Email advertisements are a ubiquitous part of everyday life, and most people do not take the time to consider whether they’ve actually agreed to receive those emails or not. Although most people are content to let their junk mail folders fill up with advertisements for products and services they don’t desire, Canadian law prohibits sending promotional emails without the consent—express or implied—of the recipient.
Canada’s Anti-Spam Legislation (“CASL”) provides that for an enterprise to send marketing materials via e-mail, it must have the express or implied consent of the intended recipient. Where the recipient publicly posts their email contact information or engages in business dealings with the enterprise, consent can also be implied from their conduct. Non-compliance with CASL carries a possible maximum fine of $1,000,000 for individuals and $10,000,000 for organizations. Further, certain individuals can be found vicariously liable for non-compliance with CASL by an organization even if the CRTC chooses not to pursue the organization.
In Brian Conley, Re the Canadian Radio-Television and Telecommunications Commission (“CRTC”) imposed fines for non-compliance with CASL on the representative of a corporation for the first time, in the amount of $100,000. In this case, the former president and CEO of the nCrowd group of companies (“nCrowd”), an email coupon distributor, was charged with violating certain provisions of CASL after the CRTC received nearly 250 complaints regarding receipt of unsolicited marketing emails from nCrowd. nCrowd was also alleged to have violated provisions of CASL respecting the required unsubscribe option for online mailing lists. The company had purchased an email distribution list of almost two million email addresses for which there was no record of consent, express or implied, being received. The company took no further steps after purchasing the list to ensure that valid consent had been obtained to send marketing emails to the addresses.
The CRTC found that, on a balance of probabilities, the company had violated both the consent and unsubscribe provisions of CASL. CASL requires that organizations that send out marketing emails not only obtain consent, but also that the organization maintain records of how and when consent was obtained. This is essential for compliance with the legislation as there are also time periods after which consent expires and must be renewed for marketing emails to be sent lawfully. Since the company had taken no steps to verify that valid consent had been obtained from those on the acquired distribution list prior to or after purchasing it, and had not taken steps to obtain valid consent, the CRTC found that consent had not been established. Accordingly, marketing emails sent to those addresses were deemed to be contrary to the law.
The CRTC also found that the company had not met the requirements of CASL regarding the unsubscribe option. CASL requires that the unsubscribe feature be available to the recipient of a marketing email immediately upon receipt and that the link to unsubscribe must be available for use 60 days after receipt. CASL also requires that an unsubscribe request be processed within 10 days of the request being made and that the recipient of the marketing emails need not take further steps to unsubscribe. The CRTC found that, in several cases, the company’s unsubscribe links did not function, the requests were not processed within 10 days, or users were required to take additional steps beyond clicking on the link to unsubscribe. As a result, the CRTC found that the company failed to provide appropriate unsubscribe options to recipients of its emails.
The final and central question was whether or not the CEO of the company ought to be liable for violation of CASL. This was a particularly important question since the company itself had stopped operating prior to the commencement of the proceedings. CASL provides for liability where the director of an organization “directed, authorized, assented to, acquiesced in, or participated in the commission of the violation, whether or not the corporation is proceeded against”. In this case, given the CEO’s position in the company and the central role the marketing emails played in the business, the CEO was found to have at least acquiesced to sending communications to the emails on the list and, having been involved in the purchase of the email list, he would have been aware that no steps had been taken to ascertain whether consent had been received. The CRTC was unwilling to accept the argument that the CEO of a corporation would purchase a major asset one day and have no idea how that asset was deployed the next day. The CRTC therefore found that the CEO was liable for violating CASL and assessed a penalty of $100,000 against him.
Employers should note that the CRTC is willing to pursue complex violations of CASL, even after a corporation has ceased operating. As a result, organizations should review their policies and practices to ensure they are compliant relevant legislation, such as CASL. Organizations that stay on top of their obligations are far less likely to have compliance issues and can therefore avoid costly liabilities down the road.
Further, decision-makers should keep in mind that individuals, such as a corporation’s officers, directors, or agents can be found liable for a CASL violation if they directed, authorized, assented to, acquiesced in, or participated in committing the violation, as the CRTC found in this case. Therefore, ensuring CASL compliance is key for both an organization and its directing minds, who may find themselves liable for a violation by the company even after the company no longer exists.
This blog is provided as an information service and summary of workplace legal issues.
This information is not intended as legal advice.