Description of the Initiative
The purpose of CASL is to encourage the growth of electronic commerce by ensuring public confidence and trust in the online marketplace. In addition to promoting the use of electronic messaging as a means to carry out commercial activities, CASL also helps to protect Canadians and Canadian businesses from damaging and deceptive spam, false or misleading electronic representations, malware (including spyware), botnets, and other related network threats.
The majority of CASL's provisions entered into force on July 1, 2014. The law generally prohibits:
- The sending of commercial electronic messages without the recipient's consent;
- The alteration of transmission data in an electronic message without consent resulting in the message's delivery to an unintended and/or additional destination;
- The installation of computer programs without consent;
- The use of false or misleading representations online in the promotion of products or services;
- The collection of personal information through unauthorized access to a computer system; and
- The collection of electronic addresses without permission (i.e., address harvesting).
There are three federal agencies responsible for enforcement of the law: the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau (CB), and the Office of the Privacy Commissioner of Canada (OPC) (collectively referred to as the "Enforcement Agencies"). In addition to any independent actions an agency may undertake to enforce CASL's provisions, the law requires that all three agencies consult with each other (to the extent considered appropriate) to ensure the effective regulation of prohibited activities. Agencies may share information with each other as well as with the government of a foreign state (in select circumstances, and subject to appropriate written agreements or arrangements between the parties).
CASL's introduction involved the creation of a Spam Reporting Centre (SRC) for the collection, administration and analysis of submissions and reports for enforcement purposes. Access to information housed by the SRC is restricted to Enforcement Agencies. The SRC receives submissions and reports of alleged contraventions from ISED's Fightspam.gc.ca website.
Original PIA and Update History
The original CASL PIA conducted in 2014 evaluated planned collection activities, the core functions of the SRC and the sharing of personal information with enforcement partners. It also performed a high-level assessment of standard investigative functions. Since 2014, the original number of privacy risks has been significantly reduced through ongoing organisational and development efforts. This PIA has been revised to reflect those original privacy risks that have been resolved and to re-enumerate the current privacy risks that remain moving forward.