Backgrounder Article from
Archived - Protecting Canadian Consumers from Malware, Spyware and Unauthorized Installations
January 15, 2015
On January 15, 2015, the section of Canada's anti-spam legislation (CASL) that protects against the installation of unwanted software or software updates on consumers' computers or devices came into force.
This new part of CASL makes it illegal to install software on another person's computer without their consent. This empowers Canadians to decide who may put computer programs on their mobile phone, tablet or computer, helping them avoid unwanted and often damaging software. For example, a virus that is secretly installed when someone visits a web page or opens malicious email is now illegal under CASL.
In general, CASL does not apply to software you install on your own computing device. It applies only to programs that one person installs on another person's device. For example, the installation of apps by Canadians onto their own smartphones and tablets is not regulated by CASL.
What is regulated is the automatic installation of software. With the coming into force of CASL, these installations can no longer take place in secret. Anyone installing a computer program on another person's device will have to first tell them and then get their permission to do so.
In addition to requiring consent for the installation of computer programs, CASL also requires a clear description of what those programs do, particularly if it does anything invasive, such as collecting personal information or changing settings on the user's computer.
Leading software vendors and providers already employ best practices, such as explaining what a software update will do and seeking consent before "pushing" that update to consumers. This ensures consumers know what the software will do to their computers, phones, tablets or other devices, and it allows them to make an informed choice about whether to consent to that program's installation. By following these types of best practices, businesses can be confident they are in compliance with CASL.
The Government recognizes that some updates are required for the safe and reliable operation of computing devices and networks, such as security patches or bug fixes. To strike an appropriate balance for consumers, CASL does not apply to the installation of these programs. For example, CASL does not apply to an update that corrects a bug in an existing program. Similarly, CASL allows a telecommunications service provider to push a critical security update to computers on a network to protect users from a cyberattack.
If you are a victim of malware or you believe a program has been installed on your computer or device in violation of CASL, you can submit information to the Spam Reporting Centre by visiting the Fightspam.gc.ca website.
The Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner of Canada jointly enforce CASL. They share information with their global partners to track spammers and hackers outside of Canada.
CASL was developed based on extensive public consultations with businesses and stakeholders, and it protects consumers while allowing Canadian businesses to prosper using modern digital technologies in legitimate ways.
The complete act and regulations are available on the Fightspam.gc.ca website. The website also provides information on how Canadian consumers can better protect themselves from spam and related online threats, as well as information about the act for businesses.
The CRTC has extensive information for businesses on how to comply with the new malware rule on its Requirements for installing computer programs web page.
Search for related information by keyword
Innovation, Science and Economic Development Canada Economics and Industry
- Date modified: