The CRTC has issued its first compliance and enforcement decision (“Decision“) regarding Canada’s anti-spam legislation (“CASL“).1 In the Decision, the CRTC delves into interpreting CASL for the first time since the commercial electronic messaging provisions of the law came into force in July, 2014.
CASL provides for extensive regulation on the sending of commercial electronic messages or “CEMs”. CASL defines a CEM to be:
…an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity…2
CASL further provides that, in order to send a CEM, the sender must have the express or implied consent of the recipient. In the CASL context, implied consent is limited to: (i) where the sender has an “existing business relationship” or an “existing non-business relationship” with another person (as these terms are defined in CASL); or (ii) in connection with messages that are sent to a person in a business or official capacity, where the recipient has conspicuously published their electronic address or has disclosed it to the sender, without a statement that the person does not want to receive unsolicited CEMs and the message is relevant to the person’s business role, functions or duties in a business or official capacity.3
By notice of violation issued on January 30, 2015, the CRTC found that Blackstone Learning Corp. (“Blackstone“) had violated the consent provisions of CASL by sending over 385,000 CEMs without the consent of the recipients, who were mainly government employees. The CEMs advertised educational training services offered by Blackstone. In the notice of violation, the CRTC set out an administrative monetary penalty (“AMP“) of $640,000. Prior to the deadline for paying the AMP or making representations regarding the violations, Blackstone made representations stating that it had implied consent based on guidance provided by the Department of Industry and that the amount of the AMP was unreasonably high.
Blackstone stated that it had implied consent from the recipients, since their email addresses were publicly available online and provided an email from the Department of Industry in support of its position. In the Decision, the CRTC noted that Blackstone had contacted the Department of Industry, posing a general question on the relationship between publication and implied consent. A Department of Industry employee responded by quoting the relevant provisions in CASL. The CRTC found that this communication could not form the basis of implied consent.
The CRTC found that the conspicuous publication exemption and its related requirements set a higher standard than mere public availability of electronic addresses: the CEM must be relevant to the recipient’s employment or role and the recipient must not have indicated that he or she does not wish to receive unsolicited CEMs. The CRTC stated that:
…the Act does not provide persons sending commercial electronic messages with a broad license to contact any electronic address they find online; rather, it provides for circumstances in which consent can be implied by such publication, to be evaluated on a case-by-case basis.4
The CRTC found that Blackstone failed to satisfy the requirements for the exemption, as it failed to provide the following information: (i) how or where the email addresses were discovered; (ii) when the email addresses were obtained; (iii) whether the email addresses were published conspicuously; (iv) whether the addresses were accompanied with a statement that the recipient did not wish to receive unsolicited CEMs; and (v) how Blackstone determined whether the CEM was relevant to the roles of the recipients. Ultimately, Blackstone’s general statement that it complied with CASL and that implied consent covers publicly available email addresses did not satisfy the requirements of CASL regarding implied consent.
The CRTC then reviewed the amount of the AMP applied and noted that Blackstone is a small business and that paying the $640,000 AMP would represent several years of annual revenues of the company, based on the company’s unaudited financial statements. Given that CASL is a new regulatory regime and Blackstone’s lack of history of non-compliance with CASL or related legislation, the CRTC reduced the AMP to $50,000, noting that this penalty was more appropriate to the case and that the penalty would encourage compliance with CASL in the future by acting as a general deterrent. The CRTC did note, however, that Blackstone failed to cooperate with the CRTC throughout the investigation and representation process.
The Blackstone decision shows that the CRTC is serious about enforcing CASL violations. Any business engaged in marketing and promotional activities should take note of this decision and the extensive requirements that are in place regarding publicly available electronic addresses. If a business does send CEMs to addresses found online, it should put in place procedures to collect and retain information to satisfy the exemption, including noting where, how and when the address was located, how the sender determined that the CEM was relevant to the role of the recipient and that there was no statement of not wishing to receive CEMs. The Decision also shows the importance of cooperating with the CRTC in providing requested information. On a positive note, if a business receives a notice of violation, there is an opportunity to provide representations to the CRTC and potentially change the CRTC ruling on violations and/or penalties.
1 Compliance and Enforcement Decision CRTC 2016-428, October 26, 2016.
2 CASL, subsection 1(2).
3 CASL, section 10(9).
4 Decision, paragraph 28.