On October 26, 2016, the Canadian Radio-television and Telecommunications Commission (the "CRTC") issued its first decision in a contested enforcement proceeding under Canada's anti-spam legislation (commonly referred to as "CASL"). Although CRTC staff have previously entered into four undertakings settling alleged violations of CASL (with penalties ranging from $48,000 to $200,000), the details underlying those undertakings are not public.
Given the non-public nature of recent CRTC enforcement actions, this decision offers some insight into how the CRTC interprets and applies certain aspects of CASL. In particular, this decision (i) reinforces the requirements for establishing implied consent based on conspicuous publication of email contact information; and (ii) provides important insight into how the CRTC determines an appropriate penalty for CASL violations.
The Notice and the Decision
According to the decision, the CRTC compliance and enforcement branch issued a Notice of Violation (the "Notice") to Blackstone Learning Corp. ("Blackstone") in January 2015, alleging that Blackstone had conducted nine commercial email messaging campaigns between July 9 and September 18, 2014, involving 385,668 emails sent without consent of the recipients. The notice sought payment of an administrative monetary penalty of $640,000. Blackstone challenged the Notice by making representations to the CRTC, arguing that it had implied consent to send the emails, and that even if it breached CASL, the administrative monetary penalty was unreasonably high.
In the decision, the CRTC rejected Blackstone's argument that it had implied consent, but agreed with Blackstone that the administrative monetary penalty was too high, substantially reducing it to $50,000. In the absence of proof of consent, the CRTC concluded that Blackstone had committed nine violations of CASL – meaning one violation for each email campaign – notwithstanding that 385,668 emails had been sent. This manner of proceeding is consistent with the approach CRTC staff have taken in enforcing the Unsolicited Telecommunications Rules, whereby a remedy is sought for a representative number of violations. However, and as discussed below, the total number of emails (or calls) remains an important factor in the assessment of remedy.
Conspicuous Publication Exception
Under the so-called "conspicuous publication" exemption, implied consent will exist where (i) the person to whom the email is sent has conspicuously published or caused to be published the email address; (ii) the publication of the address is not accompanied by a statement that the person does not wish to receive unsolicited messages; and (iii) the message is relevant to the person's business, role, functions or duties in a business or official capacity. In the decision, the CRTC highlighted the third requirement – stating that the exception does not provide organizations with a "broad licence to contact any electronic address they find online"; rather, organizations must ensure that, on a case-by-case basis, the message is relevant to each recipient.
The decision also underscores the requirement to maintain detailed records addressing all of the required elements of the consent that is being relied upon. In the case of the conspicuous publication exception, this may prove cumbersome (e.g. by retaining screen captures of the webpage on which each address is published). It remains unclear how the exception applies if the recipient's circumstances change, such as a change in business or role; the subsequent addition of a 'do-not-solicit' statement to recipient's published address; or the recipient discontinuing publication of the address.
Factors in Determining Penalty
Having found that nine violations of CASL had been established, the CRTC proceeded to identify and apply the following factors in determining an appropriate monetary penalty:
- The purpose of the penalty – the penalty should promote general deterrence but must not be so large as to "lead to the imposition of true penal consequences". Thus the amount must be sufficient to incent the person to change behaviour, but not so large are to preclude the person from continuing to operate on a commercial basis. This analysis supported a lower penalty for Blackstone than was requested in the Notice.
- Nature and scope of the violations – the total number of emails (not the number of violations), time period over which they were sent, nature of the recipients, and number of complaints received were considered. While the number of messages and disruption to recipients in this case was significant, the relatively short duration of the campaigns supported a reduced penalty.
- Financial benefit – there was insufficient evidence to assess financial benefit and, as a result, this factor was not considered.
- Ability to pay – the penalty requested in the Notice represented several years of annual revenues for Blackstone, thus exceeding its ability to pay and supporting a lower penalty.
- Lack of cooperation – Blackstone's refusal to cooperate with the investigation, including its refusal to produce requested information, increased the need for a penalty.
- Self-correction – Blackstone's initial efforts to understand its compliance obligations, although limited, indicated some potential for self-correction, supporting a lower penalty.
- History of non-compliance – the absence of any history of non-compliance by Blackstone with CASL and "related acts" supported a reduced penalty.
- Magnitude of penalties under the Unsolicited Telecommunications Rules – the penalty sought in the Notice was well in excess of penalties that have been imposed for breach of the CRTC's telemarketing rules, including for breach of the consent requirements for "robo-calls", suggesting a lower penalty was appropriate.
Blackstone also benefited from the fact that CASL was a "relatively new" regime when the violations occurred, and the CRTC's guidance on implied consent was not published until the later stages of the email campaigns in issue (a factor that is likely to have limited application going forward).
It is interesting to note that a notice of violation issued to Compu.Finder in March 2015 for four violations of CASL, sought a higher penalty of $1,100,000. It is not known whether this notice was contested and remains before the Commission or was simply paid. However, as the Blackstone Decision makes clear, numerous factors will be considered in the assessment of an appropriate penalty under CASL and the number of emails sent remains an important and relevant factor even if a much lower number of violations is alleged.