There’s no denying that the CASL fines issued so far have sent a shiver through the spines of marketers everywhere. The CRTC has made it clear since the law first came into force that they fully intend to enforce this legislation. Who they will target and how they will determine liability remains a closely guarded mystery.
Let’s look at the fines issued to date.
*This article was most recently updated Dec 2, 2016
March 5, 2015 | Compufinder | $1.1 Million
CASL’s first fine against Compufinder alleges the company “flagrantly violated the basic principles of the law” and subsequently refused to cooperate with the CRTC investigation. The emails in question promoted various training courses to businesses, often related to topics such as management, social media, and professional development.
The CRTC has also shared that the company was named in close to 26% of all complaints they received immediately after the law came into force. The fine was issued for sending email without consent and sending email in which the unsubscribe function did not work properly.
The finding seems to indicate that the CRTC intends to enforce a narrow interpretation of implied consent. Specifically, the implied consent exception that exists in a business to business communication where the email has been provided to the sender; the content of the email is relevant to the business of the company and the role of the individual within that company. The judgment also flags a narrow interpretation of the grandfather period for businesses who may not have proof of consent prior to CASL.
March 25, 2015 | Plentyoffish Media Inc. | $48,000
The second CASL fine came as more of a surprise. It was issued against Vancouver company, Plenty of Fish. The popular online dating site sent commercial emails only to the people who had signed up for a membership in the POF community. In other words, to the consumers of it’s services who had voluntarily provided an email address at the time of sign up.
Plenty of Fish was found non-compliant because, although there was an unsubscribe mechanism available in every email message the company sent, it was not easy enough to use, took too much effort to complete, and was not prominently enough displayed within the email’s creative.
The POF case makes it clear that businesses cannot rely on an existing business relationship to stay on the safe side of CASL. It also reveals that a working unsubscribe may not be enough. You must also take pains to make that process as easy and unfettered as possible.
This judgment also makes it clear that the unsubscribe mechanism in your emails must be big, bold, and visible. Finally, this case sends a warning to all businesses that the fines will be substantial, regardless of your level of cooperation. It is the first time we see any indication of what is involved in an undertaking and the importance of training and education, written CASL policies, and business systems restructuring.
June 29, 2015 | Porter Airlines | $150,000
Porter Airlines agreed to an undertaking with the CRTC and the payment of a $150,000 fine. The CRTC explicitly expresses the cooperative approach of the company and the immediate action taken to rectify the errors once identified. In this case, the fine was issued as a result of an unsubscribe butoon that was either missing or not prominently or clearly set out. Some emails did not contain the required contact information, and in some cases, requests to unsubscribe were not honoured within ten business days. There was also an inability to prove consent for members of the list, but no detail was provided as to what proof of consent is required and what companies are expected to do that have been running an email marketing program over a period of more than a decade without the obligations of CASL to consider.
Apart from reinforcing the lessons of the previous cases, the Porter Airlines case adds a few new CASL takeaways:
- CASL violations are likely to involve substantive monetary penalties, regardless of the existence of significant mitigating factors – including things often taken into consideration in court such as level of cooperation, no prior complaints, proactive measures taken, etc.
- Having a working unsubscribe is critical. Check your unsubscribe links each and every time you send.
- Make sure the people operating your email program are trained professionals who understand your obligations under the legislation, have a solid process for managing your campaigns and are vested in keeping you compliant.
- Canadians are not apathetic about reporting spam. In fact, they’re happy to click a link and complain.
- Businesses of all sizes are expected to comply equally and the CRTC has focused it’s early enforcement actions on smaller and mid-size businesses that are unlikely to have large marketing departments filled with seasoned, experienced professionals.
Nov 20, 2015 | Rogers Media Inc. | $200,000
Fined due to a faulty unsubscribe mechanism similar to Porter Airlines, the CRTC found Rogers Media Inc. (Rogers) guilty of sending commercial electronic messages (CEM) that:
- did not have an unsubscribe mechanism in place;
- had a faulty unsubscribe mechanism in place, or;
- did not provide an electronic address for the purposes of unsubscribing.
Additionally, Rogers was found guilty of not acknowledging unsubscribe requests within the established 10 business day window.
In addition to the monetary fine, Rogers was also charged with reviewing their compliance and training programs for their employees. They were to also ensure that any third-party service provider they use adhere to CASL legislature.
What is bothersome about this case is that even in the official notice, the CRTC only hints at what Rogers did wrong. The above list has an “or” for a reason; the CRTC did not specifically detail exactly what action Rogers failed to take. They merely provided a list of offences which Rogers may or may not have been guilty of committing. While this list is great as a reminder for how an unsubscribe button should work, it does not outline how the fine is broken down if at all.
As learned in the Porter Airlines undertaking, the Rogers ruling underscores the necessity of verifying the function of your emails before they are sent. It cost the company $200,000 because not only was there no unsubscribe button on their emails, but once it was implemented it didn’t work as intended. This stresses the importance of rigorous testing of email campaigns before they are sent. It also proved that even global companies operating in Canada are not above CASL’s reach.
Sept 1, 2016 | Kellogg Canada Inc. | $60,000
CASL’s fine against Kellogg Canada Inc. (Kellogg) found the company guilty of sending messages to recipients without express or implied consent. In the same vein as the Rogers ruling, Kellogg agreed to update their existing compliance program within a specified but undisclosed amount of time.
It is apparent that the primary cause of concern for the CRTC was that while Kellogg may “allegedly” have had consent, it was unable to provide a record of it. This stresses the importance of a company’s poor record-keeping causing their downfall. While $60,000 may not seem like much by comparison to previous cases, it is important to note that the previous cases did not deal with the issue of implied consent. Rather, Compufinder was a case of sending flagrant spam, and the cases of Plenty of Fish and Porter Airlines centered on the issue of unsubscribe mechanisms. Given what little was determined in terms of what is required to obtain implied consent, we imagine we will be seeing similar cases in the future.
Oct 26, 2016 | Blackstone Learning Corp. | $50,000 (reduced from $640,000)
Blackstone Learning Corp. (Blackstone) was found guilty of being unable to provide adequate proof of the implied consent of its email recipients. The company provides online learning services for government and non-profit bodies, and could not prove implied consent for the 9 campaigns that targeted government and municipal employees of which their emails were found on publicly accessible websites without “do not contact” notation attached. While initially uncooperative, Blackstone was able to reduce their fine after it provided unaudited financial statements that proved the initial fine would have been equal to several years of the company’s revenue.
Like the Kellogg case, the company was unable to provide adequate proof of implied consent. However, the case provided a number of “firsts” in CASL rulings:
- it was the first time an appeal had been made;
- it was the first time an AMP had been reduced, and;
- it was the first time that the definition of implied consent has truly been tested.
Based on the ruling, the CRTC needs to provide clearer guidelines for businesses on exactly what it expects out of a record of implied consent. Do we need to provide time-stamped screenshots of each address when we find it? Even if we do, how do we know that the CRTC will accept the form in which we create our records? Unfortunately for us, this case leaves many asking more questions than it answered.
The Last Word
Canada doesn’t actually have much of a problem with pure spammers. In fact, less than 3% of the spam worldwide actually comes from Canada. And the much touted “37% reduction in Canadian spam” amounts to less than 1% of the spam Canadians actually receive. Sending spam is just so… impolite and unCanadian.
That leaves unwanted emails received from businesses that have somehow gotten a hold of our email address. And that’s where enforcement action is publicly visible. So far, every fine issued has been against a legally operating business engaged in marketing legitimate products and services. And the message is clear – business in Canada cannot afford to run their email programs off the side of the desk, nor delegate their management to inexperienced staff.