Third instalment in a series.
If you are weary of receiving requests to stay on or get on mailing lists from Canadian companies, don't worry – it should stop in a few days.
In fact, it must stop by July 1, because after that, companies that send emails asking for your express consent to receive emails, newsletters and other commercial messages could be violating Canada's Anti-Spam Legislation (CASL), which explains why Canadians may be receiving a blizzard of requests now.
“Running up to July 1, what this law has done, in a sense, is generated more spam,” said David Elder, a lawyer with Stikeman Elliott LLP.
“I think it's a problem because I think people are experiencing a kind of consent fatigue. Consent rates have tended to be fairly low. I think this is going to have the effect of potentially reducing the potential contact database that Canadian businesses have enjoyed.”
Elder said he is hearing anecdotally that in some cases fewer than 10% of Canadians are giving consent to stay on mailing lists.
Starting July 1, when CASL goes into effect, companies that send commercial electronic messages (emails, text messages, direct messages on social media) without implied or express consent, could face astronomical fines.
The maximum fine for a corporation is $10 million. That's 25 times more than Canadian National Railway Co. (TSX:CNR) was ordered to pay in 2009 ($400,000) for the 2005 chemical spill in the Cheakamus River that killed an estimated 500,000 fish. Individual fines can be as high as $1 million.
For the next three years, administering the new law and levying fines will be largely up to the Canadian Radio-telecommunications Commission (CRTC), although the Office of the Privacy Commissioner and Competition Bureau will also be able to levy penalties.
Starting in 2017, citizens will have the right to bring a private action seeking damages, expenses plus up to $200 per message, up to a maximum of $1 million, per day.
“While damages for individual contraventions of CASL are relatively minor under the private right of action, this remedy lends itself to class-action lawsuits which can lead to substantial total claims,” according to the new guidebook Internet Law Essentials: Canada's Anti-Spam Law.
Officers and directors of companies can be held personally liable, and employers are liable for the acts of their employees.
Should a complaint be lodged against a company for violating CASL, the best defence is being able to demonstrate that a business at least made efforts to comply, said Andrew Aguilar, a lawyer with McMillan LLP, and co-author of the guidebook.
“Companies should be really focusing on the due diligence defence,” he said. “If you have a properly thought-out plan, and that plan has been reviewed at the director level, even if one of the underlings makes a mistake and sends out an email to a million people that's incorrect, you could fall back on that defence.”
It also will help to keep good records. For example, should someone launch a complaint, even though he or she gave consent to be contacted but forgot, businesses will want to be able to produce some form of record, such as an email, proving the consent was received.
When it goes into effect, CASL will be enforced by the CRTC through a complaints system. Citizens will be able to launch complaints through the website fightspam.ca.
Denis Carmel, a spokesman for the CRTC, said that some businesses found to be violating CASL may be given warning letters instead of fines for minor contraventions of the new law.
But for the true spammers and companies in Canada that propagate malware or other unwanted software, the CRTC has proven that it can come down hard when given the legal ability to do so.
A similar law for telemarketers – the Do Not Call List – has netted violators fines as high as $1.3 million, Elder said.
Read the other stories in this series: