Starting next July, Canadians who feel they were spammed in violation of Canada’s Anti-spam Legislation (CASL) will be able to sue the companies that sent them the unwanted messages.
Canadian businesses are therefore being reminded that it’s not sufficient to just get the consent of the recipients of emails, e-flyers, newsletters and other electronic messages with a commercial nature. They must be able to produce records that prove they received that consent.
The Canadian Radio-television and Telecommunications Commission (CRTC) recently issued a reminder to businesses that they’re required to keep proper records of the consent they receive.
During investigation of complaints against Canadian companies for alleged CASL breaches, CRTC staff have found that some businesses are unable to prove that they received the consent of recipients to send them electronic messages.
Breaching CASL is no small thing, as some Canadian companies have already discovered. The law came into effect in July 2014, forbidding the sending of any electronic messages that have a commercial purpose, unless they have the consent of the receiver. Businesses that violate the law can face fines of up to $10 million, while individuals can be hit with a $1 million maximum penalty.
CASL was widely viewed by the business community as heavy-handed and onerous, because it went far beyond U.S. anti-spam legislation. It required all businesses to get either the expressed or implied consent of recipients to continue to receive things like newsletters and emails.
If a company had an ongoing business relationship with a client, for example, that could be deemed to be implied consent.
“But you also have to be able to prove that, and perhaps that’s the area where the CRTC is having more difficulty in proving that you’ve got the existing relationship,” said Chris Bennett, a lawyer with DLA Piper (Canada) LLP.
If a company received expressed consent from a client, via email, for example, there should be some electronic record of it. But it appears some companies may not have been keeping good records.
When CASL was introduced, the CRTC said it wouldn’t be heavy-handed with fines. It said it would focus initially on education, rather than enforcement, and that it was the genuine spammers who would be targeted, not legitimate businesses that may have inadvertently run afoul of CASL.
But several of the businesses that have been fined are large, mainstream companies, like Rogers Communications Inc. (TSX:RCI) ($200,000), Porter Airlines ($150,000), Plentyoffish Media Inc. ($48,000) and Kellogg Canada Inc. ($60,000).
That large companies like Rogers have run into trouble with CASL has caused small businesses with limited staff to worry that they might not have done their due diligence in keeping proper consent records.
“What we’ve seen is that they’ve really been focusing on enforcement,” Bennett said. “This is a potentially large liability and it’s not theoretical because the CRTC has been enforcing the legislation. And in particular – I think this is the thing that is going to surprise some businesses – the CRTC has been focusing on legitimate Canadian businesses: Rogers, Porter Airlines, Plentyoffish.
“The enforcement actions are really with companies that do business in Canada. They’re not with Nigerian prince schemes off in other countries.”
The CRTC has published an online guide for businesses needing a better understanding of how to get consent and keep proper records. The guide includes this reminder of CASL’s Catch-22 clause – that it is illegal to ask someone for consent by email unless you already have it.