In January 2018, the Canadian Radio-television and Telecommunications Commission accepted an undertaking by Ancestry Ireland Unlimited Company, operator of the Ancestry online genealogy service, to settle alleged violations of Canada's Anti-Spam Legislation (commonly known as "CASL") regarding the sending of promotional emails without a unsubscribe mechanism that allowed email recipients to unsubscribe from all promotional emails from Ancestry.
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit unsolicited or misleading commercial electronic messages ("CEMs"), the unauthorized commercial installation and use of computer programs on another person's computer system and other forms of online fraud.
For most organizations, the key parts of CASL are the rules for CEMs. Subject to limited exceptions, CASL creates an opt-in regime that prohibits the sending of a CEM unless the recipient has given consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (e.g. information about the sender and an effective and promptly implemented unsubscribe mechanism) and is not misleading. CASL specifies that the required unsubscribe mechanisms must enable the CEM recipient to indicate the wish to "no longer receive any commercial electronic messages, or any specified class of such messages", from the CEM sender.
CASL violations can result in potentially severe administrative monetary penalties up to $10 million per violation for an organization and $1 million per violation for an individual in regulatory enforcement proceedings. CASL includes a private right of action, which is not in force. For more information, see BLG bulletin CASL Government Suspends Private Right of Action.
The Canadian Radio-television and Telecommunications Commission ("CRTC") is responsible for enforcing CASL's CEM rules, and has various enforcement tools for that purpose. Since CASL came into force in 2014, CRTC has taken enforcement action against organizations and individuals who have violated CASL's CEM rules, and has issued enforcement decisions and accepted voluntary undertakings (settlements). For more information, see BLG bulletins CASL Year in Review 2017, CASL Year in Review 2016 and CASL Year in Review 2015.
In December 2017, the House of Commons Standing Committee on Industry, Science and Technology issued a report titled Canada's Anti-Spam Legislation: Clarifications are in Order, which recommends some changes to CASL. In April 2018, the government released an official response to the report. For more information, see BLG bulletin New Committee Report on CASL Highlights Need for Clarification and Education.
According to the filed undertaking, Ancestry Ireland Unlimited Company ("Ancestry"), operator of the Ancestry online genealogy service, allegedly emailed its customers two kinds of CEMs: (1) promotional offers; and (2) messages relating to products for which customers had subscribed. Each kind of CEM had its own unsubscribe or preference management system, so it was not possible to unsubscribe, with just one operation, from all CEMs sent by Ancestry. The lack of a single operation to unsubscribe from all CEMs allegedly did not comply with section 3(2) of the Electronic Commerce Protection Regulations (CRTC), which requires that a CEM include an unsubscribe mechanism that is "able to be readily performed".
The undertaking requires Ancestry to comply, and ensure that all persons sending CEMs on Ancestry's behalf comply, with CASL and the Electronic Commerce Protection Regulations (CRTC), particularly the requirement for an unsubscribe mechanism that can be readily performed. The undertaking also requires Ancestry to establish a program to ensure CASL compliance, including: (1) a review of current compliance practices; (2) the development and implementation of corporate policies and procedures to ensure CASL compliance; (3) employee training and awareness raising, and the taking of proper disciplinary measures in the event of non-compliance with internal procedures; (4) the implementation of thorough complaint follow-up and settlement measures related to CEMs; and (5) various other monitoring and audit measures. The undertaking does not require Ancestry to pay any monetary penalty.
The alleged CASL violation described in the undertaking reflects CRTC's previous guidance regarding unsubscribe mechanisms and the need for an easily performed "unsubscribe all" functionality. CRTC's Compliance and Enforcement Information Bulletin CRTC 2012-548 and Frequently Asked Questions about Canada's Anti-Spam Legislation explain that in order for an unsubscribe mechanism to be "able to be readily performed" it must be "simple, quick, and easy" for the CEM recipient to use. CRTC guidance includes examples of acceptable unsubscribe mechanisms that permit a CEM recipient to easily "unsubscribe from receiving all or some types of CEMs from the sender". CRTC's Know Your Responsibility When Managing Consent infographic explains that the unsubscribe mechanism must permit a CEM recipient to unsubscribe "from receiving ANY or ALL CEMs". There are a number of steps that an organization might take to enhance its CASL compliance and mitigate the risks of regulatory enforcement, including review and update its CASL compliance program and verify its due diligence documentation.