Posts

$100,000 in penalties for SMS messages non-compliant with CASL

/0 Comments/in , , , , /by

A commitment to the CRTC

May 1st, 2018, the CRTC announced via news release that companies 9118-9076 QUÉBEC INC. and 9310-6359 QUÉBEC INC., operating as 514-TICKETS, whose principal activity is the resale of sports, cultural, and event tickets, has accepted an undertaking for alleged violations of the Canadian Anti-Spam Legislation (CASL). Under the latter, the companies pledged to pay a financial indemnity of $100,000 ($25,000 paid to the Receiver General for Canada and $75,000 in rebate coupons offered to clients).

This innovative form of sanction, combining customer discounts and fines, demonstrates that the CRTC’s intent is not to punish wrongdoers, but to force them to adopt CASL-compliant practices, which is inherent in the implementation of a CASL compliance program.

CASL’s application to text messages

This sanction is a milestone in the history of CASL compliance: it is the first time the CRTC has fined a company for violating the LAW by sending commercial electronic messages (CEMs) via text messages. 514-TICKETS would have, from July 3rd , 2014 to November 26th , 2016, sent CEMs via text message “without having obtained the consent of the recipients, and by not providing the necessary information to identify the sender, nor the information necessary to contact the sender“. More specifically, the majority of text CEMs were messages requesting consent to receive subsequent commercial offers.

The CRTC reiterated, in its news release, that CASL applies to any message sent —not only to an email address, but also to a telephone number account, or email account on social media— that is intended to encourage participation in a commercial activity.

If you don’t have consent, you cannot request consent

514-TICKETS should have, like any company sending CEMs, had prior consent before communicating with the recipients, but also include in its messages the information necessary to identify the sender, as well as the information to contact the sender. 514-TICKETS should also have included an unsubscribe mechanism, allowing the recipient to signal their desire to no longer receive communications from the company.

The Spam Reporting Centre is as efficient as ever

In this case, the CRTC’s investigation was initiated by reports sent to the Spam Reporting Center (SRC). This government authority transmits information received from consumers and other bodies, to the CRTC, the Competition Bureau, and/or the Office of the Privacy Commissioner of Canada depending on the nature of the alleged violation.

The importance of a compliance program

In their commitment to the CRTC, 9118-9076 QUÉBEC INC. and 9310-6359 QUÉBEC INC., have also been required to implement a CASL compliance program, which includes: “an audit and review of current compliance practices […], as well as various other monitoring and auditing measures, including reporting mechanisms to CRTC staff regarding the implementation of the program.”

If your company has not yet been investigated by any of the CASL enforcement authorities, there is still time to implement your compliance program and protect your business before it’s too late.

CASL: What’s changed since July 1st?

/0 Comments/in , /by

After three long years, the grace period has ended, and companies must have established and implemented a compliance program. Businesses can no longer defend themselves by explaining that they weren’t aware of all the criteria necessary to be compliant.

From now on, to whom can you send messages to?

 

From now on, you may only send electronic business messages to:

  • persons who have given explicit consent,
  • clients who have made at least one transaction in the last two years,
  • individuals who have requested, within the last six months, to receive business information.

ATT: For all other contacts, you can no longer send them communications. This includes sending a consent request. The CRTC was very clear on this subject: an email requesting consent is a commercial electronic message and can not be sent without prior consent! 

What to do about leased or purchased lists?

The CRTC argued that when you obtain lists from a third party, you must verify that your supplier has obtained the appropriate consent for each contact. This includes consent for the type of communication (medium & content) one can send to an individual.

The CRTC clarified that in order to discharge your liability you must demonstrate that you’ve taken action to verify the legality of the consents obtained by your supplier. Otherwise, or if the CRTC deems that your actions are insufficient, you will be held responsible.

This practice also applies to directories. Before using the information from a repertory, you must verify that you have the right to do so and that the publisher of the directory obtained the proper consents. Otherwise, you will be held responsible.

Can agencies, ESPs and CRM suppliers be held responsible?

The CRTC has explained, in reference to the responsibility of agencies and technology platforms, that if the suppliers are involved in the content of the message, they may be held jointly liable for violations of Canada’s Anti-Spam Legislation.

For example, this applies to agencies that write copy and design emails (and other electronic messages) for their clients, as well as ESPs and CRMs that offer dynamic content customization or dynamic segmentation.

We’ll be consulting with our partner lawyers shortly for more information. Stay tuned for a detailed article on this subject.

Polls & Surveys

With regards to emails inviting individuals to participate in a poll, if the survey is just a study, it does not fall within the definition of a commercial electronic message and therefore does not require prior consent.

However, if the poll or survey refers to a product or promotes it, even subtly, it must meet all the requirements of CASL.

A good rule of thumb is to ask yourself if the individual who completes the survey can guess the name of the company or brand. If so, your survey is likely to be in violation of the law.

SMS and MMS messages

Although there are less commercial text messages sent in Canada than in other countries, consumer complaints about them are on the rise and these messages are in the CRTC’s viewfinder.

The CRTC explained that if companies send text messages for commercial (not necessarily promotional) purposes, or plan to do so, they must ensure that their compliance program covers these types of messages.

ATT: If a person is not on the National Do Not Call List (NDNCL), this does not mean you have consent to send them text messages.

Whereas the NDNCL uses an opt-out procedure (a person has to contact them to be removed from their list), Canada’s Anti-Spam Law uses an opt-in principle (individuals must give you permission to be contacted).

Transactional messages

The CRTC has clarified that transactional messages such as the confirmation of a transaction, change of password, scheduled alert, etc.) are not considered a commercial electronic message, as long as it does not contain a commercial offer. Also, transactional messages can be sent even if the person has withdrawn their consent.

However, the CRTC has made it clear that these transactional messages must comply with all the provisions of CASL, including those articles referring to “mandatory information” and “unsubscribe mechanisms”.

Brands and parent companies

When the CRTC discussed this point during an IAB presentation, the crowd told them they were crazy. Take note: Any withdrawal of consent applies to the whole company by default (affiliates and parent companies included), and not the just the brand or business indicated in the unsubscribe form.

Let’s take Loblaws and Shopper’s Drug Mart as an example: if a consumer unsubscribes from the Loblaws supermarket newsletter, consent is automatically withdrawn from the entire company and not just from supermarket communications. If the consumer was subscribed to the Shopper’s Drug Mart newsletter at the time when they withdrew their consent to Loblaws, under the law, they should no longer receive Shopper’s Drug Mart newsletters.

The only way to manage this situation legally is to propose an unsubscribe form in which the consumer can choose the brands from which he or she wishes to remain subscribed to.

When the CRTC was told that this was a bit crazy, their response was “We don’t know how you operate, guys! So come and talk to us so that we can understand you better”.

In conclusion, the law is tricky. For those not who are not vigilant or proactive, they will eventually be heavily fined and required to complete their compliance program.

The solutions and compliance programs offered by Certimail, built in collaboration with researchers from the Faculty of Law at Université de Montréal, meet the new requirements of the CRTC.

If you already have a program set up by us, you have nothing to change. You’re covered.

If you don’t have a compliance program, our experts are at your disposal to assess your situation and can offer you an efficient and inexpensive program that meets the CRTC’s requirements.