No Spam by Thomas Hawk (CC BY-NC 2.0) https://flic.kr/p/y1JmD

No Spam by Thomas Hawk (CC BY-NC 2.0) https://flic.kr/p/y1JmD

Columns

CRTC, Competition Bureau Enforcement Actions Show Anti-Spam Law Has Teeth

As the launch of the Canadian anti-spam law neared last spring, critics warned that enforcement was likely to present an enormous challenge. Citing the global nature of the Internet and the millions of spam messages sent each day, many argued that enforcement bodies such as the Canadian Radio-television and Telecommunications Commission and the Competition Bureau were ill-suited to combating the problem.

My regular technology law column (Toronto Star version, homepage version) notes that in recent weeks it has become increasingly clear that the CRTC and the Bureau can enforce the law against companies that send commercial emails that run afoul of the new legal standards. Those agencies have completed three enforcement actions against Canadian businesses that point to the risks of millions of dollars in fines for failing to obtain proper consent before sending commercial messages, not granting users the ability to unsubscribe from further messages, or sending false or misleading information.

The first CRTC case involved Compu-Finder, a Quebec-based corporate training company that sent commercial emails without consent and without proper unsubscribe mechanisms. Their emails practices accounted for a quarter of the complaints in the sector received by the CRTC. In response, the company was hit with a $1.1 million penalty.

The CRTC concluded its second case last month, this time targeting Plenty of Fish, the popular online dating site. The Commission received complaints that the company was sending commercial emails without a clear and working unsubscribe mechanism. One of the key requirements in the law is that each commercial email contain an unsubscribe mechanism to allow recipients to opt-out at any time. Plenty of Fish agreed to settle the case by paying a $48,000 penalty and developing a compliance program to address its email practices.

While most of the anti-spam law enforcement attention has focused on the CRTC, the biggest case to date originates from the Competition Bureau. In March, it took action against Avis and Budget, two of Canada’s largest rental companies. The Bureau alleged that the companies engaged in false and misleading advertising when they failed to disclose numerous additional fees as part of their car rental promotions.

The misleading advertising was featured in several places, including email messages. The Bureau used the anti-spam rules, which contain new prohibitions against false or misleading commercial messaging, as part of its complaint. The case now heads to the Competition Tribunal, where the Bureau is seeking $30 million in penalties as well as customer refunds.

These cases confirm that the Canadian anti-spam law comes as advertised with tough penalties and enforcement agencies that will not hesitate to use it. However, it also suggests that solitary errors are unlikely to lead to investigations or fines. Rather, the CRTC examines the hundreds of thousands of complaints it receives from Canadians to identify trends and suitable targets for enforcement.

The cases have thus far focused on legitimate businesses that fail to comply with the law. That can be expected to continue, but the enforcement agencies must also turn their attention to the large spamming organizations that are still operating in Canada. According to Spamhaus’ Register of Known Spamming Organizations, five of the top 100 spamming organizations (responsible for 80 per cent of spam worldwide) are based in Canada.

Since the anti-spam law is premised on both improving the commercial email practices of legitimate business and shutting down Canadian-based spamming organizations, the CRTC should continue to work with businesses on anti-spam law compliance and also begin the process of wielding tough penalties to stop the groups responsible for clogging in-boxes with millions of unwanted messages every day.

7 Comments

  1. Aunty-Spam says:

    Selective enforcement is telling us that we shouldn’t bother reporting spam if *we* think it’s a small player because it’s a waste of our time. When nobody reports the spam, no pattern can be detected. This also gives carte blanche to the little guys because they know they’re above the law.

    The CRTC needs to send cease and desist letters to every spammer with an automatic fine on repeat offenders. Even $20 per violation adds up if you’re sending out thousands or millions of messages. Make it uneconomical for them. If the unpaid fines total > $10,000 (pick a number) then take them to court. This will only work with Canadian spammers I guess.

    As for unsubscribe links, I never click these unless I have initiated contact with the company first. For spammers who illegally initiate contact, it confirms that the spammer has reached a working email address. They probably sell that useful info back to all the other spammers. Unsubscribe links are useful when you have agreed to accept the email and then no longer wish to be a subscriber.

  2. I’m still skeptical. E-mail spam is not a very big problem any more. I say that from experience because I have many e-mail addresses and a number of them have been openly advertised on the net for some years now. I also think that the ones which are the biggest problem are ones targeting a small proportion of users who are particularly naive and vulnerable. This is indeed a problem, but I don’t think that fining companies within Canadian jurisdiction is going to have even the slightest impact on these.

    Perhaps this legislation is worth it, but I can’t ascertain if it is. My thinking is that all that money and effort could be better spent targeting education for naive and vulnerable users and also putting pressure on software vendors to improve the security of their products. In that regard I note that Microsoft is still putting out a product which is a virus magnet, but that they are not getting fined for this.