Proclamation
4notify Canada · Canada Gazette
PROCLAIMED · CRTC · OPC
Proclamation No.
PRO-CA-005
Date
2026-05-27
Status
In force
Category
Privacy

CASL anti-spam, PIPEDA and consent: the framework for transactional and commercial delivery to Canadian consumers

The CRTC enforces CASL — Canada's Anti-Spam Legislation — while the Office of the Privacy Commissioner (OPC) administers PIPEDA, the federal private-sector privacy law. Commercial electronic messages require express or implied consent and a working unsubscribe mechanism. 4notify records the consent basis and runs the CASL check at the API edge on every delivery.

EmailSMSWebhook
Preamble

Section 1 — Pursuant to Canada's Anti-Spam Legislation and the Personal Information Protection and Electronic Documents Act (PIPEDA), this Proclamation governs consent management for electronic delivery to Canadian recipients.

Statutory Basis
Canada's Anti-Spam Legislation (CASL)

Express/implied consent, identification and unsubscribe requirements for commercial electronic messages.

PIPEDA (S.C. 2000, c. 5)

Federal private-sector privacy: consent, safeguards, access and accountability principles.

Breach of Security Safeguards Regulations

Mandatory report to the OPC and notification to affected individuals where a breach poses real risk of significant harm.

Implementation
01

Consent basis recorded per delivery

Every envelope carries its CASL basis (express consent, implied consent, or transactional exemption); the basis is set in the template record.

02

CASL commercial consent check

Commercial messages are checked for valid consent at the envelope level; messages without consent are blocked at the API edge.

03

Access and withdrawal within deadlines

PIPEDA access requests and consent withdrawals propagate through 4notify within 24 hours; the suppression list updates across all carriers and the email gateway.

04

Breach-of-safeguards webhook

Any envelope-level incident triggers a webhook to the controller's privacy officer within one hour, supporting OPC reporting deadlines.

Delivery Envelope
json
{
  "event": "delivery.consent_envelope",
  "controller_id": "CA-CTRL-12345",
  "casl_basis": "express_consent",
  "consent_record": {
    "consent_id": "CASL-2026-001234",
    "consent_date": "2025-09-14",
    "unsubscribe_present": true
  },
  "delivery": { "channel": "email", "template": "promo_v2" },
  "suppression_check": "passed"
}
Sample Message
EmailSubject: Your marketing preference was updated

Hello, Your marketing consent has been withdrawn as of today. You will no longer receive marketing emails, but transactional notifications (order confirmations, delivery alerts) will continue. To exercise your other PIPEDA rights, contact: [email protected]

Compliance Checklist
  • CASL consent register current and timestamped
  • Privacy officer / accountability contact configured
  • CASL consent stored for every commercial delivery
  • Breach-of-safeguards webhook reachable within one hour
The 4notify difference

4notify is the only A2P provider that stores the CASL consent basis on every envelope, propagates withdrawals across all carriers in under 24 hours and fires a breach-of-safeguards webhook to support OPC reporting deadlines.

Frequently Asked Questions
Does CASL consent apply to SMS as well?

Yes — CASL covers all commercial electronic messages: SMS, email and instant messaging. Each requires a valid consent basis and a functioning unsubscribe mechanism.

What happens if a controller has no recorded consent?

4notify blocks commercial delivery at the API edge until a valid CASL basis is supplied; transactional delivery (e.g. order confirmations under the exemption) remains available.

Proclaimed by
4notify Operations Office
2026-05-27 · PRO-CA-005

Start for free

14 days, no card required. Weekday support in English.

Other Proclamations in this Edition