As the launch of the Canadian anti-spam law neared last spring, critics warned that enforcement was likely to present an enormous challenge. Citing the global nature of the Internet and the millions of spam messages sent each day, many argued that enforcement bodies such as the Canadian Radio-television and Telecommunications Commission and the Competition Bureau were ill-suited to combating the problem.
My regular technology law column (Toronto Star version, homepage version) notes that in recent weeks it has become increasingly clear that the CRTC and the Bureau can enforce the law against companies that send commercial emails that run afoul of the new legal standards. Those agencies have completed three enforcement actions against Canadian businesses that point to the risks of millions of dollars in fines for failing to obtain proper consent before sending commercial messages, not granting users the ability to unsubscribe from further messages, or sending false or misleading information.
The first CRTC case involved Compu-Finder, a Quebec-based corporate training company that sent commercial emails without consent and without proper unsubscribe mechanisms. Their emails practices accounted for a quarter of the complaints in the sector received by the CRTC. In response, the company was hit with a $1.1 million penalty.
The CRTC concluded its second case last month, this time targeting Plenty of Fish, the popular online dating site. The Commission received complaints that the company was sending commercial emails without a clear and working unsubscribe mechanism. One of the key requirements in the law is that each commercial email contain an unsubscribe mechanism to allow recipients to opt-out at any time. Plenty of Fish agreed to settle the case by paying a $48,000 penalty and developing a compliance program to address its email practices.
While most of the anti-spam law enforcement attention has focused on the CRTC, the biggest case to date originates from the Competition Bureau. In March, it took action against Avis and Budget, two of Canada’s largest rental companies. The Bureau alleged that the companies engaged in false and misleading advertising when they failed to disclose numerous additional fees as part of their car rental promotions.
The misleading advertising was featured in several places, including email messages. The Bureau used the anti-spam rules, which contain new prohibitions against false or misleading commercial messaging, as part of its complaint. The case now heads to the Competition Tribunal, where the Bureau is seeking $30 million in penalties as well as customer refunds.
These cases confirm that the Canadian anti-spam law comes as advertised with tough penalties and enforcement agencies that will not hesitate to use it. However, it also suggests that solitary errors are unlikely to lead to investigations or fines. Rather, the CRTC examines the hundreds of thousands of complaints it receives from Canadians to identify trends and suitable targets for enforcement.
The cases have thus far focused on legitimate businesses that fail to comply with the law. That can be expected to continue, but the enforcement agencies must also turn their attention to the large spamming organizations that are still operating in Canada. According to Spamhaus’ Register of Known Spamming Organizations, five of the top 100 spamming organizations (responsible for 80 per cent of spam worldwide) are based in Canada.
Since the anti-spam law is premised on both improving the commercial email practices of legitimate business and shutting down Canadian-based spamming organizations, the CRTC should continue to work with businesses on anti-spam law compliance and also begin the process of wielding tough penalties to stop the groups responsible for clogging in-boxes with millions of unwanted messages every day.