The new rule applies when someone installs or causes the installation of software on another individual’s device in the course of commercial activity. The CASL said that it had noticed websites automatically install software on visitors’ computers without their consent. Often these installs are seen to be malware and adware. The new ruling includes the installation of software/malware which is bundled with a legitimate applications, or the installation of concealed software from music CDs, the commission said. For example online downloads of software include concealed or cleverly camouflaged toolbar or search software which are often irritating and can classify as adware. The software excluded from the CASL provisions include cookies, HTML, JavaScript, operating systems, applications that are executable through a piece of software that was already consented to, and updates designed to fix bugs. Telecoms service providers can also install software to protect their infrastructure against security threats, and updates/upgrades for their network. However in this regard, CASL has said that the companies can install these types of programs only if user has given explicit consent to it. If a user disables JavaScript and/or cookies this should be reckoned as the user doesnt agree with the installation of such software. CASL said that for updates and upgrades are concerned, software providers need consent from the device’s owner before installing them if the program was self-installed by the user. However, companies can seek consent for all future updates and upgrades when they request the initial consent to install an application. The new rule for software installation kicks in from 15th January 2015 and updates and upgrades are allowed without seeking consent until January 15, 2018. Until this date, the user’s consent is implied, unless they specifically state that they no longer agree to the installation of future updates. CASL has made it mandatory for the tech companies to make the consent request to include the reason for seeking consent, the company’s name, contact information, and a general description of the program. Users must also be informed that they can withdraw their consent. The company also should clearly specify if the application is designed to collect personal information, if it interferes with the user’s control of the device, if it changes settings or preferences, if it obstructs, interrupts or interferes with the user’s access to data, if it installs third-party programs, or if it causes the device to send messages to other computers.