It can be relatively difficult to read the tea leaves in the CRTC’s approach to CASL enforcement, because there is little public record of those enforcement activities. This was noted by the Standing Committee on Industry, Science and Technology, in its statutory review of the Act. However, what signs do exist suggest that enforcement activities are accelerating.
In each of 2016 and 2017, the CRTC announced only one undertaking in a CASL proceeding. By contrast, in the first quarter of 2018, there have already been two.
The first involved Ancestry Ireland Unlimited Company, the international corporate headquarters for Ancestry.com. The alleged breach appears to have been that Ancestry operated two separate unsubscribe mechanisms, one for messages relating to products and services to which individuals had subscribed and another for other promotional offers. This was said to breach the CRTC Regulations:
Since each message category had its own unsubscribe or preference management system, it was alleged that it was not possible to unsubscribe from all messages with just one operation, which does not comply with the CRTC Regulations.
This statement is slightly puzzling, since the CRTC Regulations prescribe no such requirement. The only explicit requirement of the CRTC Regulations for the unsubscribe mechanism is that it “must be able to be readily performed”. The CRTC may be referring to an accompanying “Information Bulletin”, although that non-binding guidance document only purports to give some examples of approaches the CRTC considers to meet its requirements, not to state any positive obligations.
Ancestry’s undertaking apparently did not include any monetary payment. Instead, it has agreed to implement a compliance program, and to report to the CRTC on its implementation.
The second and more recent undertaking is notable for two reasons. For one, it is the first publicly reported enforcement activity involving SMS messages. Two Quebec corporations operating under the common name “514-BILLETS” allegedly sent requests for consent via SMS to receive offers (presumably also via SMS) without including the required formalities set out in s. 4 of the CRTC Regulations.
This undertaking is also noteworthy for its novel remedy. In addition to a compliance program, the two corporations in this matter agreed to be jointly and severally liable for compensation in the amount of $100,000. One quarter of this amount is to be paid to the Receiver General, as usual. However, the remaining $75,000 will be provided in the form of 7,500 discount coupons, in the amount of $10 each, to be provided to the companies’ existing customers. This is the first time an undertaking has involved any form of compensation other than a direct payment to the government.
Despite the summary nature of these releases, there are at least a few lessons that can be drawn from them.
- First, the CRTC is certainly not slowing, and may in fact be ramping up, its CASL enforcement efforts.
- Second, the CRTC is clearly now prepared to expand beyond email enforcement, into the other kinds of messages covered by CASL.
- Third, despite the Standing Committee’s call for increased transparency, the CRTC continues to provide little detail about its reasoning in relation to CASL compliance undertakings. In particular, the triggers and scale for monetary compensation remains somewhat mysterious.
- Finally, it appears to be open to a company negotiating a CASL compliance undertaking to propose alternative structures for compensation, other than a cash payment to the government.