A new provision in Canada’s Anti-Spam Legislation (CASL) prohibits tech cos from installing software without consent from the device’s owner
All those tech companies providing auto update for their software products can take a hike. At least in Canada. According to the new rule which kicked in from yesterday introduced by the Canadian Radio-television and Telecommunications Commission, no software can be installed and/or updated without the users explicit consent.
The new rule applies when someone installs or causes the installation of software on another individual’s device in the course of commercial activity. The CASL said that it had noticed websites automatically install software on visitors’ computers without their consent. Often these installs are seen to be malware and adware.
The new ruling includes the installation of software/malware which is bundled with a legitimate applications, or the installation of concealed software from music CDs, the commission said. For example online downloads of software include concealed or cleverly camouflaged toolbar or search software which are often irritating and can classify as adware.
“Usually, CASL requires you to obtain consent from the owner or another authorized user of the computer or device prior to the installation of a computer program. However, in some circumstances, you are considered to already have consent without having to request it”
CASL said that for updates and upgrades are concerned, software providers need consent from the device’s owner before installing them if the program was self-installed by the user. However, companies can seek consent for all future updates and upgrades when they request the initial consent to install an application.
The new rule for software installation kicks in from 15th January 2015 and updates and upgrades are allowed without seeking consent until January 15, 2018. Until this date, the user’s consent is implied, unless they specifically state that they no longer agree to the installation of future updates.
CASL has made it mandatory for the tech companies to make the consent request to include the reason for seeking consent, the company’s name, contact information, and a general description of the program. Users must also be informed that they can withdraw their consent. The company also should clearly specify if the application is designed to collect personal information, if it interferes with the user’s control of the device, if it changes settings or preferences, if it obstructs, interrupts or interferes with the user’s access to data, if it installs third-party programs, or if it causes the device to send messages to other computers.