Canadian Anti-Spam Laws have Teeth
March has been a big month for anti-spam enforcement by the CRTC.
On March 5th, CRTC issued a fine to Compu-Finder, a Quebec company, for $1.1 million, the largest such fine since Canada’s Anti Spam Law (CASL) was put in lace. The company was cited for multiple violations of the law, including sending emails to users without consent, and without providing an unsubscribe mechanism. The company was a repeat violator, and accounted for more than a quarter of all the complaints received by the CRTC for its industry group
Closer to home, on March 25th, Vancouver dating website PlentyofFish paid $48,000 fine under the same law. Their violation was sending out emails to users without a functioning unsubscribe mechanism, as required by the law, over a 4-month period in 2014.
These fines mark some of the first penalties issued under the law, which took effect on July 1, 2014. On implementation of the law many wondered how effective practical enforcement would be, and through these penalties the CRTC is making their point clear: Anti-Spam laws have teeth – and the CRTC is ready to bite.
So, it’s a good time to be reminded of what exactly the law requires. Some of the main activities prohibited by the law are:
- Sending commercial electronic messages without the recipient’s consent (permission) – whether sms, email, social media or otherwise.
- Sending commercial electronic messages without a valid unsubscribe mechanism (it’s important to remember this requirement applies even if you have consent for sending the message from the recipient).
- Installing computer programs on a user’s computer without the recipient’s consent or permission.
- Promoting products or services with false or misleading statements.
- Collecting certain personal information such as email addresses, in violation of federal privacy laws.
In addition to avoiding any of the above activities, here are some tips to ensure you don’t experience the CRTC bite:
- Do not send commercial electronic messages or interface with a person’s computer without the recipient’s consent.
- Include a clear unsubscribe mechanism on all commercial electronic messages you send.
- Ensure your data collection policy is compliant with federal laws.
Every business is unique and the unique practices of your business calls for a specific understanding of how CASL may apply. If you are engaged in any of the activities discussed in this article, ensure that you have discussed strategy with a lawyer.
This article was co-authored by technology lawyers Geoff Dittrich and Marius Adomnica. Contact one of them today to discuss this topic further.