For those of us wondering when the first shot under Canada’s anti-spam law (“CASL”) would be heard, we now have our answer. Last week the Canadian Radio Television and Telecommunications Commission (“CRTC”) issued the very first Notice of Violation under CASL levying a $1.1 million administrative monetary penalty against Compu-Finder, a company that provides training consulting services.
In its March 5th press release (available here) CRTC noted that within a day of CASL coming into force on July 1, 2014 the Spam Reporting Centre began receiving complaints about Compu-Finder’s email practices. In fact, according to the press release, 26% of all of the complaints received by the Spam Reporting Centre for this industry sector were in relation to Compu-Finder’s activities. This is even more astounding when you consider that Compu-Finder’s activities amount to just four violations that occurred between July 2, 2014 and September 16, 2014.
While the CRTC’s press release characterizes the activities of Compu-Finder as a “flagrant disregard” of CASL, the $1.1 million administrative monetary penalty does still fall short of the $10 million maximum allowable penalty. Compu-Finder has 30 days to submit its written response, and pay the full penalty. They may also commit to an undertaking to correct their activities, which could result in a reduced penalty.
From its investigation, the CRTC alleges that Compu-Finder sent commercial electronic messages (“CEMs”) without the necessary recipients’ consent and further that they sent CEMs in which the required unsubscribe mechanisms did not function properly.
The Consent Issues
The CRTC’s press release notes that Compu-Finder sent unsolicited emails to addresses for businesses it found by scouring websites.
CASL provides an exemption for sending CEMs between businesses (meaning no consent or unsubscribe requirements would apply). In order to be exempt, the businesses though must have a “relationship” (that term remains undefined) and the message must “concern the activities of the organization”. While one could possibly argue that Compu-Finder’s offered management training services (which were noted to include topics such as management, social media and professional development) at least generally relate to or concern activities of most businesses (who would likely engage in some form of employee training), it is difficult to see a strong case being made that a relationship of any sort would exist between Compu-Finder and an unknown business when the email address of the business was found by mining the internet.
CASL also provides that a business will have implied consent to send CEMs if a person has conspicuously published their email address without indicating that they do not wish to receive unsolicited messages. However, such messages must be relevant to the recipients’ business, role, function or duties in a business or official capacity to qualify. Again, one could argue that Compu-Finder’s emails were relevant to the recipients’ role, function, duties, etc. in a general sense, but the CRTC statement (and the level of complaints) clearly shows the recipients in fact did not believe Compu-Finder’s emails were relevant. This suggests a subjective test on the part of the recipient which will certainly change how the sender seeks to rely on this form of implied consent.
Hopefully more information will come to light in the coming weeks, including through Compu-Finder’s response to the Notice of Violation. Of particular interest will be the CRTC’s analysis of what constitutes a “relationship” sufficient to allow businesses to avail themselves of the business to business exemption and if the test for whether a message is relevant to the intended recipients’ role, function, duties, etc. is in fact a subjective test considered from the perspective of the particular recipient.