Commonly known as Canada’s Anti-Spam Legislation, “CASL” contains a controversial enforcement mechanism known as the “private right of action” that will allow a person to seek compensation through the courts for various violations of CASL, PIPEDA and the Competition Act. While most of CASL came into force on July 1, 2014, implementation of the private right of action was subject to a three-year delay scheduled to end on July 1, 2017. For further information on CASL’s private right of action, please see our previous bulletin: "Are You Ready for CASL's Private Right of Action?"

Organizations that interact electronically with Canadians for commercial purposes have received a bit of reprieve today. On a recommendation from Hon. Navdeep Bains, Minister of Innovation, Science and Economic Development, an Order in Council has been announced that delays the coming into force of CASL’s private right of action. Given the uncertainty and risk that CASL has caused to the Canadian business landscape, this is a welcome decision based on the reality that CASL as it stands now is simply too broad and uncertain to be turned over to private litigants.

Businesses and organizations require more clarity in the legislation, additional guidance from government regulators and more time in order to prepare for any potential exposure to private claims. The delay also recognizes that it makes more sense (as many have advocated since CASL was promulgated) to wait until after CASL's mandatory upcoming third anniversary legislative review before allowing private actions. One can expect that after such review and any necessary tweaks to the legislation or regulations, the government will then move to bring CASL’s private right of action into force at some future date, unless it determines that private action itself is not necessary. For now, however, there will be some temporary relief from the threat of private actions and, more importantly, additional time for businesses to regroup and establish or implement a comprehensive CASL strategy, and for government to provide clearer legislation, regulations and guidance.

Although the Canadian Radio-television and Telecommunications Commission (“CRTC”) has been enforcing CASL since the legislation’s coming into force three years ago (sometimes quite harshly, with penalties up to C$1.1M to date, and even C$15,000 against an individual), the prospect of arming private litigants with a mechanism for commencing their own legal proceedings has understandably created a great deal of concern for businesses and organizations. Indeed, there has been substantial discussion in Canada surrounding the private right of action’s potential implications for businesses and organizations, particularly when it is unlikely that class action plaintiffs will be as constrained as the CRTC in their interpretation of CASL (for example, the CRTC has largely pursued technical CASL violations involving senders within Canada). Furthermore, even the CRTC has publicly demonstrated in recent undertakings and actions a propensity for taking enforcement action not against malicious spammers or purveyors of malware or get rich quick schemes, but rather Canadian businesses communicating with actual and potential customers electronically. Therefore, these same Canadian businesses are likely to be the target of private litigants, hardly achieving CASL's titular goal of promoting the efficiency and adaptability of the Canadian economy. We also note that the CRTC’s enforcement has hardly touched certain major CASL prohibitions, such as the prohibition against installing computer programs without CASL-compliant consent, nor has it provided much substantive, convincing interpretation on gray areas or nuances of the law when applied to modern business models.

Much of the concern surrounding the breadth of CASL and its potential impact emerges from the magnitude of damage awards that a court’s discretion could, in theory, bring to bear upon a non-compliant organization. Under the private right of action, a court would have the discretion to award (in addition to any actual damages incurred by a plaintiff) up to $200 per spam violation, to a maximum of $1,000,000 per day, and up to $1,000,000 per day for other CASL violations (such as the prohibition against installing computer programs without consent). It is not difficult to see how even a relatively low volume of conduct that is offside CASL could amount to a substantial damages award, or could compound with other prohibitions or actual damages to become sizeable.

Concern has also emerged from what the legislation doesn’t expressly say, and the questions that CASL leaves unanswered. For example, the extent to which the private right of action would apply retroactively to conduct occurring since CASL’s coming into force in July 2014 is unclear. Further, questions of a more technical nature remain, such as whether a party could avoid exposure to statutory damages by quickly self-reporting and entering into an undertaking with the CRTC, or whether a judgment under the private right of action would be enforced by a foreign court. Most importantly, when the private right of action does come into force, what will a court actually award in its discretion for these statutory damages, and will it approach anywhere near the potential $200 per violation maximum authorized under the legislation?

While any extension provides some breathing room for parties still working through their CASL compliance strategies, it is important that organizations not lose sight of the loss of the transitional provisions (which allowed more leniency in emailing pre-CASL contacts until July 1, 2017) and the eventual coming into force of the private right of action.

For now, organizations would be well served to use this additional time to review their CASL compliance and ensure that they are comfortably on-side the legislation by the time the private right of action does come into force.