The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that Porter Airlines had agreed to pay a fine of $150,000 for violations of the Canadian Anti-Spam Law (CASL).
After investigating the airline, CRTC found multiple violations of the statute. These violations include no unsubscribe link or the unsubscribe link was not prominent enough.
Some of the messages at issue failed to have proper identification. Finally, Porter Airlines couldn’t prove consent for at least some subset of the subscribers.
This is another in a series of enforcement actions where CRTC fined companies for violations of CASL. But none of those enforcement actions really seem overly punitive. There were multiple people publicly concerned about CRTC aggressively fining companies and even driving them out of business. These concerns now appear to be unfounded. Certainly, CRTC is enforcing the law but in a way to help companies come into compliance with it.
Another major concern some individuals had was the private right of action under CASL. I recently attended a conference where one of the talks was related to CASL and enforcement. What was said there is that there are some constraints on bringing a case. For instance cases can’t be brought in lower courts, they have to be brought in the provincial (I think) courts. This puts an additional burden on plaintiffs. Reading between the lines, my impression was this was intended by the regulatory agency and lawmakers to stop nuisance type suits, but allow for real action when needed.
Finally, I have yet to hear about any enforcement action that resulted in fines for corporate officers rather than the corporation as an entity.
All in all, the chicken littles claiming that this law was going to drive email marketers out of business seem to have been wrong. In fact, when I asked a question during the session “have you heard of any companies stopping marketing in Canada due to CASL” the first response was a scoff. This was not the purpose or intent of the law, and it doesn’t appear to be enforced that way.
Read More
The CRTC served its first ever warrant as part of an international botnet takedown. The warrant was to take down a C&C (command and control) server for Win32/Dorkbot. International efforts to take down C&C servers take a lot of effort and work and coordination. I’ve only ever heard stories from folks involved but the scale and work that goes into these take downs is amazing.