In 2022, the Canadian Radio-television and Telecommunications Commission continued to enforce Canada’s Anti-Spam Legislation (commonly known as “CASL”).
CASL
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit the sending of unsolicited commercial electronic messages (CEMs), the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud. Following are some key aspects of CASL:
- CASL creates an opt-in regime that prohibits, subject to limited exceptions, the sending of a CEM unless the recipient has given consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (e.g., information about the sender and an effective and promptly implemented unsubscribe mechanism).
- CASL also prohibits, subject to limited exceptions, the installation and use of a computer program on another person’s computer system, in the course of a commercial activity, without the express consent of the owner or authorized user of the computer system.
- CASL imposes liability on organizations and individuals (including corporate directors and officers) for direct and indirect/vicarious CASL violations. CASL provides a due diligence defence.
- CASL violations can result in regulatory penalties of up to $10 million per violation for an organization and $1 million per violation for an individual. CASL includes a private right of action that is not in force.
The Canadian Radio-television and Telecommunications Commission (CRTC) enforces CASL’s rules regarding CEMs and computer programs. Since CASL came into force in 2014, the CRTC has taken enforcement action against organizations and individuals who have violated CASL and issued enforcement decisions and accepted voluntary undertakings (settlements).
CRTC enforcement
In January 2022, the CRTC published a negotiated undertaking settling the CRTC’s enforcement action against an individual for allegedly conducting high-volume spam campaigns without consent in violation of CASL’s CEM rules. The undertaking required the individual to pay an administrative monetary penalty of $7,500 instead of the $75,000 penalty imposed by CRTC staff in a March 2021 notice of violation.
In January 2022, the CRTC announced penalties totalling $300,000 to four Canadians for their involvement in the Dark Web marketplace known as “Canadian HeadQuarters”, which was taken offline after CRTC staff executed warrants. The four individuals allegedly sent fraudulent emails mimicking well-known brands to obtain sensitive personal information.
In May 2022, the CRTC released Compliance and Enforcement Decision CRTC 2022-132, overturning notices of violation issued in 2018 by CRTC enforcement staff against two companies for allegedly aiding the distribution of malvertising in contravention of CASL rules for the installation of computer software on another person’s computer system. The CRTC found that the available evidence, comprised of indirect evidence rather than hard drive data from the computer systems at issue, did not prove on a balance of probabilities that malvertising had been successfully installed on the computer systems. As a result, the companies were not required to pay the administrative monetary penalties set out in the notices of violation.
The CRTC also published enforcement highlights bulletins for October 2021 to March 2022 and April 2022 to September 2022 that provide statistical information about CASL complaints and information about other CASL enforcement activities.
For more information about CASL, see BLG bulletins CASL – Year in Review 2021, CASL – Year in Review 2020, CASL – Year in Review 2019, CASL – Year in Review 2018, CASL – Year in Review 2017, CASL – Year in Review 2016, and CASL – Year in Review 2015.