Canada’s new anti-spam laws scaring away US business

Lawyers say the cost of retooling marketing programs has some US companies rethinking expansion

Canada’s stringent new anti-spam law claimed its first high-profile casualty recently: the US television show “Jeopardy!”

Citing “new rules” set down by the Canadian government, Jeopardy has excluded Canadians from taking the online test used to determine whether someone could become a contestant.

“As international laws governing how information is shared over the internet are ever-changing and complex, we are currently investigating how we can accept registrations from potential Canadian contestants,” the show said in a statement.

Canadian lawyers were stumped about exactly which element had the show’s counsel concerned, given Canada’s Anti-Spam Legislation (known as CASL) is consent-based. That means all Canadian applicants had to do when they applied is give their consent to be contacted.

While it will no doubt prove to be a tempest in a teapot, it underscores a very real problem: Roughly 18 months after coming into effect, changes to Canada’s anti-spam laws are sending up red flags in the US.

While cheered by many Canadians tired of having their private information used to cross-sell them on unsolicited products and services, the regime is so different from its US counterpart that it is costing this country business, according to some lawyers who work in the area.

Wendy Gross, co-chair of the technology group at Osler Hoskin & Harcourt LLP, says the legislation is so complicated that “it’s a barrier to setting up here.

“I’ve had some examples of clients where, when they’ve told about the extent to which they’d have to revise their processes in order to do business in Canada, have decided it’s not worth it.”

Martin Kratz, who leads the anti-spam practice group at Bennett Jones LLP, has also seen US businesses walk away from a potential Canadian foray over the new anti-spam requirements.

“For some US organizations, the cost of retooling and managing compliance along with the complexity and severe liability seems not worth the hassle for the small market,” he says.

David Fraser is an Internet, technology and privacy lawyer at McInnes Cooper in Halifax. A good chunk of his clients are non-Canadian companies doing business in Canada, he says, principally online but also in other forms, and “CASL is a mess frankly.

 “Most of my clients face significant challenges wrapping their heads around it and also whether or not it’s worth their while to invest in modifying their systems and processes in order to offer services in the Canadian market. Retooling your systems involves a significant cost and, when you think about the size of the market here, we’re small potatoes.”

Fraser also has seen US companies walk away from potential expansion into Canada over the anti-spam requirements. “I have. I’ve had clients who have decided they’re not going to engage with, or market to, Canada. Some are actively avoiding Canadians.”

The tricky thing is, that’s not always possible.

US companies that collect customers’ email addresses, either in the US or online, may not realize someone who uses a Gmail or Hotmail account is based in Canada and may reach out with an email that allows the person to unsubscribe.

Perfectly legal in the US, where people have the right to opt out after getting a commercial communication. Not under CASL, which requires the person to first opt in. The fine for sending Canadians a commercial email, text or social media messages without proper consent? It’s $10 million, which Gross of Osler says is “enough to get your attention.”

Foreign companies that breach the rules are not out of reach of the Canadian Radio-television and Telecommunications Commission, the anti-spam regulator. The CRTC has warned publicly it will be collaborating with its international counterparts to investigate and enforce the Canadian legislation.

Alex Cameron, leader of the privacy & information protection group at Fasken Martineau DuMoulin LLP, says he has not yet had a US client walk away from a Canadian expansion because of the new anti-spam regime, but adds “I’m not surprised [to hear it].

“It’s not uncommon for foreign businesses – and Canadian businesses, for that matter – to react with disbelief initially when they hear about the requirements, and what they’d need to do to become compliant.”

Those corporations grappling with Canada’s new requirements can take heart.

The legislation is due for a mandatory Parliamentary review in the middle of 2017, and Cameron says these kinds of business roadblocks are almost sure to be raised.

“A committee will be studying the impact, so I expect everybody’s going to make their view known about these types of issues, and whether this law is working, or not.

“There’s no doubt there was a broad view that this legislation, although intended to target the really bad actors, caught everybody in its net, legitimate businesses included.”

Cheryl Slusarchuk, a partner at Blake, Cassels & Graydon LLP, says any US business with dreams of a global presence will have to find a way to accommodate Canada’s requirements because the opt-in regime is similar to the European Union, and some other countries like Japan and South Korea.

 “Yes, we’re only 35 million people whereas the United States in 10 times that — but Canada is a good practice jurisdiction for the rest of the world on privacy. So if you’re not willing to make it work for Canada, what you’re really saying is: ‘We’re not willing to make it work for anyplace outside of the States.’”