On June 5, 2020, the Federal Court of Appeal (FCA) issued its decision on the appeals by 3510395 Canada Inc., operating as Compu.Finder (CompuFinder), of two related compliance and enforcement decisions of the Canadian Radio-television and Telecommunications Commission (CRTC).
In 2017, the CRTC imposed an administrative monetary penalty (AMP) on CompuFinder, a company engaged in the provision of professional training services, for failure to comply with the consent and unsubscribe requirements in CASL in relation to commercial electronic messages (CEMs) sent by CompuFinder. The CRTC dismissed CompuFinder's arguments that the CEM requirements in CASL are not valid federal legislation and breach Charter rights, including freedom of expression and protections for persons charged with an offense. The CRTC also rejected CompuFinder's claim that it had satisfied the business-to-business (B2B) exemption and met the conspicuous publication requirements for implied consent in CASL. The CRTC did, however, reduce the AMP proposed in the notice of violation issued to CompuFinder from $1,100,000 to $200,000. We reported on the CRTC decisions here.
In addition to upholding the constitutionality of CASL, the FCA decision provides important guidance on the B2B relationship exemption to CASL's CEM requirements as well as for a finding of implied consent to receive CEMs through conspicuous publication of email (and other electronic) addresses.
The FCA upheld Parliament's authority to enact CASL and found that CASL did not violate the Charter
The FCA held that the purpose and effect of the CASL CEM provisions are "to regulate the public's ability to send unsolicited CEMs in order to guard against the threats that such messages can pose to Canada's e-economy", a matter that falls within Parliament's authority over trade and commerce affecting Canada as a whole.
The Court also determined that the infringement of the Charter right to freedom of expression resulting from the CASL CEM provisions is justified under section 1 of the Charter. Specifically, the Court held that the CASL CEM requirements are sufficiently precise to be prescribed by law, address a pressing and substantial objective, and have benefits that are proportional to the negative impact on expression. In reaching these conclusions, the Court rejected arguments that CASL definitions of "commercial activity" and "commercial electronic message" are impermissibly vague and dismissed an "opt-out" approach as a viable alternative to the CASL CEM requirements.
The FCA also dismissed CompuFinder's arguments relating to breach of the Charter section 11(d) procedural protections for persons charged with an offense, section 7 protection of life, liberty and security of the person, and section 8 protection against unreasonable search and seizure. The Court held that the CASL AMP regime is regulatory rather than criminal in nature, and that the AMP sanctions are not, as a general matter, penal. In addition, the Court upheld the CRTC's conclusion that the AMP imposed on CompuFinder was not a true penal consequence, finding no obvious error in the CRTC's analysis of this issue. The FCA held that CompuFinder, as a corporation, had no standing to bring a claim under section 7 of the Charter. Finally, the Court found that the production order issued to CompuFinder under CASL satisfied the lessor standard applicable to a regulatory order to produce - that the material sought is relevant to the inquiry
In considering the B2B exemption the FCA summarized the conditions that must be met for the exemption to apply as follows:
- A CEM is sent by an employee of one organization to an employee of another organization;
- Those organizations have a relationship (Relationship Requirement); and
- The CEM concerns the activities of the receiving organization (Relevance Requirement).
The CRTC had determined the appellant's emails did not meet the second and third requirements for the exemption.
The Relationship Requirement
CompuFinder argued that the reference to "relationship" in the B2B Exemption, being undefined, must be given "significantly broader" meaning than the definition of "existing business relationship" (EBR) set out in CASL. Specifically, CompuFinder argued that because the recipient organizations had purchased courses from it, which would be sufficient to give rise to an EBR with an individual purchaser, then these purchases must also be sufficient to give rise to a relationship between CompuFinder and the recipient organizations for the purposes of the B2B exemption.
The FCA disagreed, finding the CRTC committed no palpable and overriding error in holding that the existence of a contract between CompuFinder and an organization for the purchase of courses for one or two employees is not determinative of whether a relationship exists for purposes of the B2B exemption. In reaching this conclusion, the court noted that the CRTC did not find that a contract between an organization and sender could never give rise to such a relationship. The court also held that because the effect of the B2B exemption is more expansive than implied consent arising from an EBR, a relationship under the B2B Exemption "should in fact be more demanding".
Indeed, the B2B exemption is a total exemption to the requirements of CASL's CEM provisions (including all message content requirements and the unsubscribe mechanism requirements) while an EBR only offers a time-limited basis for implied consent. The Court, however, focused its analysis on the notion that while the B2B exemption allows a sender to send CEMs to "every other employee" of an organization, an EBR in the case of CompuFinder would only provide implied consent from the individual who took or paid for the CompuFinder courses. The Court made this latter comment despite the definition of "person" under CASL expressly including a corporation or organization, and its recognition that CompuFinder had submitted "proof of payment from the organization… for one or two of the organization's employees".
Finally, the Court confirmed that the CRTC's decision does not require that a relationship for the purposes of the B2B exemption be established only through employees with authority to bind their organization, but rather that this evidence might have assisted in establishing a relationship within the meaning of the B2B exemption.
CompuFinder argued that its CEMs concerned the activities of the recipient organizations as they promote employee-training services, and the recipients are legally required under Quebec law to invest in employee training. The Attorney General argued in turn that for the purposes of the Relevance Requirement, the term "activities" does not include all of the activities an organization carries out to comply with its many legal obligations and should be limited to the organization's core activities.
The FCA did not agree with either position and found that where an organization pays for employee training courses—whether or not it is legally obligated to do so—the activities of that organization can include the purchase of employee training courses. The court also noted that relevance of CEMs will often be established by virtue of the relationship between the sender and the recipient organization.
In this case, the FCA found that the CEMs sent by CompuFinder would satisfy the Relevance Requirement if CompuFinder was able to show that the recipient organizations had purchased similar courses in the past or had plans to engage them in the future.
Implied Consent – Conspicuous Publication (s. 10(9)(b))
As with the case of the B2B exemption, the Court found no palpable and overriding error in the CRTC's rejection of CompuFinder's arguments that it had the implied consent of recipients under section 10(9)(b) of CASL based on the conspicuous publication of the relevant electronic addresses. The Court summarized the section 10(9)(b) requirements as follows:
- The recipient has conspicuously published or caused to be conspicuously published their electronic address;
- The publication is not accompanied by a statement that the recipient does not wish to receive CEMs; and
- The CEM is relevant to the business, role, functions or duties of the recipient individual or organization.
The CRTC determined that at least some of the email addresses to which CompuFinder sent CEMs were taken from third-party directory websites that did not indicate whether the site's content was user-submitted or from sites with disclaimers that unsolicited CEMs should not be sent to the addresses. For these addresses, the CRTC held that either recipients had indicated that they did not want to receive CEMs or that CompuFinder had failed to show the recipients had "conspicuously published or caused to be conspicuously published" their email addresses. The FCA disagreed with CompuFinder's position that the CRTC erred by failing to clarify the phrase "conspicuous publication" and found that the CRTC correctly applied the express language of CASL.
The FCA also upheld the CRTC's application of the relevance requirement for conspicuous publication implied consent. While CompuFinder argued that the condition was met because the addresses it collected in some cases included the recipient's job title allowing it to identify the roles of recipients within their organizations, the CRTC found instead that CompuFinder merely speculated about the recipients' roles and was not able to comment on the functions of recipients for which CompuFinder had no job title. The FCA remarked that in both cases CompuFinder could not show that the CEMs were relevant to the recipients' role in the organization and thus could not demonstrate implied consent based on conspicuous publication. The Court went on to say that organizations seeking to rely on conspicuous publication implied consent should be "prepared to state explicitly the "business, role, functions, or duties" of recipient individuals or organizations".
Finally, the FCA did not find error in the CRTC's finding that a CEM with two unsubscribe mechanisms, only one of which is functional, does not feature an unsubscribe mechanism that is "clearly and prominently" set out and can be "readily performed" as required under CASL regulations. The Court noted that the mere existence of two links "gives rise to obscurity and creates confusion", regardless if one of the mechanisms otherwise would meet the requirements.
These determinations highlight the limitations on the B2B exemption and conspicuous publication implied consent, as well as the importance of documenting satisfaction of the required elements of any implied consent or exemption to CASL on which an organization intends to rely. Without such documentation, reliance on these provisions for compliance with CASL will not withstand CRTC scrutiny and any defence or appeal is likely to be unsuccessful.