The Canadian Radio-television and Telecommunications (CRTC) has announced its third settlement for alleged violations of the anti-spam law, and again, the announcement relates to a well-known Canadian business, rather than an indiscriminate or malicious spammer.
In this most recent case, Rogers Media Inc. (RMI) agreed to pay an Administrative Monetary Penalty of $200,000 as part of an undertaking to resolve alleged violations of Canada’s Anti-Spam Law (CASL).
The alleged violations included allegations that the company sent commercial electronic messages that included an unsubscribe mechanism that did not function properly, or which could not be readily performed by the recipient. The CRTC had also alleged that in some instances, the electronic address used to unsubscribe was not valid for the required minimum of 60 days after the message was sent. Finally, the CRTC had alleged that RMI had, in some cases, failed to honour unsubscribe requests within the 10 business days required by the law.
This case marks the highest AMP paid to date under a settlement relating to alleged CASL violations, although falls well short of the $1.1 million AMP set out in the Notice of Violation levied earlier this year against business training provider Compu-Finder, as well as being significantly below the maximum financial penalty of $10 million per violation that the Act allows.
Eighteen months after CASL came into force, there is still considerable uncertainty about how many of the provisions of the law will be applied, and how AMPs are calculated. In addition to the inherent vagueness of many aspects of the legislation itself, this uncertainty also results from a paucity of announced settlements and notices of violation, as well as a lack of granular details as to how the Commission is interpreting and applying the law.
In this regard, since July 2014, the results of only five investigations have been announced. In addition to the Compu-Finder case, settlements have also been reached with Porter Airlines and Plentyoffish Media. In the remaining case, the circumstances of which arose in the early days after the law came into force, the Commission announced that it had determined that millions of spam messages had been sent from the server of a small business, which had been infected by malware. The business subsequently removed the malware, and no AMPs were sought.
Perhaps most troublingly, this most recent settlement suggests what many Canadian businesses had feared: a trend toward enforcement against legitimate domestic companies that may have made errors in their attempts to comply with the law, rather than enforcement against the most damaging and deceptive types of spam and online threats, such as identity theft, phishing and spyware, which were supposed to be the core focus of the new law. Only time will tell if future announcements may reveal enforcement efforts against such hardcore spammers.