It is no secret that Canada’s anti-SPAM legislation is extremely restrictive when it comes to commercial electronic messages. In short, CASL regulates all commercial electronic messages that are sent or accessed by computer systems located within Canada.
CASL has created a strict “opt-in” regime. Thus, allowing a third-party to “opt-out” or using a pre-checked box will not fly. In no uncertain terms and in the absence of a specifically enumerated exception, CASL requires senders of electronic messages with a purpose to encourage participation in a commercial activity, to obtain express or statutorily-defined implied consent (e.g., existing business relationship) from recipients prior to transmission.
CASL covers those sending commercial electronic messages, as well as those causing or permitting such messages to be sent. Marketers and the third-party service providers that are retained to send such messages on their behalf face potential liability.
CASL also encompasses messages sent by any means of telecommunication, including a text, sound, voice or image message, email and social media messages. Requests for consent and compliant unsubscribe functionality requirements, are clearly defined.
Importantly, CASL regulates all third-party communications where there exists any degree of commercial content. Unless a third-party has previously consented to receipt, those doing business, non-profit organizations and individuals using electronic means to communicate in Canada are exposed to substantial liability.
Prohibitions against the installation of software on another’s computer without express consent went into effect in January 2015. Effective July 1, 2017, CASL shall provide for a private right of action that will allow individuals and organizations to obtain a court order or compensation for violations.
The maximum penalty under CASL is CAN $1 million, per violation for an individual and CAN $10 million, per violation for an organization. Penalties under the private right of action can amount to as much as CAN $200.00, per violation, with a maximum of CAN $1 million, per day. In addition to penalties, damages and statutory damages, violations can lead to personal liability for officers and directors.
CASL also addressed the use of mailing lists. Organizations may, under certain circumstances, obtain consent for a third-party to send commercial electronic promotional messages. The organization that obtained the consent may authorize others to use it, but only if, without limitation, the authorizing organization contractually requires the authorized party to identify the authorizing organization that obtained consent and the authorized party provides a broad unsubscribe mechanism that meets clearly defined requirements. Provisions also exist with respect to managing withdrawals of consent, including, without limitation, specific notice obligations.
Most Recent Enforcement Decision
CRTC recently announced that Kellogg Canada has voluntarily entered into an undertaking respecting alleged non-compliance with CASL’s consent requirements in 2014, which includes payment of $60,000 in penalties. The undertaking also includes a commitment to require third-party service providers to comply with CASL.
While few details have been provided regarding the specific nature of the purported violations, it does appear that they arose, in part, due to the activities of a third-party service provider. It also appears that Kellogg made good faith efforts to comply with CASL and to ensure that third-party service providers did so, as well.
Liability for CASL violations may be lessened if preventative due diligence is established. Thus, the Kellogg matter raises an important issue – the extent to which diligently vetting, selecting and instructing third-party service providers mitigates potential liability in the event of non-compliance.
Contact an experienced Federal Trade Commission defense and compliance lawyer with any questions regarding the similarities and differences between the CAN-SPAM Act and Canada’s anti-SPAM legislation. Given the impending private right of action, this matter should be of particular interest to corporate counsel interested in implementing written compliance policies, training protocols and compliance monitoring methodologies.
Richard B. Newman is an Internet law, online marketing compliance, telemarketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns across all media channels, regularly representing and defending clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, complex commercial litigation defense, SPAM law compliance and litigation defense, intellectual property transactional and litigation matters, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.
HINCH NEWMAN LLP. ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result.