Anti-Spam Law: changes coming (or not?)
By Olivia H. Gile, University of Ottawa
Canada's Anti-Spam Legislation ("CASL"), in effect since July 1, 2014, was implemented in different phases, the last of which provides for a private right of action (“PRA”), and would have been enforceable starting July 1, 2017. However, on June 7, 2017, Innovation, Science and Economic Development Canada confirmed that the application of the provisions relating to the PRA would be suspended indefinitely. This blog will summarize the obligations imposed by CASL before dealing with the challenges raised by the final phase of adoption.
A. The framework imposed by CASL
CASL is designed to protect Canadians by ensuring that businesses can compete in the international market. To achieve this, the law aims to make electronic commerce secure by regulating the use of commercial technological vehicles.
(1) How can a company comply with CASL?
CASL applies to any commercial electronic message ("CEM"), i.e. any communication that is designed through its content, by references included in its content, or by the context in which it is presented, to encourage the addressee to participate in a commercial activity. Furthermore, the initiator of a CEM must necessarily have:
- Obtained the consent (express or implied) of the addressee;
- Included all of the sender's identification information; and
- Provided an opt-out or unsubscribe mechanism.
(2) Who is responsible for implementing CASL?
CASL is implemented by three governmental agencies: the Canadian Radio-Television and Telecommunications Commission ("CRTC"), the primary agency for enforcement by investigation, adopting measures, and imposing administrative monetary penalties; the Office of the Privacy Commissioner of Canada, which protects the confidential information of Canadians; and the Competition Bureau, which conducts investigations and takes measures against unfair commercial practices.
(3) Various interpretations since July 1, 2014
Up until now, the CRTC, which handles investigations and takes action or sets administrative monetary penalties, has completed four undertakings and issued one notice of violation. The complaints of the CRTC have related to the addressee's consent and the unsubscribe mechanism.
With regard to the addressee's consent, the CRTC stipulated the need to have the consent of the addressee for any CEM sent, reiterating that the sender must retain proof of consent for each email address. Recently, Kellogg Canada Inc. had to pay a $60,000 fine for its violation of this obligation.
The CRTC also specified that any CEM must include an unsubscribe mechanism that is set out "clearly and prominently" and that is readily performed. This mechanism must be valid for a minimum of 60 days after the CEM is sent. If there is more than one unsubscribe link, they must all be readily performed. Unsubscribe requests must be processed within 10 business days after the CEM is sent, without action required by the addressee.
B. Private right of action
The PRA, provided for in sections 47 to 51 and 55, will increase the risks of enforcing CASL, because it allows any individual, association or company to seek damages if it was subject to:
- A violation of sections 6 to 9 of CASL;
- A violation of subsections 7.1(2) and (3) of the Personal Information Protection and Electronic Documents Act, or
- A fraudulent or misleading CEM sent as defined in the Competition Act.
Nevertheless, it is necessary to take recourse within three years by application to a court of competent jurisdiction.
The courts have jurisdiction to order compensatory and non-compensatory penalties. A number of entities comply with the Act because of the particularly heavy fines:
|Violation of Section 6||Violation of Sections 7 or 8||Violation of Section 9|
$200 per contravention or
$1,000,000 per day of contravention
|$1,000,000 per day of contravention||$1,000,000 per day of contravention|
C. Criticism and final comments
The applicability of the last phase is still uncertain. At the moment, CASL does not specify whether a remedy may be initiated for violations prior to July 1, 2017. Because of the gaps in CASL, a few Canadian organizations—including the Canadian Bar Association—have asked the government to delay the entry into force of the PRA in order to perform an exhaustive review of CASL.
According to others, the last phase is an exaggeration, since the amount of spam sent has diminished and email servers can now effectively sort the emails received. In the spirit of modernizing the legislative scheme, it is more appropriate to target the laws aimed at protecting personal information that are manifestly outdated, which no longer adequately address the current concerns and technological realities of Canadians.
The Canadian government has confirmed that the delay implemented for the last phase is designed to allow a parliamentary committee to examine the provisions. The government supports a balanced approach that protects the interests of consumers, while avoiding unintended consequences for organizations that legitimately communicate electronically.
anti-spam CASL consumer protection privacy