We have previously written about how Canada’s anti-spam legislation (“CASL”) established the world’s toughest standards for sending commercial electronic messages (“CEM”).

In summary, these provisions generally prohibit sending CEMs without a recipient’s consent and unless the CEM contains certain sender identification information and an effective unsubscribe mechanism.

Since July 1, 2014, the contravention of CASL’s CEM rules could potentially result in regulatory proceedings and severe administrative monetary penalties up to $10 million per violation for an organization and up to $1 million per violation for an individual.

As of July 1, 2017, CASL contraventions can also be enforced through private litigation, including class actions.

Compensatory damages for actual harm suffered can be pursued. Additionally, statutory damages for breaking CASL’s CEM rules are subject to a maximum of $200 for each individual occurrence, not exceeding $1 million for each day on which the contravention occurred.

What is a Class Action?

A class action is a type of a procedure where an individual plaintiff brings an action on behalf of a larger group of persons referred to as a class. Technically, the class may be as small as two people but can include hundreds, thousands or even millions of people who share issues in common.

Cases involving mass CEM marketing could very well involve large classes seeking extremely large damages.

Proceeding by way of class action is not automatic, and various legal tests must be established before the Court will approve or “certify” the action as a class action – such as whether the claims of the proposed class raise common issues across the class.

However, the Supreme Court of Canada has directed that the criteria to grant certification should be interpreted liberally and the evidentiary burden to meet the test for certification should not be considered onerous. Furthermore, at the certification stage, the Court does not have to evaluate the evidence to determine whether the plaintiff has a “winning” trial case. The plaintiff only has to show that their claim is not destined to fail at trial.

If the certification tests are met, everyone who fits within the class will be bound by the determination of the action. In other words, if the defendant is successful at the post-certification common issues trial, then the claim of every class member is dismissed. If unsuccessful, however, the defendant is bound by the ruling at trial to every class member.

What is new for July 1, 2017?

Starting July 1, individuals will be able to commence an action or class action – involving not only CASL but other legislation as described below – where they are affected by an act or omission that:

  1. constitutes a contravention under certain sections of CASL, including those pertaining to the sending of CEMs;
  2. involves the email harvesting and use provisions of the Personal Information Protection and Electronic Documents Act (“PIPEDA”); or
  3. stems from false or misleading electronic messages within the meaning of the Competition Act.

Any one of these conditions can support a private right of action.

Directors and officers of corporations who commit the acts described above can also now be liable.

If they directed, authorized, assented to, acquiesced in or participated in committing that contravention, or engaged in that conduct, whether or not the corporation itself is actually proceeded against, they can be liable. Companies will also be vicariously liable for the actions of their employees.

Moving Forward

These changes should cause organizations engaged in digital marketing to look carefully at their processes.

The expansion from regulatory oversight to potential civil liability in private litigation for compensatory damages, as well as potentially substantial statutory (non-compensatory) damages in a class action, should be strong motivation for any organization sending CEMs to review its standards and practices to ensure compliance with CASL, PIPEDA and the Competition Act.

Organizations should ensure that, as part of these standards and practices, they:

  • have established compliance programs and guidelines in place
  • are consistently documenting all compliance efforts, and
  • designate of a team of individuals from inside and outside the organization to handle and respond to complaints.