On June 7, in response to broad-based concerns of various stakeholders, the entry into force of Sections 47 to 51 and 55 of CASL relating to the private right of action was suspended in order to allow a parliamentary committee to assess in further details the impacts of those provisions. The goal of this committee will be to develop a balanced approach that protects consumers’ interests while eliminating the unintended consequences for organizations that have good reasons for sending CEMs. It is to be noted, however, that the transitory provision contained in Section 66 (which concerns the length of the validity of an implied consent resulting from an existing business or non-business relationship) will no longer be in effect as of July 1, 2017, which will require business to be more vigilant when sending CEMs.
The coming into force of Canada’s Anti-Spam Legislation1 (“CASL”) has been progressing in stages since its adoption. Initially, provisions concerning the sending of commercial electronic messages (“CEM”) a broadly defined term that includes emails, text messages and some messages on social media aiming to promote a commercial activity, came into force on July 1, 2014. January 1, 2015 then marked the entry into force of rules regarding the installation of software programs on computers belonging to third parties. The third stage will be implemented this coming July 1st, when private rights of action will come into effect and certain transitory measures pertaining to consent will cease to apply.
After summarizing the intent and purpose of CASL, this article will summarize the imminent changes and analyze their impacts on businesses.
1) Purpose of CASL
CASL proscribes certain practices in the field of commercial electronic communications. It namely prohibits the sending of CEMs to persons who have not expressly or impliedly consented to receive them, as well as CEMs that do not respect certain content requirements, such as having an unsubscribe mechanism included in the message that meets CASL’s requirements.2
Also prohibited, with some exceptions, is the alteration of the transmission data of a CEM so that it is delivered to another destination, and the installation of a computer program on another person’s computer system without having obtained the express consent of the owner or authorized user of the computer system, as prescribed by CASL.
2) Coming into force of the provisions creating a private right of action
As of July 1, 2017, any person adversely affected by a contravention of CASL3 may apply to a court of competent jurisdiction for an order to have the defendant indemnify the applicant for damages incurred and pay a penalty of up to $1,000,000 for each day on which the contravention occurred or for each contravention (the “Penaltyʺ)4 depending on the nature of the contravention. In determining the amount of the Penalty the court must seek to promote compliance with CASL rather than to punish the contravener.
It should be noted that any person who has previously entered into an undertaking with the Canadian Radio-television and Telecommunications Commission (the “CRTC”) or received a notice of violation pertaining to the facts alleged in the private action will generally be exempt from paying the Penalty, but may still be required to indemnify the applicant for any harm sustained. Once the court of competent jurisdiction has agreed to hear the private action, the contravener will not be able to enter into an undertaking in order to avoid the imposition of a greater Penalty and the CRTC cannot serve a notice of violation on it in respect of the contravention.
3) Expiration of certain transitional provisions
July 1, 2017 will also witness the expiration of the transitional provisions set out in s. 66 of CASL. Those provisions allowed a person having had an existing business relationship5 or an existing non-business relationship6 with another person to continue sending CEMs to the former, whose implied consent to receiving them was presumed. As of July 1, 2017 the business or non-business relationship must have existed during the two years preceding that date, failing which the sender of a CEM will not be able to rely on the implied-consent presumption in order to send the message.
Consequently, all CASL compliance management systems will have to be reviewed in order to ensure that recipients who have not expressly consented to receive CEMs and with whom the sender has not had an ongoing business or non-business relationship during the past two years are removed from the distribution list. Businesses that have relied on a past business relationship with their clients in order to send them CEMs should also ensure that they obtain express consent from clients whom they have not dealt with for more than two years prior to July 1, 2017, failing which they will have to cease communicating with them through CEMs.
4) Application of CASL and impact of the provisions
Since CASL came into force, the CRTC has received more than 900,000 notices of contravention of the statute. Despite this impressive number of contravention notices, only the following six corporations and one individual have entered into an undertaking and paid a penalty or been ordered to pay a fine:
- 3510395 Canada Inc. (Compu-Finder) was fined $1,100,000 on March 5, 2015 for having sent emails without the consent of the recipients and for not having an appropriate unsubscribe mechanism included in the emails;
- Plentyoffish Media Inc. undertook to pay $48,000 on March 25, 2015 for not having an appropriate unsubscribe mechanism included in its messages;
- Porter Airlines Inc. undertook to pay $200,000 on June 29, 2015 for not having an appropriate unsubscribe mechanism included in its emails and for also not including sufficient information identifying it as the sender of the messages;
- Rogers Media Inc. undertook to pay $200,000 on November 20, 2015 for having sent CEMs that did not have either (i) an appropriate unsubscribe mechanism or (ii) a valid contact information for a period of at least 60 days after the CEMs was sent in order to allow the recipients of the CEMs to contact it;
- Kellogg’s Canada Inc. undertook to pay $60,000 on September 1, 2016 for having sent CEMs to recipients who had not consented to receiving them;
- Blackstone Learning Corp was fined $50,000 on October 26, 2016 for having sent CEMs to recipients who had not consented to receiving them;
- William Rapanos was ordered to pay a penalty of $15,000 for having sent CEMs to recipients who had not consented to receiving them and for not having an appropriate unsubscribe mechanism included in the messages;
While a significant portion of those 900,000 contravention notices concerned the above-mentioned corporations, and Compu-Finder in particular, the CRTC did not take action against each of the contraveners of which it was notified, either because it did not deem the contravention significant enough to justify deploying the resources required to secure the penalty, or simply did not have sufficient resources to do so.
With the coming into force of the provisions on private rights of action, contraveners are exposed to legal action not just from the CRTC, but from each of the recipients of a non-compliant CEM. It is accordingly more than likely that class actions will be brought on behalf of affected groups in order to benefit from the Penalties that may be awarded. The initial court decisions on such class actions will be interesting, as the amounts awarded are sure to have an effect on the popularity of that type of proceeding.
In order to avoid having to defend against such proceedings, we recommend that businesses review and improve their CASL compliance programs and provide their employees with updated training. As CASL establishes the liability of a business having the status of employer or mandator of a contravener to CASL, business using representatives and agents should also ensure to sensitize such representatives and agents to their obligations under CASL and to provide strict guidance with respect to communication that could be interpreted as being sent by, on behalf of or in the name of the business.
In addition, such compliance programs should ensure that a record is kept of all CASL-related compliance measures taken, and of all received consents in connection with CEMs. This will allow them to mount a defence of due diligence and limit their exposure to potential lawsuits. A plan outlining actions to be taken could also be put in place in order to be able to react appropriately in the event of a lawsuit and minimize its the consequences for the organization.
The authors would like to thank articling student Émilie Leblanc for her contribution to the drafting of this article.