On April 23, 2019, the Canadian Radio-television and Telecommunications Commission (“CRTC”) imposed a $100,000 penalty on a corporate director for violations of Canada’s anti-spam legislation[1] (“CASL”) committed by the company. This is the first time an individual has been held liable under CASL for violations committed by a corporation.
Background
Operating under multiple business names (notably nCrowd, Teambuy, DealFind, and Dealathons – collectively, “nCrowd”), nCrowd sent unsolicited commercial emails to Canadians. nCrowd offered promotional vouchers for discounted rates on products, such as electronics, or services, such as beauty treatments, to be redeemed by consumers from third-party suppliers.
Between September 2014, and June 2015, the CRTC received 246 submissions through the Spam Reporting Centre (“SRC”) about nCrowd’s activities, which it duly investigated. The CRTC ultimately issue a Notice Of Violation on December 16, 2016 finding Mr. Brian Conley, nCrowd’s president and CEO, liable for the company having sent commercial electronic messages (“CEMs”) to persons without appropriate consent and for failing to have an adequate unsubscribe mechanism in the CEMs.
Lack of Consent/Failure to Document Consent.
nCrowd recipient list contained almost 2 million electronic addresses, most of which had been purchased from a third party, Couch Commerce, on September 24, 2014. According to information on that list, express consent to send CEMs to 1,566,144 email addresses on that list was obtained on a single day, August 13, 2014. nCrowd explained that the date in question was the date on which Couch Commerce moved its email records from one email service provider to another. No other supporting documents were provided, nor was any information included on what, specifically, consumers might have consented to.
The CRTC found that the lack of a valid date on which consent was obtained made it impossible to verify that express or implied consent was obtained within the allowable time limits set out in CASL.
The CRTC also noted that the list contained several general email addresses typically reserved for the technical support and website management of major companies. The CRTC commented that it was “unlikely that the authorized users of those email addresses would have expressly consented to receiving CEMs from a daily deals company such as nCrowd. It is more likely that those email addresses were published and accessed online.”
The CRTC found nCrowd to have violated section 6(1)(a) of CASL.
Failure to have a compliant unsubscribe mechanism
CASL requires that CEMs must conform to prescribed requirements and must set out an unsubscribe mechanism in accordance with CASL.[2] It further states that the (i) unsubscribe mechanisms must be usable at no cost, (ii) a consumer must be able to unsubscribe from further messages from either the person who sent the message or the person on whose behalf it was sent, and (iii) a consumer must be able to make unsubscribe requests either to a specified electronic address, or through a link accessible via a web browser. [3] In addition, the unsubscribe mechanism must be able to be “readily performed.”[4]
Several of the complainants indicated that (i) the unsubscribe links in the CEMs they received were not functioning, (ii) their unsubscribe requests were not given effect within 10 business days, or (iii) further action on their part was required to complete their unsubscribe requests.
During the investigation, nCrowd failed to provide any document showing policies and procedures relating to its unsubscribe mechanism. As result, the CRTC found nCrowd to have violated section 6(2)(c) of CASL.
Personal Liability
CASL provides that an officer, director, agent, or mandatary of a corporation that commits a violation is liable for the violation if they “directed, authorized, assented to, acquiesced in, or participated” in the commission of the violation, whether or not the corporation is proceeded against.[5]
Mr. Conley was accused having “acquiesced’ in the violations. The term “acquiesce” is not defined, and the CRTC interpreted it as having its ordinary meaning as “agreeing to something tacitly, silently, passively, or without protest”.
In his defence, Mr. Conley stated that:
- it would be impossible for a company CEO to have first-hand knowledge of millions of email addresses or the functionality of an opt-out button, and this fact was not acquiesce;
- he had relied on the representation made by Couch Commerce that its list was compliant with CASL when it was sold to nCrowd; and
- he had resigned as CEO of nCrowd and that as a result he never had any first-hand knowledge of violations allegedly committed by nCrowd before he received the notice of violation.
However, the CRTC found that, in light of both the evidence regarding Mr. Conley’s experience with email distribution platforms (having invented one) and the importance of this method of marketing to his business, Mr. Conley was familiar with the functionalities of sending CEMs and of unsubscribe mechanisms.
The CRTC also noted that Mr. Conley was personally involved in the acquisition of email distribution lists for his business. The Agreement of Purchase and Sale for the list acquired from Couch Commerce included terms indicating that Mr. Conley was aware of the Act generally, and terms requiring nCrowd to take steps to satisfy itself with respect to Couch Commerce’s compliance with the Act. However, Mr. Conley did not provide any evidence to demonstrate that he, or nCrowd, actually did take such steps.
In addition, the CRTC found it was not reasonable to believe that Mr. Conley had an active and personal role in acquiring the assets of a company one day, which the evidence demonstrated, and yet had no knowledge at all of how those assets were being implemented in his own company the very next day.
Finally, the CRTC considered that the date of Mr. Conley’s resignation was not relevant since the notice of violation indicated that Mr. Conley was held liable only for violations related to CEMs sent by nCrowd from September 25, 2014 to May 1, 2015, during which time Mr. Conley was the President and CEO of nCrowd.
Was the amount of the penalty reasonable?
The notice of violation set out a penalty of $100,000. Mr. Conley also argued that he could not afford to pay the $100,000 penalty.
CASL sets out a number of factors that must be taken into consideration when determining the amount of a penalty.[6] The CRTC evaluated the Mr. Conley’s actions and the evidence and light of these factors and ultimately found that the amount of the penalty was reasonable. After stressing that “the purpose of a penalty is to promote compliance with the Act, and not to punish”, the CRTC Commission stated that the violations were serious, that there was a lack of evidence that nCrowd had policies or procedures in place that would have served to prevent violations of the Canada’s Anti-Spam Legislation or that Mr. Conley had implemented such policies as President and CEO of nCrowd, and finally, that the personal minimum net worth of Mr. Conley was sufficient for him to pay the penalty.
For more information about Denton’s data expertise and how we can help review your CASL compliance efforts, please see our unique Dentons Data suite of data solutions for every business
[1] An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23.
[2] CASL, section 6(2)(c).
[3] CASL, section 11.
[4] Electronic Commerce Protection Regulations (CRTC), as set out in Telecom Regulatory Policy 2012-183, subsection 3(2).
[5] CASL, section 31.
[6] CASL, section 20(3).
