Canada: Federal Court Defends CASL, Says Prohibition On Spam Is Constitutional

On June 5, 2020, the Federal Court of Appeal released its decision in 3510395 Canada Inc. v. Attorney General (Canada) ("CompuFinder")¹ dismissing the appeals raised by 35103956 Ontario Inc., operating as CompuFinder, in respect of two decisions of the Canadian Radio-Television and Telecommunications Commission (the "CRTC"). Specifically, CompuFinder appealed the CRTC's decision dismissing its constitutional challenge to Canada's Anti-Spam Legislation ("CASL").²

The decision is significant because it establishes that CASL's provisions relating to the regulation of "commercial electronic messages" ("CEMs") are constitutional and because it provides some guidance on the application of the business-to-business exemption, the conspicuous publication exemption, and the unsubscribe mechanism requirements.

Background

CASL was enacted in 2010 and provides for the regulation of certain forms of commercial conduct relating to e-commerce, including the sending of CEMs. To this end, Section 6 of CASL prohibits the sending of CEMs unless the intended recipient has consented to receiving them, whether the consent is express or implied, and the message identifies the sender, sets out the sender's contact information and includes an unsubscribe mechanism to allow recipients to withdraw consent.

As defined in CASL, a CEM is an electronic message that can reasonably be considered to have as one of its purposes encouraging participation in a commercial activity. The purposes of the message may be discerned from, among other things, the content of the message or any hyperlinked content contained within the message.

In March 2015, after conducting an investigation, the CRTC issued a Notice of Violation ("NOV") to CompuFinder, alleging that CompuFinder had not obtained recipients' consent prior to sending CEMs and that some of the CEMs did not contain a functioning unsubscribe mechanism. As a result, the CRTC assessed a $1.1 million penalty against CompuFinder. The allegations set out in the NOV arose from three advertising campaigns conducted by CompuFinder between July and September 2014 during which it sent at least 451 CEMs to various recipients that promoted its educational and training services.

In response to the NOV, CompuFinder denied that it had violated CASL and challenged the constitutional validity of CASL. In two decisions, released in October 2017, the CRTC determined that CASL is both valid and a justifiable infringement of the Canadian Charter of Rights and Freedoms³ (the "Charter"), and also confirmed that CompuFinder had violated CASL. The CRTC found that 317 CEMs had been sent without the recipients' consent and that the exemptions claimed by CompuFinder did not apply. In addition, the CRTC concluded that 87 of the CEMs contained two unsubscribe links, one of which was non-functioning. According to the CRTC, the non-functioning links created confusion and thus failed to meet the prescribed standard. Lastly, the CRTC reduced the amount of the penalty to $200,000 noting, among other things, that CompuFinder had no history of violations, had not obtained any financial benefit from the violations, had since made efforts to improve compliance, and would potentially be unable to pay the initial amount of the penalty.

CompuFinder appealed the CRTC's decision to the Federal Court of Appeal (the "Court").

Constitutionality of CASL

Validity

The Court engaged in its own division of powers analysis to determine if CASL properly falls within the jurisdiction of the federal government. First, the Court considered the pith and substance of CASL's CEM scheme, and then assessed whether it was a valid exercise of Parliament's jurisdiction over trade and commerce pursuant to Section 91(2) of the Constitution Act, 1867.

Having regard to the purpose and effects of the CEM scheme, the Court held that the main thrust of the CEM scheme is to "regulate the public's ability to send unsolicited CEMs in order to guard against the threats that such messages can pose to Canada's e-economy."⁴  Based on this conclusion, the Court went on to consider the five indicia set out in General Motors of Canada Ltd. v City National Leasing⁵ in order to determine whether CASL's CEM scheme is a valid exercise of Parliament's power over general trade and commerce affecting Canada as a whole. CompuFinder conceded that the CEM scheme satisfies the first two indicia (i.e. that it is a regulatory scheme and is under the continuing oversight of a regulatory agency). With respect to the remaining three indicia, the Court found the following:

1. the CEM scheme is concerned with trade as a whole, rather than with a particular industry because e-commerce permeates Canada's economy and is not confined to any specific industry or sector;
2. the provinces, jointly or severally, would be constitutionally incapable of enacting the CEM scheme because any province could withdraw from an interprovincial scheme; and
3. the failure to include one or more provinces in the CEM scheme would jeopardize its successful operation in other parts of the country because spammers could easily arrange to disseminate their CEMs from servers located in a province with more lenient laws respecting unsolicited CEMs.

Justifiable Infringement of the Charter

Although the Attorney General of Canada conceded that the CEM scheme infringes the freedom of expression guaranteed by Section 2(b) of the Charter, the Court, applying the Oakes test,⁶ found that it is a justifiable infringement pursuant to Section 1 of the Charter for the following reasons:

1. The CEM scheme is a limitation "prescribed by law" because it was validly enacted by Parliament pursuant to the general trade and commerce power and the impugned provisions present an intelligible standard to both the public and those charged with applying the law. Of note, the Court rejected CompuFinder's arguments that CASL's key provisions are too broad and open-ended to "delineate a clear zone of risk" and that CASL creates an "unknowable risk" because hyperlinked content can render a message a CEM.
2. The objective of CASL's CEM scheme is to promote the efficiency and adaptability of the Canadian economy by limiting certain negative effects to which unsolicited CEMs give rise such as: (a) impairing e-commerce, (b) imposing additional costs on businesses and consumers, (c) compromising privacy and security of confidential information, and (d) undermining the confidence of Canadians in Canada's e-economy.⁷ The Court concluded that this objective is sufficiently important to warrant limiting a constitutionally-protected right or freedom.
3. There is a rational connection between the CEM scheme's objective and the means chosen to achieve it. In particular, the Court noted that CASL does not create an absolute prohibition on CEMs, but rather establishes a partial prohibition by prescribing means of engaging in regulated conduct. In addition, CASL provides for a number of exceptions and exclusions to this partial prohibition. As a result, the Court concluded that Parliament was mindful and deliberate in its efforts to tailor CASL's complex legislative scheme to achieve its objectives.
4. The CEM scheme falls within a range of reasonable solutions to the problem. The Court acknowledged that there may be alternative means of achieving Parliament's objective, but found that the alternatives suggested by CompuFinder (i.e. an "opt-out" approach, a closed definition of CEM, and an open-ended definition of inferred consent, among others) would not provide sufficient protection to render them viable alternatives.
5. CASL's benefits outweigh its detrimental effects on freedom of expression. The Court noted that commercial expression is not as "jealously guarded" as some other forms of expression, such as political expression, and, therefore, restrictions on commercial expression are more easily justified.

Sections 7, 8 and 11 of the Charter Do Not Apply

The Court rejected CompuFinder's argument that CASL's CEM scheme violates sections 7, 8 and 11 of the Charter. The Court found that Sections 7 and 11 did not apply because CompuFinder did not face penal proceedings, and Section 8 did not apply because there is a diminished expectation of privacy in records and documents produced in the ordinary course of a business' regulated activities.

Application of CASL

Business-to-Business Exemption

In its decision, the CRTC rejected CompuFinder's claim that a number of the CEMs in question were exempt from CASL's consent and content requirements pursuant to the "business-to-business" exemption contained in Section 3(a)(ii) of the Electronic Commerce Protection Regulations.⁸ The "business-to-business" exemption applies where: (a) a CEM is sent by an employee of one organization to an employee of another organization; (b) those organizations have a relationship; and (c) the CEM concerns the activities of the recipient organization.

CompuFinder argued that it had a relationship with each recipient organization because each organization had previously purchased courses from it, thereby creating a contractual relationship. While the Court noted that the relationship between a sender and recipient organizations will typically be based on the provision of goods or services by the sender to the recipient, it ultimately held that a contractual relationship with a recipient organization that previously paid for a course on behalf of one or two of its employees was not sufficient to create a relationship for the purpose of the business-to-business exemption. The Court expressed concern that to find otherwise would allow a sender to send CEMs not only to the individual who took or paid for the course, but to every other employee of the organization to which those individuals belong, thus exposing many more people to the potentially harmful conduct CASL is intended to regulate. However, the Court also held that organizations may send CEMs concerning activities that are not directly related to a recipient organization's core business operations and may maintain a relationship with such organizations to facilitate those supplementary activities. In the current case, where a recipient organization has previously paid for an employee training course, the purchasing of employee training programs could be part of the recipient organization's activities for the purposes of the business-to-business exemption.

As a result, if CompuFinder had been able to show that the recipient organizations had purchased similar courses in the past or planned to do so in the future, the Court was prepared to find that the CEMs in question satisfied the relevance requirement, which will typically be based on the provision of that same good or service by the sender to the recipient. The Court noted that the required connection between a good or service promoted in a CEM and the activities of the recipient organization will often be established by virtue of the relationship between the sender and recipient organizations.

Conspicuous Publication

The CRTC further rejected CompuFinder's claim that the consent of a number of the recipients of the CEMs in question could be implied pursuant to Section 10(9)(b) of CASL. Under Section 10(9)(b), consent can be implied if: (i) the recipient has conspicuously published, or caused to be conspicuously published, the e-mail address to which the CEM is sent; (ii) the publication is not accompanied by a statement that the recipient does not wish to receive CEMs; and (iii) the CEM is relevant to the recipient's business, role, functions or duties.

The Court held that the CRTC did not err by finding that some e-mail addresses were taken from third party directory websites that did not indicate whether e-mail addresses were submitted by or on behalf of the recipients themselves, while others were taken from sites that featured disclaimers to the effect that unsolicited CEMs are not to be sent to such e-mail addresses. Furthermore, the Court agreed with the CRTC that CompuFinder merely speculated on the nature of the recipients' roles, functions or duties based on their job titles and then assumed that the CEMs were relevant to those roles, functions or duties. An organization seeking to rely on this exemption should be prepared to explicitly state the business, role, functions or duties of the recipient individuals or organizations, as well as the relevance of the CEM to such business, role, functions or duties.

Functioning Unsubscribe Mechanisms

The CRTC found that 87 CEMs contained two unsubscribe mechanisms: one that functioned properly and one that produced an error message when accessed. The CRTC determined that CEMs containing a second non-functioning mechanism violated Section 6(2) of CASL because they failed to conform with Sections 3(1) and (2) of the Electronic Commerce Protection Regulations (CRTC)⁹ which require that unsubscribe mechanisms be "set out clearly and prominently", and that the mechanisms be "able to be readily performed".

The Court held that the presence of a second unsubscribe mechanism, regardless of its prominence in relation to the first, creates confusion and gives rise to obscurity. Therefore, the CRTC did not err in concluding that CEMs containing a second, non-functioning unsubscribe mechanism failed to satisfy the requirement that the unsubscribe mechanism be "set out clearly and prominently."

Quoting the CRTC's "Guidelines on the Interpretation of the Electronic Commerce Protection Regulations", the Court also held that "for an unsubscribe mechanism to be 'readily performed' it must be accessed without difficulty or delay, and should be simple, quick and easy for the consumer to use."¹⁰ The Court noted that the presence of two alternatives with no clear indication of which is the correct one to select can cause delay and compromise the ease of use for the consumer, which in turn creates confusion and leads to frustration among recipients.

Key Takeaways

The penalties for violating CASL can be significant. In particular, anyone who fails to comply with the CEM consent and content requirements in CASL can be subject to maximum penalties of $1 million in the case of individuals and $10 million in the case of any other person.¹¹ The directors and officers of an organization that violates CASL can also be held personally liable.¹² Lastly, persons affected by violations of CASL have the ability to pursue a private right of action.¹³

CASL's definition of CEM contemplates a wide variety of electronic communications which means that businesses should carefully consider and review the content of any electronic messages that are intended for third parties, including any content that is hyperlinked within their messages, before hitting send. In many cases, it will be reasonable to conclude that at least one of the purposes for sending an electronic message is to encourage participation in a commercial activity. Therefore, as a matter of good practice, businesses will want to ensure that they have taken the necessary steps to meet the CASL's consent and content requirements, including providing for a clearly and prominently set out unsubscribe mechanisms which is accessible and easy to use.

It will also be prudent for businesses to obtain express consent, rather than relying on implied consent, whenever it is practical to do so, even though it may not always be easy. Doing so will help insulate your business from the risk of violating CASL, although your business will still need to satisfy all of the other requirements set out in the legislation. When relying on implied consent, the burden will be on you as the sender of CEMs to demonstrate that you have complied with all of CASL's requirements. For example, if CompuFinder had obtained explicit consent with respect to the CEMs it sent out, the CRTC would not have found that it violated CASL's consent requirement.

Moreover, disciplined and diligent practices with respect to documenting your businesses methods for obtaining the necessary consent, including clearly noting who, what, where, when and how such consent was secured, will further allow you to respond affirmatively and definitively to any allegations that your business may have violated CASL's consent requirements. This type of evidence gains appreciably more importance depending on the type of consent upon which you are relying as it will be much easier to establish implied consent or demonstrate the application of a particular exemption, such as the business-to-business exemption, if you document how the requirements are met at the outset rather than trying to reconstruct how your business satisfied them at some later point in time.

In the end, in CompuFinder, the Court has set out a clear marker as to its position on the constitutionality of CASL. It acknowledged that CASL does pose some challenges to the protection of freedom of expression afforded by the Charter, but that those limits are justified given the objectives of the legislation. It remains to be seen whether CompuFinder will appeal this decision to the Supreme Court of Canada. However, if it does, and if the Supreme Court of Canada agrees to hear the appeal, the business and legal communities alike will be eagerly awaiting the outcome as it has the potential to significantly impact how businesses communicate with their customers and prospects.

Footnotes

1 2020 FCA 103.

2 An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying our commercial activities, and to amend the Canadian Radio-television and Telecommunications Commissions Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010, c 23.

3 Section 8, Part 1 of the Constitution Act, 1982.

4 CompuFinder supra note 1 at para 110.

5 1989 1 SCR 641, 1989 SCJ No 28..

6 Ibid at para 131. The three-pronged test established in R. v. Oakes, 1986 1 SCR 103, 26 DLR (4th) 200, require (1) a rational connection between the restricting measures and the measures' objectives; (2) that the impugned measures impair the right or freedom as little as possible; and (3) overall proportionality between the benefits of the impugned measures and the deleterious effects to which they give rise.

7 See CASL, s. 3.

8 SOR/2013-221.

9 SOR/2012-36.

10 CompuFinder supra note 1 at para 258.

11 See CASL, s. 20(4).

12 See CASL, s. 31.

13 See CASL, s. 47.

Originally published by McMillan, July 2020

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2020