The private right of action (PRA) under CASL (Canada’s Anti-Spam Law)comes into force on July 1, 2017. The PRA is a right for private parties to obtain what are characterized as statutory damages for breach of CASL’s anti-spam and computer download prohibitions, as well as the email harvesting/computer hacking provisions under PIPEDA, or the false or misleading email prohibitions under the Competition Act. It represents a significant additional sanction for non-compliance.
There is concern about the potentially significant litigation risks posed by the PRA. However an analysis of its rules suggests that in fact it may provide monetary remedies not materially different from penalties under the regulatory track. Furthermore the PRA, far from providing a “user-friendly” process to compensate persons impacted by prohibited practices – ostensibly its intended purpose – will be simply a proxy for regulatory enforcement. The role of enforcer will be performed by sufficiently resourced private parties (e.g. class action plaintiffs), in place of the public regulator.
Understanding how the PRA rules will work suggests that the provision is essentially penal in nature, governed by the same criteria as the administrative monetary penalty (AMP) provisions of CASL and the Competition Act and, in the context of the public compliance purposes of the legislation, is duplicative of such provisions and unnecessary.
Order for monetary payment
The key provision (section 47(1) of CASL) provides for a monetary remedy to individuals and businesses affected by any contravention of sections 6 to 9 of CASL (the email and computer download rules), PIPEDA’s new e-mail harvesting/computer hacking provisions, or the false or misleading email prohibitions under the Competition Act. The potential remedies are significant – in addition to actual losses or expenses, complainants may recover, without any proof of loss, monetary amounts of up to $1,000,000 per day for each day that a contravention occurs or continues.
Protection if regulatory track followed
These monetary payment provisions have been characterized as “statutory damages”. However this characterization may not be accurate when it is understood that the PRA framework provides for significant protection from an order if the matter is pursued under a regulatory enforcement track and requires a court to consider factors almost identical to those considered under the regulatory track.
Protection against liability under the PRA is afforded to a person who has contravened CASL’s CEM or computer download rules if prior to an application being heard they have entered into an undertaking pursuant to section 21(1) of CASL or have been served with a notice of violation. It may be surmised that a party, faced with a class action claim for potentially millions of dollars, would seek (e.g. through voluntary disclosure) a resolution of the issue with the CRTC. The recent CRTC decision in the Blackstone Learning Corp. case – in which the CRTC (meaning the Commission as opposed to its enforcement staff) reduced the amount sought under a notice of violation from $640,000 to $50,000 – is instructive. In that case, the CRTC referred to the factors that CASL requires be considered, citing in particular Blackstone’s ability to pay and the purpose of encouraging compliance.
Requirement to consider compliance purpose and related factors
The protective rule is one aspect of the PRA indicative of a proxy for regulatory enforcement. However the factors that a court is required to consider when making any order are even stronger support for this conclusion. These factors suggest that any order must be consistent with what would be ordered as monetary penalty under the applicable regulatoryrules. The most significant of these factors is that the purpose of any such payment must be to encourage compliance. The stipulated factors are almost identical to the factors required to be taken into account in respect of AMPs for violations under sections 6 to 9 of CASL and are consistent with considerations to be taken into account by the Competition Tribunal when making an order in respect of false or misleading emails.
While the ostensible purpose of the PRA is to provide a user-friendly remedy for persons who have suffered expense or loss as a result of non-compliant activity, in reality it will only be well-resourced parties who will be either able or willing to initiate a claim. Cost-benefit considerations suggest that only class action claims are likely to be made. However, the factors required to be taken into account in any application – focussed on compliance – suggest that any global monetary payment awarded on a class action must be determined on the same basis as if the matter were subject of regulatory enforcement. To date (in the Blackstone case), we have seen that these factors point to monetary penalties that, while not insignificant, do not approach the potential amounts provided for under the PRA, at least with respect to prohibited emails under the CEM rules.
Clearly, there may be scope for significant monetary awards in cases of highly egregious matters involving large-scope incidents. However in such circumstances it is more likely that public regulatory enforcement resources will be brought to bear with the result that no PRA application may be entertained.
The analysis suggests that the PRA should be seen as a proxy for regulatory enforcement and not as a practicable means for affected persons to claim compensation. The PRA should be considered primarily as a penal provision, not a private party compensation remedy. Characterized in this way it is suggested that the PRA is duplicative in the context of the existing legislative regulatory remedies. Its existence, particularly in light of the anxiety it is causing among many businesses and non-profit organizations, is a distraction from the proper compliance objectives of CASL. If its role is merely a proxy for regulatory enforcement, the question should be asked whether it is needed, or appropriate.
For more information please contact:
David Young 416-968-6286 email@example.com
Note: The foregoing does not constitute legal advice. Readers are cautioned that for application to specific situations, legal advice should be obtained.
© David Young Law 2017
 Adopted pursuant to amendments under CASL.
(i) up to $200 for each contravention of Section 6 (the commercial electronic message or “CEM” rules) to a maximum of $1,000,000 per day;
(ii) up $1,000,000 per day for each contravention of Sections 7-8 (the computer download rules);
(iii) up to $1,000,000 per day for a contravention of Section 9 (aiding and abetting in a contravention of Sections 6-8);
(iv) up to $1,000,000 per day for each contravention of the new PIPEDA e-mail harvesting/computer hacking provisions; and
(v) up to $200 for each occurrence of reviewable conduct involving false or misleading electronic messages under the Competition Act, up to $1,000,000 per day.
Section 48(1). While similar protection is not afforded for a claim of address harvesting, computer hacking or misleading emails, the same result could be obtained by the requirement that the court take into account that the purpose of any order is to encourage compliance; see sections 51(2), (3)(a)
 Other factors that the court must take into account, include:
a) the nature and scope of the impugned conduct;
b) the person’s history with respect to any previous contravention of any of the relevant CASL or PIPEDA provisions or any previous reviewable conduct under the relevant provision of the Competition Act;
c) the person’s history with respect to any previous undertaking entered into under CASL or a consent agreement signed under the Competition Act with respect to the false or misleading electronic messages reviewable conduct provision;
d) any financial benefit that the person obtained from committing the contravention or the reviewable conduct, as the case may be;
e) the person’s ability to pay; and
f) whether the complainant has received compensation, outside of the PRA application, in connection with a contravention or reviewable conduct, as applicable.