Canada’s Anti-Spam Legislation ("CASL") came into force in July 2014 and provided that a review of its provisions and operation had to be undertaken three years after it came into force. The House of Commons Standing Committee on Industry, Science and Technology ("INDU") undertook this review and held hearings this fall. On December 13, 2017, the INDU completed its review and issued a report entitled “Clarifications Are in Order,” in which it makes 13 specific recommendations, many of them focused on clarifying CASL and ensuring that it does not create unintended costs of compliance.
The INDU acknowledged hearing oppositional testimonies on the effectiveness of CASL, but noted that Canada’s place on the list of spam-producing countries has improved since CASL’s implementation. However, because it regulates more than what is considered “spam,” the INDU recommended that the short name of the legislation be changed to Electronic Commerce Protection Act (with the acronym "ECPA").
Although the report does not provide many specific solutions, the INDU noted that witnesses have difficulties understanding many aspects of CASL and has recommended clarifying certain aspects, including with respect to charities and not-for profit organizations. It has also made recommendations with respect to the private right of action provisions in the legislation, which were scheduled to come into force last July but were suspended from implementation by an Order in Council. For more information about the suspension of CASL’s private right of action, read our bulletin.
Definition of “Commercial Electronic Messages”
The definition of “Commercial Electronic Messages” ("CEM") was an issue for a lot of witnesses who appeared before the INDU. It noted a near-consensus that purely administrative and transactional emails should not be considered as CEMs. Several intervenors also took issue with section 6(6) of CASL, which “partially exempts” certain types of messages from the consent requirement, but not from other requirements such as the unsubscribe mechanism. One of them was a representative of the Canadian Radio-television and Telecommunications Commission ("CRTC"), who highlighted that a lot of the messages described at section 6(6) are not really commercial electronic messages by their very nature. Others noted that it is confusing for businesses and consumers to receive administrative emails, for instance regarding a product recall, that include an unsubscribe mechanism.
The INDU recommended clarifying the definition of CEM to ensure it is clear and understandable and does not create unintended costs of compliance. In particular, it asked for clarifications on whether the following types of messages are CEMs: administrative and transactional messages; messages listed under section 6(6) of CASL; and business-to-business electronic messages.
Provisions pertaining to “implied consent” and “express consent”
The INDU received various comments on the notion of consent. Some intervenors asked for an opt-out model with a mandatory unsubscribe mechanism; others believed that the express consent requirements are too strict, with one company stating that it is still not clear whether implied consent can be based on subscription to a free service. Some witnesses suggested that Personal Information Protection and Electronic Documents Act should be used as a source of inspiration, where express consent would be required for sensitive matters. Other witnesses also argued that CASL, as is, gives consumers control over the electronic communications they receive.
The INDU does not provide any substantial recommendations with regards to improving CASL in response to the above comments, but again asked that the provisions pertaining to implied and express consent be clarified to ensure they are clear and understandable and do not create unintended costs of compliance.
Application to charities and not-for-profit organizations
CEMs sent by or on behalf of a registered charity, where the primary purpose of the CEMs is to raise funds for the charity, are exempted from CASL.
During the hearings before the INDU, questions were raised about the application of the definition of “CEM” to the diverse activities of charities and not-for-profit organizations ("NFPs"). Witnesses suggested that charities and NFPs be exempted from CASL altogether or from some of its obligations or from paying monetary penalties for violations of the statute.
The INDU therefore recommended clarifications to the application of CASL to charities and NFPs.
Many witnesses reported having difficulties understanding various aspects of CASL, which is made particularly complicated by the fact that there are two Electronic Commerce Protection Regulations, one by the Governor in Council and one by the CRTC, each of which has their own sets of guidance materials.
The INDU also heard proponents and opponents of CASL asking the CRTC to review its guidance material. Accordingly, stating that uncertainty makes it difficult to assess what is permissible under CASL, the INDU recommended that the CRTC increase its efforts to educate Canadians on this statute through effective, accessible and regularly updated materials.
Private Right of Action
Opponents of CASL’s private right of action ("PRA") expressed concerns with the fact that statutory damages could be awarded without any proof of actual damages, as well as the fact that there is no materiality threshold. It was also raised that the fear of class action suits could discourage some businesses from operating in Canada. Other witnesses advocated for the inclusion of the PRA, arguing that it is required to supplement the efforts of enforcement agencies to protect Canadians.
The INDU took the position that CASL should first be clarified and amended before the Government further investigates implementing the PRA.
Enforcement by the CRTC
Several witnesses commented on the CRTC’s enforcement process. CRTC representatives mentioned that they select cases based on the probability of establishing a violation and the potential to promote compliance, and select the enforcement instrument (warning letters, undertakings and monetary penalties) that is most likely to ensure compliance. Some witnesses claimed that the CRTC only targets good faith legitimate businesses instead of “real spammers”, and imposes disproportionately high penalties to small businesses for unintentional violations. It was proposed that the CRTC use a scale to limit its discretion over the selection of enforcement actions, to which the CRTC replied that this would reduce their capacity to adjust enforcement actions on a case-by-case basis.
The INDU mentioned that the fact that the CRTC has discretionary powers does not mean it cannot exercise it with more transparency. It therefore recommended that the Government investigate with the CRTC on how to be more transparent in its methods, investigations and determinations of penalties.
Although the INDU has not provided its opinion on the way CASL should be amended, it has pointed out specific areas where the framework around CASL should be modified, either through the legislation, regulations or CRTC guidance materials. Businesses contemplating new compliance strategies and risk assessments pertaining to CASL should take into consideration the fact that aspects of this law are likely to undergo modification in the near future.
The report also suggests that it may take some time before CASL’s private right of action comes into force, if it ever does.