Written by Martin Kratz, QC, Sebastien Gittens and Graeme Harrison
Representing the first decision in which an individual was held liable under CASL for violations committed by a corporation, the CRTC recently issued penalties of $100,000 against Brian Conley, the president and chief executive officer (CEO) of a group of businesses known as the “nCrowd” companies.
Canada’s Anti-Spam Law (CASL) provides for substantial penalties for non-compliance with the possibility of a maximum fine of $1,000,000 for individuals and $10,000,000 for organizations. As well, certain individuals can be found vicariously liable for the non-compliance of an organization even if the regulator, the Canadian Radio-television and Telecommunications Commission (CRTC) does not pursue the organization.
In response to complaints that were filed in the anti-spam reporting centre in 2015, the CRTC began an investigation in order to assess the business activities of the nCrowd group for compliance with section 6 of the CASL, which requires that commercial electronic messages must be sent with consent, must have prescribed language including to identify the sender and must have the prescribed form of unsubscribe mechanism. The business activities of the companies involved promoting the products and services of merchants on various Internet websites, including by the sale of electronic vouchers for these products and services.
The investigation revealed a complex series of Canadian and international transactions such as acquisitions, foreclosures, and bankruptcies. The key assets acquired in the transactions listed in the chart were the email distribution list, domain names and trademarks. Through these ownership changes, key individuals directing the former company were able to continue to carry on business by directing the new one, but without the existing liabilities of the former company. As a result, the customer email distribution list grew to reach more than 2 million email addresses.
In this case, the companies sending the messages were initially operational, then quickly dissolved or otherwise ended so that the CRTC identified that any enforcement actions directed towards such companies would have no deterrent effect. As a result the CRTC pursued the corporate directors through vicarious liability in order to encourage future compliance with CASL.
The CRTC investigation lead to Decision 2019-111, which indicated that between September 25, 2014, and May 1, 2015, nCrowd, Inc. sent CEMs or caused or permitted any of its subsidiaries to send CEMs to electronic addresses without consent, and without a functioning unsubscribe mechanism, contrary to CASL. The CRTC found that Brian Conley acquiesced in these violations, while he was the president and CEO of the nCrowd companies.
Notably, the nCrowd group used “pixel tagging” to track whether an email address was valid, if and when the email was opened, and from which computer the email was viewed, without asking the recipient directly. This technique is often used for analytics of email open rates. While generating a long list of valid email addresses with high open rates is useful for email distribution, the CRTC’s view was that the use of pixel tagging “itself by its very nature does not reflect the existence of consent from recipients, and thereby it cannot be a way to manage distribution lists in compliance” with CASL. “In other words, by opening an email, a recipient does not provide (nor retroactively provide) the originator with express or implied consent to send them CEMs.”
By decision its 2019-111 dated April 23, 2019, the CRTC confirmed the violations committed by nCrowd, Inc., and the liability of its director and CEO Mr. Conley, pursuant to section 31 of CASL as well as the penalty amount of $100,000.
As an aside, implicated in the nCrowd scheme was Ghassan Halazon, the CEO of several companies involved in the transactions. Mr. Halazon was earlier pursued by the CRTC also on a vicarious liability basis but entered into an undertaking with the CRTC and paid $10,000.
The case shows the CRTC is willing to pursue complex schemes involving violations of CASL. This is the kind of matter that it is submitted ought to be the proper subject of compliance efforts under CASL.
This case is also a good reminder that liability under CASL can potentially extend to a corporation’s officers, directors, agents or mandataries if such individuals directed, authorized, assented to, acquiesced in or participated in the commission of a CASL violation.
If you have any questions about CASL, please feel free to contact a member of our CASL team.