Canada Regulator Issues First Detailed Anti-Spam Ruling

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Peter Menyasz

Oct. 27 — Canada’s telecom regulator recently upheld a spam enforcement ruling against Blackstone Learning Corp. for sending 385,668 e-mails without consumer consent but lowered the fine from C$640,000 ($486,000) to C$50,000 ($38,000) after the company objected.

This first-ever detailed ruling under the anti-spam law provides insight for companies on how the Canadian Radio-television and Telecommunication Commission (CRTC) enforces the statute and implementing regulations, privacy professionals told Bloomberg BNA.

CRTC spokeswoman Patricia Valladao confirmed Oct. 27 that the ruling is the first by the commission on a notice of violation issued by the agency's chief compliance and enforcement officer that has subsequently been challenged by the company involved.

The ruling highlights that companies must keep details on each e-mail they acquire and to be prepared to prove that they meet the anti-spam law's consent requirements, David Fraser, a privacy partner with McInnes Cooper in Halifax, Nova Scotia, told Bloomberg BNA Oct. 27.

To be fully safe, a business would likely need a screen shot of every web page where it found an e-mail address to show how it obtained the address and prove that it didn't also carry a no-e-mail warning, Fraser said. “That's a little ridiculous and onerous, if you ask me,” he said.

The CRTC issued an administrative notice of violation in January 2015. The company objected and the regulator's Oct. 26 ruling confirmed that Blackstone violated Canada's Anti-Spam Law. The CRTC rejected Blackstone's argument that it had implied consent for the e-mails. Blackstone had several opportunities to provide evidence of how it specifically met the Act's requirements for implied consent for the nine e-mail campaigns it conducted, offering educational and training services to federal government employees, the CRTC said.

However, the regulator reduced the initial penalty after the company argued that the amount was unreasonably high.

Blackstone plans to appeal the ruling, a company spokesman told Bloomberg BNA Oct. 27.

More Clarity Needed

Unfortunately, the CRTC ruling doesn't discuss in detail how the regulator determines whether a company has met the law's requirement to demonstrate relevance of an e-mail to the individual's job function, Fraser said. “We would all benefit from some greater clarity on that,” he said.

Eloise Gratton, a privacy partner with Border Ladner Gervais LLP in Montreal and national co-leader of the firm's Privacy and Data Security Practice Group, agreed that many “grey areas” remain on interpreting that exception. It's unclear, for example, whether it would apply to e-mails sent to a lawyer by a sports event ticket promoter, assuming the lawyer might be interested in taking a client to a hockey game, or an airline wanting to promote business travel or a vendor of legal software, she said.

Fraser said a ruling by the Federal Court of Appeal in this and other cases would help in understanding how the anti-spam law should be enforced, Fraser said. “The more cases that go to court, the more clarity we're going to have.”

Gratton agreed that the ruling offers additional guidance for companies that rely on the conspicuous publication rule and on the regulator's approach to assessing penalties for e-mails sent without consent.

“It now confirms that organizations wishing to rely on this exemption have to do more than simply state that the e-mail addresses were available online,” Gratton told Bloomberg BNA.

Even collecting screen shots of each web page may not be enough, as no-e-mail statements can be added after the address was collected, and the address and the individual's role and function may change, Gratton said. “It may be quite burdensome for an organization to go back and monitor the page on which the email address was collected to ensure that the address published has not been modified each time that it wishes to send a commercial electronic message,” she said.

By Peter Menyasz

To contact the reporter on this story: Peter Menyasz in Ottawa at correspondents@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Jimmy H. Koo at jkoo@bna.com

For More Information

Text of the CFTC's ruling is available at http://www.crtc.gc.ca/eng/archive/2016/2016-428.htm.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.