On November 8, 2021, the CRTC released its bi-annual CASL Enforcement Report, which reports that over 154,406 complaints (5,939 per week) were submitted to the Spam Reporting Centre (SRC) between April 1 and September 30, 2021. Of these complaints, 88% reported that the sender did not have consent and 71% reported that the electronic communication were related to affiliate marketing or legitimate businesses selling or promoting the sale of a good or service. In our experience, these compliance errors, particularly non-compliant CASL consents, are common among organizations involved in digital marketing.
The CRTC’s latest bi-annual report indicates that the year-to-date number of complaints to the SRC increased by 9.6%, 2.4% and 18.8% during the same period in 2020, 2019, and 2018, despite the CRTC’s increased efforts to counter spam in Canada and abroad.
Overview of CASL
Canada’s federal anti-spam legislation (CASL) came into force in 2014 to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means (e.g., spam via emails, texts and other types of electronic communications) to carry out commercial activities. In this regard, section 6 of CASL prohibits sending commercial electronic messages without a recipient’s prior express or implied consent. CASL also includes a number of exceptions from the consent and identification requirements. Regardless, senders have the onus of proving consent (see: Anti-Spam (CASL) FAQs).
Since CASL came into force seven years ago, Canadian companies, associations and other organizations have found effective CASL compliance to be challenging. We have helped many clients comply with the consent, implied consent, sender identification, unsubscribe and other requirements of CASL (including business related exemptions and documenting consent).
Recent CRTC CASL Enforcement
Canada’s CRTC is responsible for enforcing CASL and has achieved some success in recent years. According to the CRTC’s website, between 2014 and 2017, Canada went from being home to seven of the world’s top 100 spamming organizations to only two. In March 2021, the CRTC issued its largest ever penalty of $75,000 to an individual, Scott William Brewer, for allegedly sending over 670,000 emails without the consent of recipients. By October 2021, the CRTC had issued more than $1.4 million in total penalties or negotiated undertakings.
Despite these enforcement gains, the number of complaints to the SRC has increased since 2018.
Domestic and International
CRTC Enforcement Efforts
The CRTC has engaged in a number of domestic and international initiatives to counter spam. These have included outreach initiatives, including virtual engagement activities with companies, associations and organizations to raise awareness and social media, webinars, podcasts and educational videos (e.g., on YouTube) on how to comply with Canada’s electronic marketing rules.
The CRTC has also entered into global partnerships to promote international spam enforcement cooperation, including the Unsolicited Communications Enforcement Network, which is comprised of members from 26 countries.
The CRTC’s Chairperson, Ian Scott, also recently stated in his speech on November 15, 2021, that the CRTC is considering broadening the use of technologies to counter spam. For example, SHAKEN technology will become a mandatory condition of service for telecommunications service providers on November 30, 2021, which will facilitate authenticating and verifying caller ID information for Internet Protocol-based voice calls. The CRTC is also currently reviewing an application from Bell Canada to implement new technologies to permanently block calls that are confirmed as fraudulent from the company’s network.
In his recent remarks, the CRTC’s Chairperson also underscored that the fundamental obligations imposed by CASL, notably CASL-compliant consents, remained a top enforcement priority.
Implications
The CRTC’s recent Enforcement Report and remarks by its Chairperson both make it clear that the CRTC continues to consistently enforce CASL, particularly in relation to the core obligations set out by the legislation (i.e., consent, sender identification, unsubscribe mechanisms and documenting consent).
According to the CRTC’s Chairperson, while the CRTC continues to enforce CASL to counter unsolicited marketing e-mails and text messages, the CRTC’s focus has also now expanded to include protecting Canadians from more harmful activities that expose their personal data to theft. Recent technology-focused enforcement efforts and legislation reflect the shifting landscape of digital threats to consumers posed by spam.
More broadly, CASL continues to play a fundamental role in helping businesses stay competitive in a global and increasingly digital marketplace. For example, according to Statistics Canada, retail e-commerce has steadily increased since the onset of the COVID-19 pandemic.
While it remains to be seen how effective the CRTC’s newly expanded enforcement efforts will be to mitigate spam, including the introduction of new technology, protecting Canadian individuals and businesses from digital marketing malpractices, including spam, will likely gain importance as the use of e-commerce and digital marketing continues to increase.
********************
Tips For Complying With
CASL (Canadian Anti-Spam Law)
Canada’s federal anti-spam legislation (CASL) came into force in 2014. Since then, electronic marketers and their advisors have been working to comply with what remains a complex law with outstanding uncertainties in some key areas. Having said that, many of the core requirements of CASL are not overly difficult to comply with (though continue to be misunderstood in many cases).
The following are some key legal tips for complying with CASL:
Express Consent. If you cannot rely on any category of implied consent (e.g., an existing business relationship within two years of a purchase) or a CASL exemption, ensure that you have collected and documented express consent from recipients. Express consent requests must include all of the information set out in CASL and its regulations otherwise the consent will not be valid. Failure to correctly collect consent is the most common CASL compliance error we see and a key basis for CRTC enforcement. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.
Implied Consent. If you are relying on one or more categories of implied consent to send commercial electronic messages (CEMs) (e.g., an existing business relationship within two years of a purchase or six months of a product inquiry) ensure that all of the requirements of the particular type of implied consent are met. Remember that there is not a single blanket type of implied consent under CASL; rather, there are many different types of implied consent each with their own specific requirements. Also, as with express consent, CEMs that rely on implied consent must still include the prescribed sender identification information and unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.
Consent For Third Parties To Send CEMs. Under CASL, consent to send CEMs can be requested for a sender themselves, identified third parties (or multiple identified third parties) or unidentified third parties (i.e., entities whose identities are not yet known when consent is requested). Importantly, however, each type of consent request has specific requirements for the request and, in the case of consent requests on behalf of unidentified third parties, somewhat complex additional requirements. The failure of marketers to correctly request consent for third parties (e.g., partners, affiliates, co-sponsors in promotions, etc.) is another CASL-related error that we regularly see. For more information, see: Anti-Spam Law (CASL) FAQs and Canadian Anti-Spam (CASL) Precedents.
CASL Exemptions. Similar to implied consent, there is no single exemption from CASL but many types of exemptions. If you are relying on a particular exemption (e.g., the “business-to-business” exemption) it is important to ensure that all of the requirements of the exemption are met. Importantly, there is little or no case law interpreting many CASL exemptions. This means that there there may be more risk when relying on an exemption than express consent. Express consent is the strongest type of consent under CASL, considering that it does not expire unless a recipient unsubscribes.
Passive Consents. Remember that under CASL express consent or a category of implied consent is generally required to send CEMs unless a CASL exemption applies. As such, passive types of consents (e.g., language in general terms and conditions) will likely not be CASL compliant unless a sender does not need express consent (i.e., can rely on a category of implied consent or a CASL exemption).
Sharing Lists With Third Parties. Consider the potential risks of sharing e-mail or other electronic marketing lists with third parties. While this is certainly possible under CASL, marketers should be aware that there are specific requirements that must be met depending on who a list will be shared with (e.g., to expressly identify third parties with whom consent is being gathered on behalf of, including their contact information and other requirements for unidentified third parties). Marketers should also be aware that there is also potentially not only risk if they themselves violate CASL (e.g., send CEMs without consent), but also if they assist third parties that violate CASL. As such, it is often prudent for marketers that want to share electronic marketing lists with third parties to ensure that they have list sharing agreements in place with parties with whom they share e-mails. For more information, see: Anti-Spam Law (CASL) FAQs, Anti-Spam (CASL) Compliance Errors and Canadian Anti-Spam (CASL) Precedents. See also: Influencer, Co-Sponsor and List Sharing Agreements.
Sender Identification Information. Ensure that all CEMs include the prescribed sender identification information required by CASL unless an exemption applies. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.
Unsubscribe Mechanism. Ensure that all CEMs include a CASL-compliant unsubscribe mechanism. For more information, see: Anti-Spam Law (CASL) and Anti-Spam Law (CASL) FAQs.
Document Consent. Under CASL, the onus is on senders of CEMs to document consent. As such, it is important to document the type of consent (express or implied) or exemption being relied upon, evidence of consent (e.g., subscription logs, forms, dates and names/e-mail addresses), divide lists according to the type of consent or exemption being relied upon and to scrub lists after recipients have unsubscribed or the relevant time period for a category of implied consent has expired (e.g., two years after a purchase). Failure to adequately document consent is another CASL-related compliance error that we regularly see, including not documenting consent at all, not segregating distribution lists and inadequately documenting consents or types of implied consent. For more information, see: Anti-Spam Law (CASL), Anti-Spam Law (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.
CASL Compliance Program. Consider adopting a CASL compliance program, particularly if electronic marketing is a core aspect of your marketing strategy. The CRTC has issued guidance on CASL compliance programs including key recommended elements. For more information, see: Anti-Spam (CASL) Compliance and Canadian Anti-Spam (CASL) Precedents.
CASL and Specific Types of Promotions. Care should be taken in relation to specific types of promotions under CASL. Just one of many examples is friends and family type promotions (e.g., contests where entrants can gain more entries by sharing with or tagging a friend or family member). While there is an exception to the unsolicited CEMs section of CASL (section 6) for messages sent to a person with whom the sender has a personal or family relationship, these terms are narrowly defined. For example, “family relationship” is limited to spouses, common-law partners and parent-child relationships. “Personal relationship” is defined in a multi-factor and case-by-case fashion such that it is often impractical to rely on this exception for any broad “friends and family” type promotion. Marketers should also be aware that there is potential risk for both themselves and their clients in running friends and family type promotions if they cannot meet the specific definitions of “family relationship” and/or “personal relationship” under CASL for a promotion. For more information, see: Anti-Spam (CASL) Compliance Errors and Running a Friends-and-Family Promotion in Canada? Cruel, Cryptic CASL Strikes Again.
____________________
SERVICES AND CONTACT
I am a Toronto competition/antitrust lawyer and advertising/marketing lawyer who helps clients in Toronto, Canada and the US practically navigate Canada’s advertising and marketing laws and offers Canadian advertising/marketing law services in relation to print, online, new media, social media and e-mail marketing.
My Canadian advertising/marketing law services include advice in relation to: anti-spam legislation (CASL); Competition Bureau complaints; the general misleading advertising provisions of the federal Competition Act; Internet, new media and social media advertising and marketing; promotional contests (sweepstakes); and sales and promotions. I also provide advice relating to specific types of advertising issues, including performance claims, testimonials, disclaimers, drip pricing, astroturfing and native advertising.
For more information about my services, see: services
To contact me about a potential legal matter, see: contact
For more regulatory law updates follow me on Twitter: @CanadaAttorney