Earlier today, Andrea Rosen, Chief Compliance and Enforcement Officer at the CRTC and Lynne Perrault, Director – Electronic Commerce Enforcement Division, Compliance and Enforcement Sector of the CRTC, gave a talk to the ITAC Legal Affairs Forum in Toronto. The subject was the Commission’s plans for enforcement of CASL. Ryan Caron, manager of e-commerce enforcement from the CRTC participated by phone.
The following are some highlights from the talk.
- The CRTC has hired staff and has the capability to engage in computer forensics and cyber investigations. It is establishing a lab to aid in enforcement. The SPAM reporting centre will also be run out of the CRTC.
- The CRTC is using a partnership approach which includes reaching out to develop relationships including with non-profits, other regulators, and TSPs.
- The CRTC plans to take a measured enforcement approach. It will prioritize more egregious cases to be dealt with first. It is working to foster compliance as its primary goal. It will use a variety of tools including warning letters, negotiated settlements, and notices of violation.
- Success will be measured by a number of criteria. These include fostering compliance, changing Canada’s reputation as a SPAM haven, reducing infected devices, helping to establish voluntary codes and best practices, producing costs savings for business and consumers, increasing consumer protection, and enhancing confidence in electronic marketplaces.
- The CRTC published two Guidelines in October. There are more to come. The Commission has an “open door” policy and is willing to speak with interested persons. However, no specific consultations will be held and draft guidelines will not be circulated for comments before new guidelines are published. Guidelines may change over time. However, the two that were recently published are unlikely to be changed until after the CTRC has more experience with enforcing CASL. It may, however, issue FAQs to help clarify specific questions on guidelines.
- Lynne noted that CASL has the highest monetary penalties anywhere in the world for anti-spam/spyware legislation. The penalties are intended to be more than “business as usual” costs.
During the Q&A the representatives of the CRTC clarified a few important questions about the interpretation of CASL, the CRTC’s regulations, and guidelines including the following:
- The Guidelines are not intended to be mandatory. The use of the word “should” suggests methods of implementation that would be compliant; in some cases best practice. However, the Guidelines are not mandatory and compliance can be achieved in other ways.
- For example, in several instances, the Guidelines suggest that businesses could comply with the unsubscribe formalities by giving users the choice of unsubscribing from “All messages” from the sender. They noted that as CASL only regulates commercial electronic messages (CEMs), businesses do not need to offer message recipients an option to unsubscribe from all messages.
- Section 6(6) has also raised problems of interpretation. There had been some speculation that the word “solely” deemed all messages in the subsection to be CEMs to which the unsubscribe provisions of CASL applied. They clarified that s.6(6) only applies to messages that are CEMs. Accordingly, an electronic message such as a pure service message would not be subject to any of CASL’s formalities including its unsubscribe requirements merely because it might be listed as a category of message under s.6(6). However, if the service or other such electronic message also contains promotional or other information that would make it a CEM, then the unsubscribe provisions would apply.
- The CRTC views indirect promotional electronic messages (such as those that would be indirect promotional messages under the Do Not Call regime) to be CEMs.
The CRTC noted that the new Industry Canada regulations are expected out soon. There is a rumor that this may be as early as December 22.