CASL (Bill C-28) Conformity: Type of Consent

Manage the type of consent

There are two types of consent, each of which has distinct repercussions on your activities.

Type of consent - Express

Express type of consent is when a recipient performs an act to signify his or her interest in receiving the content (e.g., subscription, registration, request, etc.). This consent is generally obtained using a form which states, in clear and simple terms, why the consent is being sought. For example, you can ask people if they would like to receive not only your offers, newsletters or publications, but also those of your partners, which may open up new business opportunities. A request for consent must also include the name under which the person seeking consent carries on business, the mailing address and either the phone number, email address or website address of the person and a statement that the person from whom consent is sought may withdraw consent.

Requests for consent should not be included as part of a sales or usage agreement. A consumer must be able to complete a transaction and refuse to subscribe to commercial messages. The person whose consent is being sought must check a specific box for each distinct subscription.

Moreover, it is important to mention that the CRTC estimate that you cannot send commercial electronic messages (CEMs) with the purpose to ask for consent. You have to put that request in your other transactional communications or on your website.

Activation boxes are the simplest way of asking consent to send CEMs but certain rules have to be respected while using them. Pre-checked boxes that presume consent and that request an action to indicate non-consent are not permitted.

Type of consent - Implied

In some cases, it is assumed that people have given you their consent without your having asked them. Implied type of consent includes the following:

  • People with whom you have an existing business relationship (e.g., clients, loyalty club members, warranty holders, suppliers or subscribers) or an existing non-business relationship (e.g., association members), since the Anti-Spam Law applies to both retail e-commerce (B2C) and business-to-business e-commerce (B2B)
  • People whose electronic address is published and in plain view and who have not included a statement that they do not wish to receive unsolicited commercial electronic messages. These addresses must, however, be collected manually, without the help of specialized software.
  • People who send you their email address without an obvious indication that they do not wish to receive unsolicited commercial electronic messages. This could be people who request information from you by email or give you their email address during a business meeting. Under the spirit of Bill C-28 (CASL), these people have consented to receive commercial messages from you.

In summary, you should be able to assign a type of consent to each contact and confirm its validity to maintain your mailing rights. Dialog Insight has developed a tool that facilitates this procedure.

Learn more about our solution for managing consent – Permissions and deadlines

See all solutions

Consents obtained under the Personal Information Protection and Electronic Documents Act (PIPEDA)

Extract of the Regulatory Impact Analysis Statement

"Some stakeholders have argued that express consents obtained under the Personal Information Protection and Electronic Documents Act (PIPEDA) should be valid as consent under CASL. In some cases, where there is neither an exclusion nor any form of consent under CASL, some businesses that may have been compliant with PIPEDA when seeking consent to collect or to use electronic addresses to send commercial electronic messages may no longer be able to contact those addresses under CASL. Express consents, obtained before CASL comes into force, to collect or to use electronic addresses to send commercial electronic messages will be recognized as being compliant with CASL.

Some stakeholders argue that CASL would have a negative impact on their ability to engage in electronic commerce as they have developed recipient lists that have been lawfully assembled in recent years, but would effectively be nullified under the CASL regime. In fact, under the CASL, certain forms of consent previously obtained in accordance with privacy law could meet CASL requirements and, in other circumstances captured under subsections 10(10) and (13), businesses have three years after the coming into force of the Act to verify and confirm consent. The intent of the three year transitional period is to obtain consent. This will be reinforced through compliance guidelines."

Diagnostic tool + Checklist

Diagnostic Tool

Complete this short questionnaire to get a customized guide to expose the challenges your organization will face and the impact of the Anti-Spam Legislation on your electronic communications.

Click here


Verify if you have implemented the most important requirements of the Act with this checklist.

Click here