Fighting Internet and Wireless Spam Act

The Fighting Internet and Wireless Spam Act (Loi visant l’élimination des pourriels sur les réseaux Internet et sans fil), is Canada's anti-spam legislation (also known as CASTL) that received Royal Assent on December 15, 2010. The Act replaced Bill C-27, the Electronic Commerce Protection Act (ECPA), which was passed by the House of Commons, but died due to the prorogation of the second session of the 40th Canadian Parliament on December 30, 2009. The Act went into effect July 1, 2014.

The Act applies to "all communications sent by Canadian companies, to Canadian companies or messages simply routed through Canadian servers". This includes personalized communications such as email or SMS messages delivering any form of communication, such as text, images, voice or sounds, or technologies not yet available. However, the Act exempts communications sent via telephone or facsimile, as these are already regulated under the Telecommunications Act.

The Act requires that marketers may only send email to individuals who opt into receiving them. There are two types of consent: Implied and Explicit. Implied consent includes information that was acquired by engaging in a transaction with a company, or by virtue of having one's telephone number or email address listed in a public directory. Records collected by marketers via implied consent have a time limit. This act makes it necessary for marketers to send a one-time double opt-in subscription request to all its subscribers whose consent has not been explicitly taken till the date this act came into force. As companies' email lists expand over the years and their consent type and source does not remain clear, most of the companies sent the double opt-in email to all their subscribers once the Act came into force. No matter the type of consent, it is mandatory for senders to enable recipients to opt out of receiving messages. Most email marketing and Marketing Automation Software (MAS) platforms help manage consent and the opt-out clause. Emails following CASTL must also include the contact information and address of the sender of the communication.

An email address has always been considered personal information per the Personal Information Protection and Electronic Documents Act, (PIPEDA) which can require implied or explicit consent before an email address is collected or used. The Act added additional protections in PIPEDA to prevent companies from relying on PIPEDA exceptions relating to fraud prevention or debt collection to generate email lists by data mining or automatic crawling without consent.

The Act is enforced by three organizations: the Competition Bureau, the Canadian Radio-television and Telecommunications Commission (CRTC) and the Office of the Privacy Commissioner. It includes a "private right of action that will allow Canadian consumers and businesses to take civil action against those who violate the legislation". The CRTC may levy fines of up to $1 million for an individual or $10 million for a business that contravenes the Act. Each violation may result in a fine.

The Act has been criticized by some, such as David Poellhuber, who says "It’s not going to change the spam you and I receive in our inboxes" because about 70 per cent of spam originates from botnets operating in other countries, notably Brazil, Russia, and the United States; and by academics who argue that it is unconstitutional. However, one analysis found a 29% reduction in spam received by Canadians and a corresponding 37% reduction in spam sent by Canadians once the Act took effect.