ANTI-SPAM LAW: A BITTER REMINDER OF ITS APPLICATION

Anti-Spam Law: A Bitter Reminder of its Application
Geneviève Hallé-Désilets et Caroline Jonnaert [a]
ROBIC LLP
Lawyers & Patent and Trademark Agents
Last December 8, the Canadian Radio-television and Telecommunications Commission (the “CRTC”) announced that it had reached a settlement with clothing retailer Gap Inc. (“Gap”) for alleged violations of Canada’s Anti-Spam Law (“CASL”). Under the terms of the agreement, Gap has agreed to pay a fine of $200,000 and to implement corrective measures.
CASL in brief
Most of the provisions of CASL came into force in July 2014. Among other things, this law regulates the sending of “commercial electronic messages” (“CEM”) in Canada. A CEM includes any electronic message (i.e., sent by any means of telecommunication) which purpose is to encourage the recipient to participate in a commercial activity[1], including by emails, text messages and social media messages.
As a general rule, the law requires senders to obtain consent, express or implied, from recipients, unless an exception applies. Consent could be considered implied if, for example, the recipient has an ongoing business relationship with the sender (e.g., through the purchase of a product or service within the last two years)[2]. CASL also contains requirements regarding the content of certain CEMs. For example, in some cases, the law requires that a CEM includes: (i) information that identifies the sender; (ii) information that allows that person to be contacted; and (iii) an opt-out mechanism that complies with the provisions of CASL[3]. In this regard, opt-out mechanisms must be “easily performed”, i.e., they must be simple, quick, and user-friendly[4].
The CRTC has primary responsibility for ensuring compliance with CASL, which includes the power to investigate, take action against violators and impose administrative monetary penalties. Violations of CASL can result in a fine of up to $1 million per violation for individuals and $10 million per violation for corporations[5]. Directors and officers of an organization that violates the CASL may also be held liable[6].
The Gap case
In 2018, the CRTC issued a warning letter to Gap to inform the company that it had received complaints from Canadians about the company’s CEM practices. In June 2021, the CRTC launched a formal investigation as Canadians continued to file complaints about the matter. As a result of this investigation, the CRTC concluded that it had reasons to believe that Gap had sent CEMs to Canadians without their prior consent, and that these messages did not consistently include either an unsubscribe mechanism or an unsubscribe mechanism which could easily be performed. As a result, Gap proactively changed its marketing practices and agreed to a settlement with the CRTC.
Other precedents
The first CASL-based fine imposed by the CRTC initially resulted in a much larger fine than that imposed on Gap. Indeed, in March 2015, 3510395 Canada Inc. operating as CompuFinder (“CompuFinder”) was fined $1.1 million for sending CEMs without consent or a proper unsubscribe mechanism. In response, CompuFinder had denied infringing CASL and challenged its constitutionality. In 2017, the CRTC dismissed the constitutional challenges to CASL, and reduced the fine to $200,000, as this was CompuFinder’s first violation, that it had not benefited financially from committing the violations, that it had subsequently taken steps to improve its compliance with CASL, and that it was unable able to pay the original fine. In June 2020, the Federal Court of Appeal upheld CASL’s constitutionality and provided guidance on certain provisions of CASL, including on the business relationship exemption. In March 2021, the Supreme Court of Canada denied leave to appeal.
More recently, in March 2021, the CRTC imposed its most severe penalty on an individual, a fine of $75,000. The individual in question had sent more than 670,000 promotional emails without the consent of the recipients.
A few recommendations
CASL has a far-reaching scope and applies to any CEM sent from, or accessed from, a computer in Canada. As a result, businesses operating outside of Canada must also comply with CASL if they send CEMs to Canadians. Furthermore, the definition of a CEM is broad and subject to interpretation. As such, caution is advised, as beyond the hefty fines provided for by the law, reputational risks may also be significant. From a practical point of view, it is recommended that consents (where required) be carefully preserved, as the law places the burden of proving the existence of consent on the party claiming to have it. Where applicable, requests to unsubscribe and any unsubscription should also be preserved. Finally, it is advisable to establish and maintain an internal anti-spam policy, detailing, among other things, what a CEM is. Such policy should also describe the process for obtaining consents (where required), the steps to be taken in the event of an unsubscribe request, and the consequences of non-compliance with CASL. Any such policy should be brought to the attention of employees, and employees should be trained on a regular bas
© CIPS, 2021.
[1] Subsection 1(2) of CASL.
[2] Subsection 10(9) of CASL.
[3] Section 6 of CASL.
[4] CRTC, “Frequently Asked Questions about Canada’s Anti-Spam Legislation”, available online: https://crtc.gc.ca/eng/com500/faq500.htm.
5] Subsection 20(4) of CASL.
[6] Section 31 of CASL.