On October 19, 2017, the Canadian Radio-television and Telecommunications Commission (CRTC) handed down two decisions[1] in response to CompuFinder’s challenge to the notice of violation issued under Canada’s Anti-Spam Legislation (CASL).[2] As reported in a previous legal update, the notice set out a penalty of $1.1 million.
CompuFinder raised a challenge to the constitutionality of CASL, arguing, among other things, that CASL: (i) had not been validly enacted by the federal Parliament and (ii) contravened the Canadian Charter of Rights and Freedoms (Charter) by infringing CompuFinder’s freedom of expression and other protections conferred by sections 7, 8 and 11 of the Charter. CompuFinder also challenged the amount of the penalty.
In its two decisions, the CRTC determined CASL to be constitutional and confirmed CompuFinder’s violation of CASL. However, it reduced the amount of the monetary penalty to $200,000.
Constitutionality of CASL
In its first[3] decision, the CRTC determined that CASL was intra vires the legislative powers of the federal Parliament, under the general trade and commerce head of power of subsection 91(2) of the Constitution Act, 1867. The CRTC also determined that, although the impugned provisions of CASL violated the freedom of expression guaranteed by section 2(b) of the Charter, the violation was justified under section 1 of the Charter. Lastly, the CRTC determined that sections 7, 8 and 11 of the Charter did not apply because the proceedings under CASL were administrative and not criminal or penal in nature, despite the potential for hefty penalties.
Violation of CASL and monetary penalty
In its second decision,[4] the CRTC determined that CompuFinder had committed the offences described in the notice of violation, but that the imposed amount was unreasonable under the circumstances. In arriving at this determination, the CRTC made a number of interesting observations regarding the interpretation of certain relevant CASL concepts.
“Business-to-business” (B2B) exemption
Relying on invoices and proofs of payment for single training sessions given to an individual within the recipient’s organization, CompuFinder maintained that, owing to the “business-to-business” exemption, among others, section 6 CASL did not apply to the messages it had sent.
However, the CRTC determined that the mere fact that an organization paid for training on behalf of one of its employees was not sufficient to demonstrate an existing relationship that would allow for a complete exemption from CASL that would permit every other employee of the recipient to be solicited. Such invoices were, however, evidence of an existing business relationship with the employee who had attended that training session, and such a relationship could create implied consent to send commercial electronic messages (CEMs) to that employee, pursuant to paragraph 10(9)(a) CASL.
The CRTC thus made an important distinction between the business-to-business exemption (which provides that CASL does not apply to the sending of all CEMs to all employees, representatives or consultants of another organization if the organizations have a relationship and the message concerns the activities of the organization to which the message is sent) and implied consent (which is only valid for the sending of CEMs to a specific individual in an organization with whom the sender has an existing business relationship).
Unsubscribe mechanism
A key issue raised regarding CompuFinder’s unsubscribe mechanism was that some CEMs contained two unsubscribe links, one of which was functional and the other of which produced an error when accessed. This issue created confusion and frustration among those who wished to no longer receive CEMs from CompuFinder. The CRTC stated that the inclusion of two unsubscribe mechanisms did not satisfy the CASL clarity requirements, particularly when one of the links did not work.
The CRTC’s decision underscores the importance of having functional and easy-to-use unsubscribe links.
Implied consent
CompuFinder claimed that it had obtained the recipients’ implied consent under paragraph 10(9)(b) of CASL because the recipients had conspicuously published their electronic addresses. The CRTC determined that the conspicuous publication exemption sets a higher standard of proof than the simple public availability of electronic addresses and only applies when consent can be reasonably inferred according to the other conditions of that provision, including the relevance of the CEMs to the person’s business, role, functions or duties in a business or official capacity. In view of the circumstances, the CRTC determined that CompuFinder had not met the criteria.
The CRTC therefore determined that CEMs may not be sent to electronic addresses simply on the basis that the addresses are available on the Internet: for this exemption to apply, other conditions, including relevance, must also be met.
Due diligence
CompuFinder argued that it had demonstrated due diligence by implementing a comprehensive CASL compliance program. The CRTC observed, however, that some of those measures had been taken after the period of the violations and therefore had to be excluded from the analysis of this ground of defence. As for steps taken prior to that period, the CRTC noted that the company had not adopted written policies, ongoing audit and monitoring mechanisms and procedures for dealing with third parties to confirm compliance and had not provided adequate training to its employees. Consequently, the measures implemented by CompuFinder were not sufficient.
In brief, in order to establish a due diligence defence with respect to a violation, companies must take precautions by adopting measures consistent with those required by the CRTC. The CRTC also took this opportunity to confirm that the guidelines issued by it represent the minimum acceptable standard to ensure CASL compliance.
Reasonableness of the penalty amount
The CRTC found that CompuFinder had violated the CASL provisions, but reduced the penalty to $200,000. To determine whether the penalty was reasonable, the CRTC considered the factors listed in section 20(3) of CASL. In this regard, CompuFinder did not have any history with respect to any previous CASL violation. The company had not paid compensation to persons affected by the violations, but had not obtained any financial benefits tied to the violations. In ascertaining whether CompuFinder, given its financial position, had the ability to pay the initial penalty of $1.1 million, the CRTC pointed out that an organization’s annual revenues should be considered, as opposed to its annual profits, because they are generally a better indicator of an organization’s ability to pay. The CRTC also considered the following relevant factors: the general deterrence associated with a penalty, cooperation with the investigation, self-correction (i.e. the efforts made to comply with CASL and to correct deviations from the requirements as quickly as possible) and the proportionality of the penalty.
On November 20, 2017, CompuFinder appealed the two decisions to the Federal Court of Appeal.[5]
Footnotes
1 3510395 Canada Inc., operating as Compu.Finder – Constitutional Challenge to Canada’s Anti-Spam Legislation, October 19, 2017, CRTC 2017-367; 3510395 Canada Inc., operating as Compu.Finder – Violations of Canada’s Anti-Spam Legislation, October 19, 2017, CRTC 2017-368.
2 An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23.
3 3510395 Canada Inc., operating as Compu.Finder – Constitutional Challenge to Canada’s Anti-Spam Legislation, supra Note 1.
4 3510395 Canada Inc., operating as Compu.Finder – Violations of Canada’s Anti-Spam Legislation, supra Note 1.
5 Court Nos.: A-382-17 and A-383-17.