommends that consent be 'obtained through a clear, positive action' and that the purpose of the communication be stated explicitly.
中文步骤
Implement a consent tracking system that logs the date and type of consent (implied vs. express). For implied consent, set a 2-year timer and send a re-consent request before expiry. For example, use a database field `consent_expiry_date` with a cron job to flag expiring consents.
Obtain express consent by sending a clear opt-in email with an unchecked checkbox and a link to your privacy policy. The CRTC recommends that consent be 'obtained through a clear, positive action' and that the purpose of the communication be stated explicitly.
Dead Ends
Common approaches that don't work:
-
70% fail
Assuming that a 'business relationship' clause in terms of service constitutes express consent — CASL requires express consent to be obtained through a clear, affirmative action (e.g., checking an unchecked box), not buried in fine print
-
80% fail
Using a pre-checked consent checkbox for email marketing — CASL prohibits pre-checked boxes (Section 10(5)); the user must actively check the box to give express consent