Court of Appeal confirms constitutionality of Canada’s Anti-Spam Legislation, provides guidance on its application

The Federal Court of Appeal recently released its decision in CompuFinder’s appeals from two 2017 decisions of the Canadian Radio-television and Telecommunications Commission (CRTC).¹ The two CRTC decisions were in response to CompuFinder’s challenge to the notice of violation issued under Canada’s Anti-Spam Legislation (CASL)² setting out an administrative monetary penalty of $1.1 million.

The court’s guidance includes, importantly, the following:

• The “business-to-business” exemption requires a relationship with the receiving organization. Whether a contractual relationship fulfills this purpose of the exemption depends on the circumstances. A limited contractual relationship with a small number of transactions affecting a few employees will not be sufficient.
• The “business-to-business” exemption also requires that commercial electronic messages (CEMs) concern the activities of the receiving organization. There must be some evidence that a recipient organization has engaged in similar activities in the past or plans to do so in the future.
• Implied consent to receive CEMs may be established through conspicuous publishing of the recipient’s electronic address. Conspicuous publication does not exist if there is no indication that addresses on a third-party database are user-submitted or if the third-party includes a disclaimer prohibiting unsolicited CEMs.
• Implied consent may only be established for CEMs that are relevant to the recipient’s business, role, functions or duties. The organization relying on implied consent must demonstrate how the recipient’s business, role, function or duties relate to the CEMs in question. Mere knowledge of a recipient’s job title does not satisfy this burden.
• Non-functional unsubscribe mechanisms violate CASL, even if there is also a functional unsubscribe mechanism in the CEM.

The court dismissed CompuFinder’s appeals, confirmed CASL’s constitutionality, and provided significant guidance on how the legislation is to be interpreted by courts and the CRTC.³

Constitutionality of CASL

The court upheld most of the CRTC’s findings on the issue of CASL’s constitutionality. In particular, it found that: (1) CASL was validly enacted under Parliament’s general trade and commerce power; (2) while the impugned provisions of CASL did violate freedom of expression under section 2(b) of the Canadian Charter of Rights and Freedoms, the violation was justified under section 1; and (3) sections 7 and 11 of the Charter did not apply because proceedings under CASL are administrative in nature, not criminal or penal. The court found that while section 8 of the Charter applied despite CASL’s administrative nature, there had been no violation of CompuFinder’s section 8 rights.

Violations of CASL and guidance

“Business-to-business” exemption

CompuFinder argued that having previously conducted business with at least one person from each organization on at least one occasion would create a relationship that would meet the business-to-business relationship exemption and therefore exempt its CEMs from CASL. 

The court rejected CompuFinder’s interpretation of the legislation. The “relationship” required to make out the business-to-business exemption presents a more demanding standard than the “existing business relationship” required for the purposes of paragraph 10(9)(a) of CASL. 

An “existing business relationship,” under paragraph 10(9)(a), permits an organization to send CEMs to a person who had paid the organization for a service in the preceding two years. By comparison, the finding of a “relationship,” for the purpose of the “business-to-business” exemption, allows an organization to send CEMs to every employee in a recipient company, and not just the specific employees who had interacted with the organization. Setting a more demanding standard for the business-to business exemption is consistent with the relative effects of each finding, in light of CASL’s objectives.

The presence of a “contractual relationship” between two organizations will not be determinative of whether a relationship exists for the purposes of CASL’s business-to-business exemption. CompuFinder had only submitted proof of a single training session for one or two of the recipient organization’s employees. This type of contractual relationship with a very limited number of transactions affecting very few employees will not constitute a relationship for business-to-business exemption purposes. The court agreed with the CRTC that evidence of authority on the part of either the purchasing employees or the employees who took CompuFinder’s courses, while not required, may have helped to establish a relationship for the purposes of the business-to-business exemption.

The limited evidence of a relationship between CompuFinder and the recipient organizations also led the court to conclude CompuFinder had not established that the CEMs concerned the “activities” of the receiving organizations, the third element of the “business-to-business” exemption. 

While “activities” are not limited to an organization’s core business operations, and the court did not find it appropriate to circumscribe the “vast universe of an organization’s potential business activities,” CEMs must relate to an activity the recipient organization has undertaken in the past or plans to undertake in the future. If CompuFinder had been able to prove the recipient organizations had purchased similar courses in the past or had plans to do so in the future, the relevance requirement would have been satisfied; however, it failed to show this.

Implied consent

CompuFinder had not, as it claimed, obtained implied consent because the recipients had conspicuously published their electronic addresses. Many of the electronic addresses had been obtained from third-party websites that either did not indicate whether the content was user-submitted or contained disclaimers prohibiting unsolicited CEMs. There was no evidence the recipients had themselves conspicuously published their email addresses.

The mere knowledge of a recipient’s job title, and nothing further, does not establish the CEM’s relevance to the business, role, functions or duties of the recipient. The court noted that while there may be circumstances where a job title would sufficiently convey the business, role, function or duties of the recipient, any organization looking to rely on paragraph 10(9)(b) of CASL should be prepared to explicitly provide “the business, role, function or duties” of the recipient individual or organization, at least in how it relates to the CEMs in question. An organization should further be prepared to “elucidate, equally explicitly, the relevance of the CEM to the recipient’s business, role, function or duties thus stated.”

Unsubscribe mechanism

Finally, the presence of a non-functional unsubscribe mechanism, even when accompanied by a functional unsubscribe mechanism, violates section 6(2) of CASL. The court noted that even if the functional unsubscribe mechanism is more prominent, the mere presence of any non-functional unsubscribe mechanism creates confusion and violates CASL. This underscores the importance of maintaining one clearly accessible unsubscribe mechanism in all CEMs.