Earlier this month, the Federal Court of Appeal (Court) dismissed CompuFinder’s appeal of two related compliance and enforcement decisions by the Canadian Radio-Television and Communications Commission (CRTC) under Canada’s Anti-Spam Legislation (CASL). The CRTC had fined the company $200,000 for breaching CASL’s requirements to: (1) obtain prior consent from recipients of its commercial electronic messages (CEMs); and (2) include in those CEMs an unsubscribe mechanism that could be readily performed.
This case is significant for several reasons. First, it addresses the constitutionality of CASL’s regulatory framework governing CEMs. Second, it provides insight into the meanings of the “business-to-business” exception from CASL’s consent requirements for CEMs, the “implied consent” provision, and the requirement for CEMs to have an effective unsubscribe mechanism.
Background: CompuFinder, a company that offered training services, sent 317 CEMs to various individuals in 2014 without first obtaining their express consent to receive the CEMs. The company received a Notice of Violation in 2015 indicating that it had violated CASL and was subject to a $1.1 million penalty. In proceedings before the CRTC later in 2015, CompuFinder challenged the constitutionality of CASL’s CEMs regime, the merits of the Notice of Violation, and the penalty amount. The CRTC rejected most of CompuFinder’s submissions, except for lowering the penalty to $200,000. CompuFinder appealed that decision.
Constitutional Rulings: We will spare you the details of the Court’s ruling on CompuFinder’s constitutional challenge, except to highlight the Court’s conclusions that:
- CASL falls within the scope of the Canadian Parliament’s trade and commerce power; and
- CASL’s infringement of section 2(b) of the Canadian Charter of Rights and Freedoms (Charter) is justified because the prevention of harm to Canada’s e-economy outweighs the effects of CASL on freedom of commercial expression.
We have summarized below the Court’s other key conclusions that we think will be relevant to our readers:
Business-to-Business Exception: CASL includes an exception from the pre-approval requirement for CEMs if:
- The CEM is sent from one employee of an organization to an employee of another organization;
- The CEMs concern the activities of the receiving organization (Relevance Requirement); and
- The two organizations have a relationship (Relationship Requirement).
CompuFinder had argued, in effect, that its CEMs satisfied the Relationship Requirement because it had previously contracted with the organizations whose employees received the CEMs to provide training to at least one of the organization’s employees. Therefore, it could send CEMs to any the organization’s employees without obtaining their prior consent. The Court disagreed with CompuFinder and agreed with the CRTC that contractual relationships involving a very limited number of transactions affecting very few employees do not constitute relationships for purposes of the business-to-business exception.
Conspicuous Publication/Implied Consent Exception: CASL provides that consent to receive CEMs can be implied if:
- The recipient has conspicuously published or caused to be conspicuously published their electronic address (Conspicuous Publication Requirement);
- The publication is not accompanied by a statement that the recipient does not wish to receive CEMs; and
- The CEM is relevant to the recipient individual or organization’s business, role, functions or duties.
The Court ruled that the CRTC did not err when it found that CompuFinder’s documentation, which included a table listing email addresses with links to where each address was found, did not satisfy the Conspicuous Publication Requirement. For example, some of the email addresses came from third-party directories that didn’t specify that the addresses were user-submitted. The Court also held that, in many situations, simply listing a recipient’s job title will not be enough to prove that the CEM is relevant to the person’s role, functions or duties.
Unsubscribe Mechanism: Some of CompuFinder’s CEMs had contained two “unsubscribe” links, one that worked and one that didn’t. The Court found no error in the CRTC’s conclusion that the existence of a faulty link meant that the CEM failed to satisfy the requirement to have an unsubscribe mechanism that could be “readily performed.” The Court noted that the existence of two alternatives, with no indication of which one is the correct one, could cause delay, as well as confusion and frustration if the non-functioning link was selected first.
Our Takeaways: Although this case concerned the provision of business-to-business training services, the Court’s ruling is relevant to a wide range of communications between representatives of organizations, including firms in the asset management sector. The Court’s ruling emphasizes the importance to firms of taking the technical requirements of CASL seriously, training their employees on those requirements, and substantiating any exception that the firm intends to rely upon. Breaching CASL could result enforcement action providing for significant penalties, a civil lawsuit, and/or unwelcome publicity. Please contact us if you would like to discuss the implications of this decision for your business operations or have us assist you with a review of your compliance program.
June 30, 2020