In the fifth, and most recent, enforcement decision relating to compliance with Canada’s Anti-Spam Legislation, the CRTC has announced that Kellogg Canada has voluntarily entered into an undertaking respecting alleged non-compliance, which includes payment of $60,000 in penalties.
The undertaking resulted from an alleged failure to obtain consent from recipients prior to sending commercial electronic messages. The alleged violations apparently occurred over an 11-week period in late 2014.
As with previous undertakings announced by the CRTC, the summary produced by the CRTC includes few details about the alleged non-compliance, such as whether the company sent messages without obtaining consent, failed to meet form requirements in collecting consent, or was unable to prove the existence of an existing business relationship that would give rise to implied consent.
Interestingly, the CRTC summary does note that the messages in question were allegedly sent by “Kellogg and/or its third party service providers”, and that Kellogg undertook to comply with CASL and its Regulations, and to “ensure that any third party authorized to send a commercial electronic message on its behalf” did the same – suggesting that the alleged violations may have stemmed, at least in part, from the activities of a third party service provider. This, in turn, raises important – but unfortunately, unanswered -- questions about how penalties are assessed in such circumstances, and the extent to which due diligence in vendor selection and procurement arrangements might impact liability for non-compliance under CASL.
The central prohibition in CASL relating to commercial electronic messages does refer explicitly to those sending such messages, as well as to those causing or permitting such messages to be sent; accordingly, the law appears to apply to both marketers and the service providers that may be retained to send marketing messages on their behalf. Organizations would be well advised to choose third party vendors carefully, and to impose clear contractual and process requirements on such vendors to help avoid potential non-compliance.