April 27 2015

Anti-Spam Legislation New Requirements: Installation of Software

Archambault Julie-Anne

On January 15, 2015, new provisions of Canada’s Anti-Spam legislation regarding computer programs came into force. As this legislation is the first of its kind internationally, it is not surprising that its application is misunderstood. If your business operates in the technology sector or if you install computer programs as part of your commercial activities, do not panic and read on!

Mandatory Consent

Before installing programs or applications on computing devices, consent must be obtained from the owners of the devices or their duly authorized representative, such as employees. These provisions are only applicable if the devices in question are located in Canada, if the company at fault is in Canada at the time of the violation or the company acts on instructions from a person located in Canada.

Transparent Request

The company seeking express consent to install computer programs must state the reason for the request and give its contact information. If consent is sought on behalf of a third party, it must be stated in the request and the third party’s contact information must be included. Moreover, the request must set out clearly and simply, separate and apart from the terms of use, the functions and purpose of the computer program that will be installed if consent is given.

Except for telecommunications service providers, any program element that performs certain functions, such as collection of personal information or interference with the user’s control of the device, must be disclosed and brought to the attention of the person who must consent, separate and apart from the license agreement. The functions concerned are the following:

- collecting personal information stored on the computer system;

- interfering with the owner’s or an authorized user’s control of the computer system;

- changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the owner or an authorized user of the computer system;

- changing or interfering with data that is stored on the computer system in a manner that obstructs, interrupts or interferes with lawful access to or use of that data by the owner or an authorized user of the computer system;

- causing the computer system to communicate with another computer system, or other device, without the authorization of the owner or an authorized user of the computer system;

- installing a computer program that may be activated by a third party without the knowledge of the owner or an authorized user of the computer system; and

- performing any other function specified in the regulations.

Implied Consent

Programs necessary to correct a failure in the proper functioning of a computer and its programs are covered by implied consent. An exception also applies to updates and upgrades that are necessary to the security of a network.

Moreover, in certain situations, you may already have express consent without requesting it. For example, in the case of cookies, HTML, JavaScript, and operating systems, we may reasonably assume from the person’s conduct that they have given their consent.

For computer programs installed after the coming into force of the law, companies may also seek consent for future updates and upgrades at the same time as the consent requested for the installation.

Transitional Period

As with the application of the law’s anti-spam provisions, a three-year transitional period has been established in the case of consents required for updates and upgrades for computer programs installed before the coming into force of the relevant provisions.

Do not worry: the CRTC has also issued certain guidelines. Now that these provisions have come into force, we advise all companies to review their practices and to communicate with their legal adviser.

****Although it is of a legal nature, the information available in this newsletter does not constitute an opinion or legal advice. This information is provided for information purposes only and LJT does not pretend to expose the complete state of law on any matter. Users should not take any decision solely on the basis of the information obtained from this newsletter or the LJT website without first obtaining legal advice from a professional. The content of this newsletter is protected by copyright and applicable international treaties. Please read our terms of use.

Add a comment

Did you know that ...

The Securities Acts applies to all companies, whether public or private. As a result, it is important to verify that every issuance of security or transfer is undertaken in compliance with the applicable Acts’ provisions.


Archambault Julie-Anne
Julie-Anne Archambault
Ms. Julie-Anne Archambault practices in business law, mainly in information technologies and intellectual property.
Consult detailled bio


More conferences

Corporate Brochure

Corporate Brochure

For more information on our firm, our members and our services, please consult our corporate brochure.

Download PDF(1412Kb)