Canada Private Spam Suit Delay Leaves Regulatory Fines in Play

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jeremy Hainsworth

The indefinite postponement of an individual right to sue in Canada over spam doesn’t eliminate the regulatory compliance risks for U.S. companies, privacy professionals tell Bloomberg BNA.

Canada June 7 postponed the July 1 effective date for an anti-spam law provision that would have given individuals the right to sue U.S. companies over commercial electronic messages targeting Canadian consumers. However, Canadian regulators can still go after foreign companies.

Spam aimed at Canada is subject to Canadian law, the privacy pros said. Even in the absence of an individual right to sue, U.S. companies should be aware of perils presented under Canada’s anti-spam legislation (CASL) and perform due diligence to avoid regulatory prosecutions, they said. Fines are high, and the Canadian Radio-television and Telecommunications Commission (CRTC), which enforces the law, is strong, the pros said.

Still, “It’s definitely not as scary as it would have been with the private right of action in effect,” Shaun Brown, privacy partner at Ontario-based law firm nNovation LLP, told Bloomberg BNA June 9.

The CASL provides that corporate officers, directors, and agents may be held personally liable if they directed, authorized, acquiesced, or participated in the commission of a violation. The legislation provides for either actual damages or statutory damages of C$200 ($149) per violation, up to a maximum of C$1 million ($749,300) per day for individuals and C$10 million ($7.5 million) per day for corporate entities.

In March 2015, the CRTC levied a C$1.1 million ($880,000) fine against training marketer Compu.finder Inc. for sending commercial electronic messages to businesses without their consent and for failing to provide a properly functioning mechanism to unsubscribe.

Compliance Advice

CRTC spokeswoman Sujata Raisinghani told Bloomberg BNA that the CASL applies to companies located abroad “whether it’s India or the U.S.,” as long as the alleged spam is aimed at Canada.

Companies can avoid legal action if messages are purely informational in nature, aren’t intended to be accessed in Canada, solely consist of political content, or are sent to people or entities with whom the sender has a pre-existing relationship, privacy pros said.

The law applies not only to traditional messages but to installing applications on computers, Michael Fekete, chairman of Osler, Hoskin & Harcourt’s technology practice group in Toronto, told Bloomberg BNA.

Companies should consult local legal counsel, perform due diligence regarding messages they send directly or through third parties, create company consumer messaging policies, and educate staff about CASL provisions, he said. Also, they “need to have detailed records for consent to send electronic messages or install a computer program,” Fekete said.

However, the exemptions under the law aren’t clear, and companies should look to CRTC-issued corporate compliance guidelines, he said.

The Innovation, Science and Economic Development Canada agency said the government will ask a parliamentary committee to review the legislation.

To contact the reporter on this story: Jeremy Hainsworth in Vancouver at correspondents@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security