On April 23, the Canadian Radio-television and Telecommunications Commission announced the first penalty against an individual for violating Canada’s anti-spam law and imposed a $100,000 administrative monetary penalty against the former CEO of coupon marketing company nCrowd, Inc. This is the first time that an individual has been found liable for CASL violations committed by a corporation. This case also follows (relatively) recent CRTC guidance relating to potential third-party liability for CASL violations.
In general, s. 6 of Canada’s anti-spam legislation broadly prohibits both sending or permitting to be sent commercial electronic emails unless they comply with CASL’s consent and unsubscribe requirements.
More specifically, s. 31 sets out broad potential director and officer liability, providing that an officer, director, agent or mandatory of a corporation that violates CASL is liable for the violation if they directed, authorized, assented to, acquiesced in or participated in a violation, regardless of whether any proceeding against the corporation is commenced.
Section 9(1) of CASL also prohibits aiding, inducing or causing to be procured a violation of CASL. Taken together, these provisions allow CASL enforcement against individuals in a wide range of circumstances.
According to the CRTC, this particular case involved a complex series of corporate acquisitions, mass electronic marketing and subsequent bankruptcies, which made proceedings against the companies impractical. Through this process, the principals of a number of companies, including nCrowd, Inc., Teambuy.ca, DealFind.com Inc. and Dealathons, engaged in widespread electronic marketing of promotional vouchers for consumer products while simultaneously acquiring large email lists through acquisitions including from a company called Couch Commerce Inc.
The CRTC challenged two specific defects in the nCrowd companies’ electronic marketing: the failure to obtain consent and to include functioning unsubscribe mechanisms in emails.
With respect to individual liability, the CRTC found that nCrowd’s former CEO had acquiesced in the companies’ CASL violations, was personally involved in acquiring email lists and was familiar with their importance and the functionality of nCrowd’s marketing platform (and was familiar with the functionality of email distribution platforms generally).
The CRTC’s finding that the former nCrowd CEO acquiesced to CASL violations should, in particular, make executives of companies engaged in electronic marketing pause, given that the CRTC interpreted “acquiesce” broadly and in its ordinary sense under Canadian case law as “agreeing to something tacitly, silently, passively or without protest.” It is now clear that CASL violations can occur both by taking active steps to violate the legislation or by merely failing to take compliance steps.
Interestingly, and unfortunately for nCrowd’s former CEO, the purchase agreement for the company’s acquisition of Couch Commerce included specific terms relating to the acquired company’s CASL compliance and obligations for nCrowd to satisfy itself with respect to anti-spam-law compliance.
In addition to non-compliance with CASL’s consent and unsubscribe requirements, the CRTC also noted many other defects in nCrowd’s electronic marketing, including not having any compliance program, anomalies with the consents claimed (e.g., blanket claims of express consent, despite the inclusion of generic institutional or government emails, and claiming to have acquired express consent for more than 1.5 million names in a single day), failures to unsubscribe recipients when requested and no effort to verify or audit the significant email list acquired from Couch Commerce.
The CRTC’s enforcement against nCrowd’s former CEO, as well as its recent guidelines and policy statements relating to third-party liability, confirm that CASL is very broad in terms of who may be liable for a violation and that the CRTC will commence enforcement where corporate enforcement may not be possible. What this practically means is that both directors and officers of companies engaged in electronic marketing need to both ensure that they are not actively assisting a violation of CASL or even merely acquiescing or turning a blind eye to a violation.
Third-party service providers that assist companies with their electronic marketing must now be similarly diligent to ensure that their activities comply with the aiding section of CASL (s. 9(1)) and the CRTC’s policies on s. 9. In this respect, the CRTC takes the position, as it does with directors and officers, that a third party may aid a CASL violation not only through active steps — for example, by providing technical assistance or access to tools or equipment — but also by failing to act to prevent a violation.
Overall, the CRTC’s most recent individual enforcement case and its recent policy statements on aiding CASL violations mean that individuals engaged in or assisting electronic marketing are under a heightened obligation to ensure that they both do not actively violate CASL but also take steps where possible to prevent a violation. It’s a very high compliance bar indeed.