During 2017, the Canadian Radio-television and Telecommunications Commission continued to enforce Canada’s Anti-Spam Legislation (commonly known as “CASL”), the Canadian government indefinitely suspended the commencement of CASL’s private right of action, and a parliamentary committee recommended that CASL be revised to clarify its scope and application, reduce the cost of compliance and better focus enforcement.
CASL
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit unsolicited or misleading commercial electronic messages (“CEMs”), the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud.
For most organizations, the key parts of CASL are the rules for CEMs. Subject to limited exceptions, CASL creates an opt-in regime that prohibits the sending of a CEM unless the recipient has given consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (e.g.sender information and an effective and promptly implemented unsubscribe mechanism) and is not misleading. An organization that sends a CEM has the onus of proving that the recipient consented to receive the CEM.
CASL also prohibits, subject to limited exceptions, the commercial installation and use of a computer program on another person’s computer system without the express consent of the owner or authorized user of the computer system. The computer program rules apply to almost any computer program (not just malware, spyware or other harmful programs) installed on almost any computing device (including mobile phones) as part of a commercial activity (regardless of expectation of profit).
CASL violations can result in potentially severe administrative monetary penalties — up to $10 million per violation for an organization and $1 million per violation for an individual — in regulatory enforcement proceedings. CASL includes a private right of action, which is not in force.
The Canadian Radio-television and Telecommunications Commission (the “CRTC”) is responsible for enforcing CASL’s CEM rules, and has various enforcement tools for that purpose (e.g.preservation demands, production notices and warrants). Since CASL came into force in 2014, the CRTC has taken enforcement action against organizations and individuals who have violated CASL’s CEM rules, and has issued enforcement decisions and accepted voluntary undertakings (settlements).
Regulatory Enforcement
In 2017, the CRTC issued two enforcement decisions and announced one voluntary undertaking:
- Sending CEMs without Consent or Prescribed Formalities: In March 2017, the CRTC issued a Compliance and Enforcement Decision imposing a $15,000 penalty on an individual for sending CEMs without the recipients’ consent, without prescribed information identifying the CEM sender or providing the CEM sender’s contact information and without a required unsubscribe mechanism. The CRTC’s decision explains the factors (e.g.purpose of penalty, nature/scope of violation, ability to pay, cooperation with investigation and self-correction) the CRTC will consider when determining the amount of an administrative monetary penalty for a CASL violation. (More information)
- CEO Personal Liability for Noncompliant CEMs: In June 2017, the CRTC accepted a voluntary undertaking by a group of companies and their chief executive officer (in his individual capacity) to settle alleged CASL violations for sending CEMs without the recipients’ consent and without a compliant unsubscribe mechanism. The CRTC alleged that the chief executive officer was personally liable for the CASL violations pursuant to CASL section 31, which provides that a corporate director or officer is liable for the corporation’s CASL violation if the director or officer “directed, authorized, assented to, acquiesced in or participated in” the violation. As part of the undertaking, the chief executive officer agreed to make a $10,000 monetary payment, and the companies agreed to implement a CASL compliance program.
- Sending CEMs without Consent or Unsubscribe Mechanism: In October 2017, the CRTC issued a Compliance and Enforcement Decision imposing a $200,000 penalty (reduced from the $1.1 million penalty set out in the initial notice of violation) on an educational and training services company for sending 317 CEMs without the recipients’ consent and in some instances without a compliant unsubscribe mechanism. The CRTC’s decision provides important guidance for the interpretation and application of CASL’s CEM rules (business-to-business exemption, conspicuous publication rule for implied consent and unsubscribe mechanism), requirements for CASL’s due diligence defence, and the factors (e.g. purpose of penalty, nature/scope of violation, ability to pay, cooperation with investigation, self-correction and proportionality) the CRTC will consider when determining the amount of an administrative monetary penalty for a CASL violation. (More information)
Suspension of Private Right of Action
In June 2017, the Canadian government indefinitely suspended the commencement of CASL’s private right of action, which would have allowed any individual or organization affected by a CASL contravention to sue the persons who committed the contravention or were otherwise liable for the contravention and seek both compensatory damages and statutory (non-compensatory) damages of up to $200 for each contravention and $1,000,000 for each day on which the contravention occurred. The government explained that its decision was “in response to broad-based concerns raised by businesses, charities and the not-for-profit sector”, who should “not have to bear the burden of unnecessary red tape and costs to comply with the legislation”. (More information)
Parliamentary Review
In 2017, CASL was subject to a parliamentary review in accordance with a process contemplated by CASL. In December 2017, the House of Commons Standing Committee on Industry, Science and Technology issued a report titled “Clarifications Are in Order,” in which the Committee recommends changes to CASL to clarify the scope and application of CASL and to reduce the cost of compliance and better focus enforcement. The report encourages the CRTC to provide additional educational guidance materials and achieve greater transparency regarding its CASL enforcement process. The Committee did not recommend wholesale changes to CASL. (More information)