Have you ever gone to dinner and thought, “I’ll just jump on the free WiFi while I’m here so the kids can stream YouTube videos and maybe we will have a nice quiet dinner?” Only to then be confronted with a splash page asking for your email address or a social network login. I’ve seen these same services in grocery stores, hotels, and malls just waiting for the siren of free wifi to suck up your contact details.
Don’t get me wrong I see the trade opportunities here; email address in exchange for a free service. But when you’re collecting this information and not being clear on the promotional messaging part you may be crossing the lines of consent for sending CEMs in Canada.
This is the basis of the most recent CRTC Enforcement Notice under Canada’s Anti-Spam Legislation (CASL). Released in mid August the “Notice for businesses collecting customer data with in-store WiFi” confirms that the CRTC feels businesses also need to collect express consent for the sending of commercial electronic messages (CEMs).
The CRTC had this advice for businesses that use Social WiFi services to collect electronic addresses for the purposes of sending CEMs:
How can Businesses and Social WiFi Service Providers ensure they are compliant?
Businesses and Social WiFi service providers have responsibilities under CASL. They must request their users’ informed consent to receive CEMs and include required details in all CEMs.
Specifically, all requests for consent must include the purpose for which consent is being sought, the identity and contact information of the sender, as well as a statement indicating that the recipient can revoke their consent at any time. In addition, all CEMs require a functioning unsubscribe mechanism.
Taking different technologies into consideration, the Commission suggests that examples of a readily performed unsubscribe mechanism are
- a link in an email or SMS that takes the user to a web page where they can unsubscribe from receiving all or some types of CEMs; or,
- the ability to respond to a SMS message with the word “STOP” or “unsubscribe” (see Compliance and Enforcement Information Bulletin 2012-548).
As you can see in the guidance they make a very strong statement about gathering electronic addresses with Express Consent under CASL’s rules. Be it an email address, or a phone number for marketing purposes in the future.
Key Takeaways:
If you have collected any addresses using this type of technology you will want to do the following:
- Review your data to ensure the addresses you’ve collected already have the proper consent level under CASL.
- If not, modify your existing data collection practices immediately.
- Put a plan in place to ensure any existing contacts that do not clearly have the express level of consent required by CASL obtain it.