The CRTC recently published a document with some guidance on implied consent under CASL.
The parts about “Can I send CEMs to an email address I find online?”, “How can I prove I have consent?”, and “What records should I be keeping?” show how difficult, if not impossible, it is to comply with CASL in practice.
CASL and its interpretation is so granular and so nuanced that the average business doesn’t stand a chance of getting it consistently right. The email address publication relevance issue, for example, is so fraught with risk that it isn’t worth tempting fate with in most instances. And the level of proof and record keeping that is expected is simply impractical.
In my view CASL does the opposite of what it says it is supposed to do:
3. The purpose of this Act is to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means to carry out commercial activities, because that conduct
(a) impairs the availability, reliability, efficiency and optimal use of electronic means to carry out commercial activities;
(b) imposes additional costs on businesses and consumers; …
The compliance costs in terms of dollars, time, and exposure to penalties are simply far too high, and it actually impedes “efficiency and optimal use of electronic means to carry out commercial activities”.