Canadian Anti-SPAM Legislation
February 25, 2014
Introductions and Outline
• Canada Anti-SPAM Legislation (CASL)
•
•
•
•
Commercial Electronic Messages
Spyware / Malware
Penalties and enforcement
What do we do now?
CASL - Scope
• Three broad prohibitions:
• SPAM
>
Commercial electronic messages require consent
• Malware
>
Illegal to install any computer program without express
consent and means to remove
• Spyware
>
Illegal to install program that transmits data without express
consent and means to remove
CASL – Scope
• Three additional prohibitions:
• Message routing
>
Illegal to alter transmission data or to rout a
message to unintended destination
• Misrepresentations
>
Illegal to make false or misleading representations
in headers, subject lines, etc.
• Automatic collection
>
Illegal to automatically collect electronic addresses
What is “SPAM”?
What is “SPAM”?
• Unsolicited commercial electronic message
• Reasonable to conclude that one of the
purposes is to encourage the recipient to
engage in commercial activities
Commercial Electronic Messages
• s. 6 Prohibits sending a commercial
electronic message to an electronic
address unless:
• Recipient has consented – express, opt-in or
defined “implied consent” category
and
• Conforms with prescribed requirements
Identifies sender and contact information
> Unsubscribe mechanism (including www site)
>
Unsubscribe
Complete Exclusions
•
•
•
•
•
•
•
•
Personal or family relationship
Enquiry or application
Closed messaging systems
Fundraising messages from registered charities
Telco in providing transmission services
Enforce a legal right or due to legal obligation
Intra-organization
Inter-organization (if existing relationship)
Consent
• Express consent
• Purpose
• Identification of person seeking consent
• Implied consent
• Existing business relationship or non B-R
• Published electronic address without
disclaimer and related to capacity of recipient
• Referrals
“Existing Business Relationship”
• Implied consent where
• Engaged in commercial activity
• Existing written contract
within previous 2 years
“Non-Business Relationship”
• Implied consent if
• Made donation, gift, provided volunteer work,
member
• Prescribed by regulations
• In past 2 years
Consent Exclusions
•
•
•
•
•
•
Quote responding to request
Completes or confirms transaction
Provides warranty, recall or safety info
Provides factual info about ongoing use
Provides employment info
Delivers a product (incl. upgrades)
requested
Jurisdiction and Onus
• S. 6 prohibitions - CEM
• If message sent or received in Canada
• Person alleging consent has onus of proof
• The “problem” of proof
Competition Act
• CASL adds to existing Competition Act provisions
prohibiting false or misleading representations to
promote a business interest of the supply or use of a
product
• Numbering of Competition Act amendments is
particularly confusing
• Investigation/enforcement by Competition Bureau
• Bureau has sought and obtained sizeable fines in the
past for deceptive marketing practices
• e.g. $10m fine against Rogers for alleged misleading
advertising
Competition Act new s. 74.011
and s. 52.01
• prohibits representation that is false or misleading in a
material respect in electronic message
• prohibits false or misleading representation in
• sender information in electronic message
• subject matter information in electronic message
• locater
• look at general impression and literal meaning
• only first prohibition states “in a material respect”
• no “to the public” concept
• no concept of exception for consent or existing business
relationship
Competition Act:
Discussion Examples
• Subject Matter Information
• Fly Ottawa to Calgary for $299 return
• Lose 20 Pounds in 3 Weeks
• Our best sale of the year
• Exclusive Upgrade Offer
• Aggressive e-mail subject matter language poses risk to
senders
Practical Issues
• Are any existing consents still valid?
• How to get fresh consent
• Information management:
• what data / proof is required
• managing exclusions (i.e. business relationship)
• Message format compliance
• Vicarious liability
Enforcement
• Regulatory agencies:
• CRTC
• Competition Bureau
• OPC
• Spam Reporting Centre
• 2017: Private Right of Action
CRTC Enforcement Tools
• Purpose of the legislation is to promote
compliance, not punish
• Education will play a significant role, particularly
in the early stages
• Range of regulatory tools
• Letters of warning (not provided for in legislation)
• Administrative Monetary Penalties (AMPs)
• Undertakings (similar to consent agreements under
the Competition Act)
• Notice of Violation
CRTC Enforcement Powers:
AMPs
• Section 20
• Persons who contravene sections 6 to 9
are liable to pay AMPs
• Similar to scheme for violations of the
Unsolicited Telecommunications Rules
(including the Do-Not-Call-List provisions)
under the Telecommunications Act
CRTC Enforcement Powers:
AMPs
• Maximum penalty is $1M in the case of an
individual and $10M for any other person such
as a corporation
• Factors in determining amount include:
•
•
•
•
•
•
Purpose of penalty
Nature and scope of violation
History of previous violations
Financial benefits of the violation
Ability to pay
Whether voluntary compensation made
CRTC Enforcement Powers:
Undertakings
• Target can enter into undertakings with the
designated person
• No Notice of Violation (and hence AMPs) may
be issued if undertaking entered into and any
existing notice of violation is extinguished to the
extent of the undertaking
• Undertakings may include conditions and a
requirement to pay a specified amount
CRTC Enforcement Powers:
Notices of Violation
• Limitation period: 3 years
• Mandatory information set out in ss. 22(2)
• Target has 30 days to make representations to
CRTC
• If: (1) penalty is paid or (2) penalty is not paid
and no representations are made, target is
deemed to have committed the violation
CRTC Enforcement Powers:
Notices of Violation
• No liability if due diligence demonstrated
• Common law defences apply to any violation
• If representations are made, CRTC must decide
whether target committed the violation and, if so,
can confirm, reduce or waive the penalty, or can
suspend payment of the penalty subject to
conditions
• CRTC may also issue an order directing target
to cease contravening the provision(s) – s.26
Private Right of Action
2017: “Lights go out on Broadway”
• Persons affected can apply for compensation to
a court of competent jurisdiction
• Compensation:
• Actual damages
• Statutory damages
>
>
>
$200 per contravention of Section 6, not exceeding $1M per
day
$1M/day for contraventions of Sections 7 and 8
Same maximum amounts for person who aids or abets
contrary to section 9
Private Right of Action
• Statutory damages not available if
undertaking or notice of violation has been
issued
• Conversely, once private right of action is
commenced, no undertaking or notice of
violation can be made
• Due diligence and common law defences
available
• Class actions ???
What do we do now?
What do we do now?
1.
2.
3.
4.
Assess your electronic communications
Do you have consent?
Identify exclusions
Data management: assess and establish
systems to manage and preserve records
5. Prepare unsubscribe mechanisms
What to do cont’d…
6. Obtain consents required
7. Format CEMs
8. Content oversight
9. Staff education
10.Review and audit
Questions?
Discussion?
Sign up for BHT newsletters!!!
Go to: www.bht.com