A stricter regime for profiling07 June 2016
Canada's Anti-Spam Law: First CASL Enforcement Action Brings $1.1 Million Penalty
Earlier this month, the Canadian Radio-television and Telecommunications Commission’s (“CRTC’s”) Chief Compliance and Enforcement Officer issued a Notice of Violation and $1.1 million penalty to Compu-Finder for four violations of the Canadian Anti-Spam Legislation (“CASL”). Although Compu-Finder was apparently engaged in “flagrant” CASL violations, according to the Chief Compliance and Enforcement Officer, the CRTC also confirmed that it is assessing CASL complaints and that “a number of investigations are currently underway.” Therefore, organizations engaging with individuals located in Canada should review their communications and marketing practices for compliance under CASL and other applicable law.
As we detailed in our prior post, an organization must have consent to send commercial electronic messages (“CEMs”) to an email account, telephone account or instant messaging account. In addition, CEMs must include certain identification information and an unsubscribe mechanism. The law applies to messages whenever a computer system located in Canada is used to send or access the CEM. Certain exemptions and transition periods also apply. The potential liability for businesses under CASL is up to $10 million (Canadian).
According to the CRTC, Compu-Finder’s violations included sending unsolicited email – including business-to-business messages – and having a non-working unsubscribe link. The company also apparently “scoured” websites to find email addresses. The CRTC indicated that Compu-Finder’s actions were the source of more than 25% of all spam complaints.
Compu-Finder has 30 days from the Notice to submit written representations to the CRTC or pay the penalty, and it can also request additional consultation with the CRTC.
This entry originally appeared on March 23, 2015 on Hogan Lovells' Global Media and Communications Watch.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016