Canadian Government Suspends CASL Private Right of Action
So some good news today out of Canada. The Government of Canada is suspending the implementation of certain provisions in Canada’s anti-spam legislation (CASL), more specifically, the private right of action (PRA) which was scheduled to come into effect July 1, 2017.
As you recall, Canada’s anti-spam legislation (CASL) came into effect July 1, 2014. It was put in place to protect Canadians while ensuring that businesses can continue to compete in the global marketplace. If you use electronic channels to promote or market your organization, products, or services, Canada’s new anti-spam law may affect you.
CASL authorizes the government to bring each provision of CASL into force on any day it sees fit through the regulation-making process. Although most of CASL came into force on July 1, 2014, a regulation passed by the government in 2013 states that the private right of action will come into force on July 1, 2017.
CASL also includes a provision stating that the law is to be reviewed by Parliament within three years of coming into force. In theory, this should begin on July 1, 2017, but it is unlikely to begin anytime before Fall 2017.
The industry’s filed concerns over the implementation of the PRA stemmed from the fear that it will create conditions for costly, frivolous class actions against both large and small businesses, even in the case of trivial or inadvertent non-compliance and that the negative impacts of class actions based on the PRA should not be underestimated. They may include:
- potentially bankrupting small and medium-sized businesses (due to the legal costs of defending a class action)
- inordinate court time and court resources being devoted to frivolous claims
- litigation counsel receiving a disproportionate share of damage awards (or settlements), and
- negative impact to consumers where businesses (both foreign and domestic) avoid electronic communication, delay the introduction of software technologies, and pass along the cost of PRA settlements or rulings in the pricing of consumer goods
It is also clear that the threat of class actions will undermine Canada’s innovation economy by creating meaningful disincentives for domestic or foreign high-tech businesses from carrying on business either in or from Canada.
Delaying the coming into force of the PRA will not reduce the incentive for businesses to comply with CASL. Already today, the statute carries the threat of heavy administrative monetary penalties and active enforcement by the CRTC and has been enforced many times without the need of the PRA.
- CRTC – Undertaking: Kellogg Canada Inc.
- Office of the Privacy Commissioner of Canada – Investigation of Compu-Finder – May 27, 2016
- CRTC serves its first-ever warrant under CASL in botnet takedown – December 3, 2015
Faced with both reputational damage and significant penalties, the industry already has more than sufficient incentive to comply with CASL. The PRA adds only unnecessary costs and risks for legitimate businesses.
“Canadians deserve to be protected from spam and other electronic threats so that they can have confidence in digital technology. At the same time, businesses, charities, and other non-profit groups should have reasonable ways to communicate electronically with Canadians. We have listened to the concerns of stakeholders and are committed to striking the right balance.” The Honourable Navdeep Bains, Minister of Innovation, Science and Economic Development
Though we at Return Path continue to support the objective of reducing spam and malware, the industry remains of the opinion that certain elements of the law undermine Canada’s innovation agenda. We will continue to recognize the importance of a sound anti-spam regulatory framework and enforcement including CASL as it stands today—without the PRA. We are looking forward to the Government asking for a parliamentary committee to review the legislation, in keeping with the existing provisions of CASL.
About Dennis Dayman
Dennis Dayman has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Return Path’s chief privacy and security officer, Dayman leverages his experience and key relationships to provide best practices to Return Path, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Return Path’s international electronic commerce, privacy and Internet related policy issues.