The Uncertain Impact of CASL (Canadian Anti-Spam Legislation)

The Canadian Anti-Spam Legislation¹ was introduced in 2014 by the federal government. The effect of the legislation is to prohibit sending commercial electronic messages (“CEMs”) to “an electronic address via e-mail, instant messaging, telephone or any similar account unless the recipient has consented to receive the message and the message complies with certain formal requirements.”² The main contention with CASL is the scope of its provisions. Since its implementation, issues have arisen surrounding two types of concerns: the requirements necessary to comply with the Act and the scope of its enforcement.

I. CONFUSION SURROUNDING CASL COMPLIANCE

Uncertainty exists around what specific type of message content qualifies as a CEM under CASL. A message is considered a CEM if it is reasonable to conclude that one of its purposes is to encourage participation in a commercial activity.³ Indicators of commercial activity include the commercial content in the message, hyperlinks, or contact information within a message.⁴

With the potential of incurring significant penalties for breaching CASL, clarity as to what type of message content violates the legislation should be available; however, this has not been the case. This ambiguity was evident in the first decision released to the public by the Canadian Radio-Television and Telecommunications Commission (“CRTC”) for a CASL violation.⁵ Focusing only on the issues within the decision surrounding message content, Blackstone Learning Corp.⁶ elaborated on whether CASL required express commercial terms within a message to qualify as a CEM, something that was left open to interpretation under s. 1(2) of the Act.⁷ Despite there being no discussion of any specific commercial terms in the messages, the fact they contained references to discounts and group rates was sufficient to qualify as a CEM.⁸ While the decision provided clarity surrounding the compliance requirements for CASL, it cost Blackstone Learning Corp. a fifty thousand dollar penalty.⁹ Further clarification is needed; the scope of CASL is currently being learned on a case-by-case basis at the expense of small businesses.

The Canadian Bar Association (“CBA”) also commented on confusion surrounding the content requirements of CEMs in a recent letter to the House of Commons Committee on Industry, Science and Technology.¹⁰ Within the letter, the CBA states that the definition of a CEM is “overly broad and vague,” and “potentially sweeps in activities that go far beyond the illustrative examples listed in the Act”.¹¹ The CBA concluded “[t]he Act requires thoughtful amendments to clarify what is and is not a CEM and to ensure it focuses on CASL’s stated purpose.”¹²

Another area of confusion arising from CASL involves the consent requirements to send a CEM. There are two levels of consent involved here: implied and express. Express consent can be acquired either orally or in writing, the onus being on the party sending the message to prove express consent was obtained prior to the CEM being sent.¹³ Implied consent can be acquired in a number of ways, including previous commercial transactions with the recipient, an existing non-business relationship (e.g. membership in your club), by the recipient making their email address publicly known by publishing it online (“Conspicuous Publication”), and the electronic address being disclosed to the party who sends the message.¹⁴

Blackstone demonstrates that obtaining consent through these requirements is easier said than done. In Blackstone, the accused company believed it had implied consent through Conspicuous Publication, as the email addresses it sent messages to were publicly available online.¹⁵ However, the CRTC’s analysis of Conspicuous Publication added a condition, which was not expressly apparent in the statute.¹⁶ According to the CRTC, to have implied consent under this method, the address must be “published in such a manner that it is reasonable to infer consent to receive the type of message sent, in the circumstances.”¹⁷ This is a higher standard than an e-mail simply being publicly available, an expectation that was not clearly stated in s. 10(9) of the Act.¹⁸ Issues surrounding Conspicuous Publication persist, as a recent decision from the CRTC imposed a two hundred thousand dollar penalty on a business that believed it had implied consent to send CEMs.¹⁹

In the modern age, where business is rapidly trending towards online marketing, it is vital that a business understands with certainty who it can and cannot contact. The consent requirements under CASL do not satisfy this condition, ultimately creating confusion and an administrative burden for business owners and consumers.

II. UNCERTAINTY SURROUNDING ENFORCEMENT

Another area of uncertainty surrounds Administrative Monetary Penalties (“AMPs”), which are arguably CASL’s most troubling feature. AMPs can range up to a maximum of one million dollars for individuals and ten million dollars for businesses per violation.²⁰ Further, the Act operates under vicarious liability, meaning not only can corporate directors be found liable for the wrongful acts of their corporation, but a corporation can also be found liable for the wrongful acts of its employees.²¹ The process by which AMPs are determined places broad discretion in the hands of the CRTC, making it difficult, if not impossible, to predict the penalty amount that will be imposed. This issue is demonstrated in Blackstone, wherein nine violations totaling 385,668 CEMs being sent generated an initial AMP of six hundred and forty thousand dollars.²² Based on submissions from Blackstone Learning Corp. in dispute of this amount, as well as other factors, the penalty was reduced to fifty thousand dollars.²³ Blackstone provided insight into how the factors considered by the CRTC are applied in determining an appropriate AMP. The factors considered were as follows:

• The purpose of the penalty;
• The nature and scope of the violations;
• Financial benefit;
• Ability to pay; and
• Other relevant factors (in Blackstone there was a lack of cooperation with respect to a notice to produce and a lack of indicators of self-correction).²⁴

Despite these factors reducing the AMP by five hundred and ninety thousand dollars, this provides little comfort for businesses. The maximum fines under CASL are substantial and whether they are reduced and by how much is at the complete discretion of the CRTC. With only a handful of decisions to demonstrate how this process is completed, the Canadian government should provide further guidance in this area. This could be accomplished through releasing detailed guidelines surrounding AMP, as was done for implied consent.²⁵

III. CONCLUSION

Amendments should be made to CASL, lessening the burden on businesses regarding consent requirements and narrowing the message content that is captured under CEM. Further, additional guidance on the AMP calculation process for a CASL violation should be made available. These would be positive steps toward eliminating the confusion felt by Canadian businesses and consumers caused by this legislation.

---

^* JD Candidate (University of Saskatchewan).

¹ An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010, c 23 [CASL].

² CED 4th (online), Internet Law, “E-Commerce: Spam: Canada’s Anti-spam Legislation” at §91 [CED].

³ CASL, supra note 1, s 1(2).

⁴ Ibid.

⁵ Blackstone Learning Corp.—Violations of Canada’s Anti-Spam Legislation (26 October 2016), 2016-428, online: CRTC <http://www.crtc.gc.ca/eng/archive/2016/2016-428.htm>, archived: <https://perma.cc/3BQZ-7553> [Blackstone].

⁶ Ibid.

⁷ CASL, supra note 1.

⁸ Blackstone, supra note 5 at para 18.

⁹ Ibid at para 63.

¹⁰ (23 October 2017) online: <https://www.cba.org/Sections/Competition-Law/Submissions-and-Legislative-Updates/Submissions>, archived: <https://perma.cc/PGR8-2PRZ>.

¹¹ Ibid.

¹² Ibid.

¹³ Canadian Radio-television and Telecommunications Commission, “From Canada’s Anti-Spam Legislation (CASL) Guidance on Implied Consent” (2015), online: <http://www.crtc.gc.ca/eng/com500/guide.htm>, archived: <https://perma.cc/B9HU-25K5> [“Guidance on Implied Consent”].

¹⁴ Avery Swartz, “New Anti-spam Law Changes Bring More Confusion for Business Owners”, The Globe and Mail (8 June 2017), online: <http://www.theglobeandmail.com/report-on-business/small-business/sb-marketing/new-anti-spam-law-changes-bring-more-confusion-for-business-owners/article35248920>, archived: <https://perma.cc/XP96-TYAW>.

¹⁵ Blackstone, supra note 5 at paras 20-22.

¹⁶ Daniel GC Glover et al, “7 Practical Lessons from CRTC’s First CASL Enforcement Decision” (27 October 2016), McCarthy Tétrault (Article) online: <https://www.mccarthy.ca/en/insights/blogs/snipits/7-practical-lessons-crtcs-first-casl-enforcement-decision>, archived: <https://perma.cc/43SE-38KM>.

¹⁷ Ibid (emphasis in original), citing Blackstone, supra note 5 at para 26.

¹⁸ CASL, supra note 1.

¹⁹ 3510395 Canada Inc., operating as Compu.Finder—Violations of Canada’s Anti-Spam Legislation (October 17, 2017), 2017-368, online: CRTC <http://www.crtc.gc.ca/eng/archive/2017/2017-368.htm>, archived: <https://perma.cc/L7YC-8JBM> at paras 65-74, 126.

²⁰ CASL, supra note 1, s 20(4).

²¹ Ibid, s 45.

²² Blackstone, supra note 5 at paras 2-3.

²³ Ibid at para 63.

²⁴ Ibid at paras 39-59.

²⁵ “Guidance on Implied Consent”, supra note 13.