Canadian Government Suspends CASL Private Right of Action

So some good news out of Canada. The Government of Canada is suspending the implementation of certain provisions in Canada’s anti-spam legislation (CASL), more specifically, the private right of action (PRA) which was scheduled to come into effect July 1, 2017.

As you recall, Canada’s anti-spam legislation (CASL) came into effect July 1, 2014. It was put in place to protect Canadians while ensuring that businesses can continue to compete in the global marketplace. If you use electronic channels to promote or market your organization, products, or services, Canada’s new anti-spam law may affect you.

CASL included a PRA that allows any person affected by a violation of the legislation to sue for actual and/or statutory damages, meaning that damages could be awarded without proof of harm. This creates a significant risk for any company that sends or assists in sending commercial electronic messages (CEMs) in Canada, as well as companies that use cookies and distributes computer programs.

CASL authorizes the government to bring each provision of CASL into force on any day it sees fit through the regulation-making process. Although most of CASL came into force on July 1, 2014, a regulation passed by the government in 2013 states that the private right of action will come into force on July 1, 2017.

CASL also includes a provision stating that the law is to be reviewed by Parliament within three years of coming into force. In theory, this should begin on July  1, 2017, but it is unlikely to begin anytime before Fall 2017.

The industry’s filed concerns over the implementation of the PRA stemmed from the fear that it will create conditions for costly, frivolous class actions against both large and small businesses, even in the case of trivial or inadvertent non-compliance and that the negative impacts of class actions based on the PRA should not be underestimated. They may include:

  • potentially bankrupting small and medium-sized businesses (due to the legal costs of defending a class action)
  • inordinate court time and court resources being devoted to frivolous claims
  • litigation counsel receiving a disproportionate share of damage awards (or settlements), and
  • negative impact to consumers where businesses (both foreign and domestic) avoid electronic communication, delay the introduction of software technologies, and pass along the cost of PRA settlements or rulings in the pricing of consumer goods.

It is also clear that the threat of class actions will undermine Canada’s innovation economy by creating meaningful disincentives for domestic or foreign high-tech businesses from carrying on business either in or from Canada.

Delaying the coming into force of the PRA will not reduce the incentive for businesses to comply with CASL. Already today, the statute carries the threat of heavy administrative monetary penalties and active enforcement by the CRTC and has been enforced many times without the need of the PRA.

  • CRTC – Undertaking: Kellogg Canada Inc.
  • Office of the Privacy Commissioner of Canada – Investigation of Compu-Finder – May 27, 2016
  • CRTC serves its first-ever warrant under CASL in botnet takedown – December 3, 2015

Faced with both reputational damage and significant penalties, the industry already has more than sufficient incentive to comply with CASL. The PRA adds only unnecessary costs and risks for legitimate businesses.

“Canadians deserve to be protected from spam and other electronic threats so that they can have confidence in digital technology. At the same time, businesses, charities, and other non-profit groups should have reasonable ways to communicate electronically with Canadians. We have listened to the concerns of stakeholders and are committed to striking the right balance.” The Honourable Navdeep Bains, Minister of Innovation, Science and Economic Development

The eec continues to support the objective of reducing spam and malware while promoting ethical email marketing practices. We will continue to keep the industry apprised of future developments.

Dennis Dayman
Chair of eec Member Advisory Committee (MAC)
Chief Privacy & Security Officer, Return Path
previously published on Return Path’s Blog