Oct. 03, 2019 - Chapter 8 of Davies Governance Insights 2019
First Penalty Issued Under Canada’s New Anti-Spam Law
On March 5, 2015, the Canadian Radio-television and Telecommunications Commission (CRTC) issued its first Notice of Violation under Canada’s anti-spam legislation (known as CASL), which came into force on July 1, 2014.
Despite its name, CASL is not limited to what one might normally consider spam or junk email. Rather, the law applies to any electronic message sent in connection with a commercial activity (referred to in the legislation as a “commercial electronic message”, or CEM). CASL’s broad definition of CEM includes any emails, texts, instant messages, Facebook or other social media messages sent to the electronic addresses of customers or prospective customers promoting a business or its products.
The basic premise of CASL is that, subject to certain exemptions, (i) senders of CEMs must have the prior consent of recipients (express or implied); and (ii) CEMs must comply with certain form and content requirements, including specifying the purpose for which consent is sought and providing an “unsubscribe” mechanism for recipients who no longer wish to receive a sender’s CEMs.
The consequences of violating CASL can be severe, including up to $10 million in fines for corporations, personal liability for individual officers and directors, vicarious liability for companies for non-compliant acts of their employees and, after July 1, 2017, possible civil actions.
The CRTC’s Notice of Violation was issued against Compu-Finder Inc., a Québec-based company that offers various training and development solutions for business executives and management. The CEMs sent by Compu-Finder (in this case emails) promoted training courses to businesses on topics such as management, social media and professional development. The CRTC alleges that Compu-Finder’s four violations included sending emails between July 2, 2014 and September 16, 2014 without the consent of recipients and without a properly functioning unsubscribe mechanism. The CRTC also stated that Compu-Finder “flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites. Complaints submitted to the Spam Reporting Centre clearly indicate that consumers didn’t find Compu-Finder’s offerings relevant to them.” The CRTC’s reference to “scouring websites” is intended to remind businesses that the so-called business card exception (i.e., permitting a sender to imply consent to receive a CEM on the basis of the recipient’s electronic address being conspicuously published on a website) applies only where the CEM is relevant to the recipient’s business or position.
The CRTC’s Notice of Violation orders Compu-Finder to pay a penalty of $1.1 million. Compu-Finder has 30 days to pay the penalty or to submit written representations in its defence to the CRTC. It also may request the option of entering into an undertaking with the CRTC, which would involve agreeing to adopt corrective measures prescribed by the CRTC (but perhaps a lower fine).
Significantly, the CRTC’s announcement also states that it has a number of other CASL investigations underway and that it is working with its partners, both within Canada (such as the Competition Bureau and the Privacy Commissioner) and internationally, to “protect Canadians from online threats and contribute to a more secure online environment”.
The penalty against Compu-Finder confirms the Canadian government’s resolve to enforce CASL and thus the need for businesses to carefully comply with the new anti-spamming rules. Davies is available to assist you with all of your CASL compliance needs. To contact a member of the Davies CASL team or to view our CASL compliance resources, please visit our dedicated CASL website.