By Richard Stobbe
Since July 1, 2014, Canada’s Anti-Spam Law (or CASL) has been in effect, and the software-related rules have been in force since January 15, 2015.
With the benefit of hindsight, we can see a few patterns emerge from the efforts by the enforcement trifecta: the Privacy Commissioner of Canada, the CRTC and the Competition Bureau. (For background, see our earlier posts) What follows is a round-up of some of the most interesting and instructive enforcement actions:
March 2015 – A notice of violation was issued by the Competition Bureau to 3510395 Canada Inc. (dba Compu.Finder) with an accompanying administrative monetary penalty of $1,100,000 for sending commercial electronic messages without the consent and for commercial electronic messages which contained an ineffective unsubscribe mechanism in violation of CASL.
March 2015 – A penalty of $48,000 was levied against Plentyoffish Media Inc. as part of an undertaking concerning an alleged CASL violation related to an unsubscribe mechanism that was not set out “clearly and prominently” and was not able to be “readily performed”.
March 2015 – The Competition Bureau commenced action against Avis Budget Group Inc. for deceptive marketing practices, seeking $30 million in administrative monetary penalties from the companies, and refunds for consumers. The Bureau took action under CASL since Avis and Budget used electronic messages to disseminate the alleged false or misleading representations.
June 2015 – Porter Airlines Inc. paid $150,000 as part of an undertaking concerning certain CASL violations that were very similar to those which caught Plentyoffish. The Porter allegations related to commercial electronic messages that contained an unsubscribe mechanism that was not set out “clearly and prominently”, or that were missing an unsubscribe mechanism.
November 2015 – Similarly, Rogers Media paid $200,000 as part of a CASL investigation into commercial electronic messages that either contained an unsubscribe mechanism that was not able to be “readily performed”, that did not enable the person to indicate their wish to no longer receive messages or that did not provide an electronic address for the purposes of unsubscribing that was valid for a period of 60 days after the message was sent.
This certainly points to the more technical risks of poorly implemented unsubscribe features, rather than underlying gaps in consent. Perhaps this is because heavy enforcement action related directly to consent is still to come. Implied consent can be relied upon during a three-year transitional period. After that window closes, expect enforcement to focus on failures of consent.
To put this all in perspective, consider enforcement of other laws within the CRTC mandate: in 2014 the CRTC did not issue any notices of violation of CASL, but issued 10 notices of violation related to the Unsolicited Telecommunications Rules and the National Do Not Call List (DNCL); in 2015 the CRTC issued 1 notice of violation of CASL and about 20 related to the Do Not Call List.
Calgary – 07:00 MT