CASL, the “Canada Anti-Spam Legislation”, came in to force on July 1, 2014 and is a federal law designed to address, in part, unsolicited electronic messages that are commercial in nature by requiring senders to obtain consent from intended recipients. Generally speaking, the senders of commercial electronic messages (or “CEMs”) must obtain express consent in a prescribed format.
Late last year, CASL was subject to a parliamentary review; in June, the federal government indefinitely suspended the private right of action (the “PRA”) that was scheduled to come in to force on July 1, and throughout the year, the Canadian Radio-television and Telecommunications Commission (the “CRTC”) continued its enforcement activities.
CASL was subject to parliamentary review in 2017 and hearings were held in the fall. In December, 2017, the House of Commons Standing Committee on Industry, Science and Technology issued its report, entitled “Clarifications Are In Order”. The Committee recommended, among other things, that clarification to the Act and regulations could help reduce the cost of compliance and better focus enforcement and that the CRTC focus on increased education efforts and improved transparency. The federal government’s response to this report is expected in 2018.
Private Right of Action Suspended
Many organizations were relieved when the Canadian government announced in June 2017 that the private right of action was indefinitely suspended. As drafted, the PRA provisions in CASL would have allowed individuals and businesses to file a lawsuit to recover damages if they felt they had been affected by an organization’s contravention of CASL. The potential cost awards were significant – in addition to compensatory damages, the court could have awarded up to $200 for each non-compliant CEM up to a maximum of $1 million for each day on which a contravention occurred. Additionally, CASL imposes personal liability on officers, directors and agents of a corporation if they directed, authorized, assented to or participated in the violation, regardless of whether or not the corporation is subject to a proceeding.
CASL Enforcement Activities
In March 2017, the CRTC released a Compliance and Enforcement Decisions against an individual, and imposed an administrative monetary penalty (“AMP”) of $15,000. The CRTC identified several violations of CASL, specifically that the emails were sent without the recipient’s consent, they did not identify the sender of the email and they did not contain a valid unsubscribe mechanism. In this decision, the CRTC discussed the factors that must be taken into consideration when determining the amount of an AMP.
In October 2017, the CRTC released a Compliance and Enforcement decision imposing a $200,000 AMP against CompuFinder. This amount had been reduced from the $1.1 million dollar penalty set out in the initial Notice of Violation. The CRTC found that CompuFinder was sending CEMs regarding educational and training services to recipients without consent and, in some instances, without a compliant unsubscribe mechanism. The CRTC’s decision provides importance guidance on the conspicuous publication rule and the “business to business” exemption and again highlights the importance of strict technical compliance, particularly as it relates to unsubscribe functionality. Further, the decision outlines the requirements for reliance on the due diligence defence (including the importance of record keeping, written policies and on-going monitoring) and the factors the CRTC will consider when determining the amount of an AMP.