Canada's Online Protection Legislation (COPL) / Anti-Spam Legislation

Law enforcement begins September 2011.

Unlike CAN-SPAM, which covers only email, Canada's Online Protection Legislation (COPL) covers commercial email (CEM), is defined as any commercial "message sent by any means of telecommunication, including a text, sound, voice or image message," and includes:

- Email
- SMS
- Instant Messages
- Social Media postings such as ‘tweets’ or 'status updates'
- Some voice communications 


Commercial email requirements include:

- Express affirmative (opt in) consent
- No false or misleading headers, including sender and subject line
- Cannot alter transmission data
- Must provide a conspicuous unsubscribe mechanism
- Must include postal address of sender
- Cannot perform address harvesting to obtain email addresses or send to harvested addresses
- Liability for entities who knowingly allow spam to be sent on their behalf, even if the message was not directly initiated by those entities


Exemptions to the opt-in requirement exist under certain circumstances. Consent is deemed if there is an existing business relationship, an existing non-business relationship (such as sending to a family member), conspicuous posting of an electric address such as on a 'Contact Us' page (provided there is no statement near the address indicating that it should NOT be mailed), or where the recipient has provided the electronic address to the sender. In most cases, this implied consent is valid for two years, after which the sender must gain affirmative consent.

Key Differences between COPL and CAN-SPAM (source)

COPL: Addresses broad range of Internet issues (spam, spyware, pharming)
CAN-SPAM: Addresses spam only

COPL: Applies to all forms of electronic messaging (email, SMS, IM)
CAN-SPAM: Applies only to email

COPL: Primarily opt-in; permission based
CAN-SPAM: Opt-out; you can technically mail any person at least once

COPL: Private Right of Action (PRA) available to anyone (individuals, businesses)
CAN-SPAM: Private Right of Action (PRA) available only to ISPs


Liability:

Computer systems located in Canada used to send or access an electronic message fall under the COPL umbrella. This means that any CEM that leaves or enters Canada is subject to the regulation. COPL is primarily enforced by the Canadian Radio-television and Telecommunications Commission (CRTC), and imposes fines of up to $1 million per violation for individuals and $10 million per violation for businesses. Willful violations are the primary focus of enforcement.

Actionable Steps:


Scrub customer lists and remove any address where there is no affirmative opt-in to receive email and other commercial email.
Update privacy policies and form collection on websites (e.g., newsletter opt-in) to ensure proper consent.

Related:
Canadian Standards Association
PIPEDA or PIPED Act
COPL text