CASL enforcement

As most people know, the Canadian Anti-Spam Law (CASL) went into effect July 1 of this year. This month, the CRTC concluded its first investigation.

A computer reseller based in Saskatchewan was placed under investigation by the CRTC after large numbers of complaints were made through the Spam Reporting Centre. The CRTC revealed that a server owned by the computer reseller sent millions of e-mail spam messages through Saskatchewan-based internet service provider, Access Communications. […] Exercising its discretion, the CRTC chose not to fine the business. CRCT Concludes First Enforcement

One of the biggest complaints about CASL was that innocent senders who just happened to inadvertently violate CASL would be hit with business ending fines. But the agencies tasked with enforcement have discretion. There are no minimum fines that they have to impose, they have discretion. Their first enforcement action demonstrates this. It would be easy for the CRTC to impose business ending fines on their initial case, as a warning to other senders. They didn’t do that.
CRTC has demonstrated they’re willing to work with businesses that violate CASL. That gives all senders a little bit of breathing room for the next 2.5 years. Come July 1, 2017, individual users can exercise their private rights of action against senders. The PRoA is really an unknown variable. How many Canadians are annoyed enough by unsolicited emails that they’re willing to take senders to court? I don’t really know.

We're growing… and hiring
M3AAWG Boston

Related Posts

CASL is more privacy law than anti-spam law

Michael Geist, a law professor in Canada, writes about the new CASL law, why it’s necessary and why it’s more about privacy and consumer protection than just about spam.

Read More

Email marketing not dead yet

If Forrester research is to be believe, email marketing is feeling better. In fact, it seems email marketing is more effective than ever.

Read More

The DMA: Email marketing or spam?

A few weeks ago, I signed up for a webinar from the DMA. As is my normal process I used a tagged address. I don’t remember any notification that I would be signing up for mail, and I generally do look for those kinds of things. I also know a lot of webinars are used to drive sales processes and I prefer not to waste sales time if I’m not actually looking to purchase.
In recent weeks I have gotten an ongoing stream of marketing messages from the DMA. I’ve tried to opt-out, but the DMA don’t actually want me to opt-out. Each marketing message is a different type of message from a different list. Each list must be opted out of individually.
First it was Conferences, then it was Education, then it was Awards, then Events. I’m trying to figure out what’s next and how many more times the DMA is going to get to spam me before I just turn that address into a spam trap.
And before you tell me that I can’t make an address a spam trap, think about that a little bit. I never opted this mail in to receive anything but the webinar confirmation. I’ve dutifully opted out each and every time the DMA has mailed me. I’ve even tried to opt-out of all mail. Unfortunately, the DMA has placed the “opt-out of all mail” behind a registration wall, one I cannot get to as I do not have (or want) a DMA account.
DMASignOn
The DMA is sending me mail I did not request and do not want. They have made it impossible for me to determine how much mail I will get. They have made it difficult for me to opt-out of all their mail.
This is an example of bad email marketing. I’m sure that the DMA will tell me this is all permission based email. I disagree. This is an example of the DMA taking permission. This is not an example of a sender asking for permission. I didn’t give permission to be added to all these DMA lists, and I have no way to actually revoke the permission that they took from me.
I signed up for a second webinar with this email address, one related to CASL. The irony is that the DMA’s behavior here is a violation of a number of points of CASL. First, there was no clear opt-in notice on the website. Second, CASL requires parity between opt-in and opt-out. If I opt-in once then I should be able to opt-out once. CASL puts an end to this opt-in once, opt-out dozens of times process.
I wish I could say I was disappointed in the DMA. But I’m barely surprised. Their track record is poor and they have typically fallen on the side of “I have consent until you force me to acknowledge that I don’t.” In this case, the DMA is demonstrating that quite clearly. They will keep spamming and spamming and spamming. I have no doubt were I to actually register an account, they would continue to spam me with “account notifications” that I was unable to opt-out of because they are transactional, membership messages.

Read More