CASL Private Right of Action Delayed

Today the Canadian Government announced they were suspending the provision that allows individuals to sue marketers for violations of CASL.
Under these provisions, individual Canadian consumers had a private right of action. Any Canadian could sue any company that sent mail violating the law. This part of the law upset many senders and marketers. I’m sure many are relieved at this delay in enforcement.
 
This delay has no effect on the other major CASL provision with a July 1, 2017 deadline.
On July 1 a 3 year waiver on implied consent collected prior to CASL will end. What does that mean? Implied consent is just what it sounds like. Under certain conditions, senders can assume they have legal consent to mail the recipient. These conditions are spelled out in Section 10(9) of the law. Implied consent expires after 2 years. However, companies were granted a 3 year waiver on this provision for email addresses collected prior to July 1, 2014.
The waiver allowed senders to continue mailing addresses with implied consent even after the 2 year expiration.  This was to allow companies time to convert implied consent into express consent as to not lose recipients. There are about 3 weeks left for senders to get explicit permission to continue mailing addresses collected prior to July 1, 2014.
Additionally, as of July 1, 2017 CASL requires a parliamentary committee to review the law and its operation over the last 3 years.

Many senders are thrilled with the indefinite suspension of the PRA. It was, I think, one of the parts of the law that worried people the most. Allowing any citizen to sue someone who sent them mail they thought violated CASL? That concept struck fear into the hearts of many a legitimate marketer. I was never quite so sure it was going to be as bad as some thought.
A few years ago I had the opportunity to sit in a conference session with an individual from the Canadian government. They explained that there were significant barriers to individuals suing senders. Plaintiffs must file in provincial courts, not local ones. Second, defendants couldn’t be under investigation by the CRTC and a PRA at the same time. The presenter implied that CRTC had priority over any joint defendant. Finally, the plaintiff must prove actual damages. This is difficult for defendants that use a freemail provider like Gmail. There aren’t really damages in that case.
The overall gist of the session was that PRA in Canada was not that simple. Individuals wanting to sue had some bigger hoops to jump through than just filing something in small claims court. Nevertheless, I’m sure that many senders are relieved to hear the PRA is indefinitely suspended.

Related Posts

What do you think about these hot button issues?

bullhornIt’s been one of those weeks where blogging is a challenge. Not because I don’t have much to say, but because I don’t have much constructive to say. Rants can be entertaining, even to write. But they’re not very helpful in terms of what do we need to change and how do we move forward.
A few different things I read or saw brought out the rants this week. Some of these are issues I don’t have answers to, and some of them are issues where I just disagree with folks, but have nothing more useful to say than, “You’re wrong.” I don’t even always have an answer to why they’re wrong, they’re just wrong.
I thought today I’d bring up the issues that made me so ranty and list the two different points of views about them and see what readers think about them. (Those of you who follow me on Facebook probably know which ones my positions are, but I’m going to try and be neutral about my specific positions.)

Read More

The 10 worst …

Spamhaus gave a bunch of us a preview of their new “Top 10 worst” (or should that be bottom 10?) lists at M3AAWG. These lists have now been released to the public.
sh_logo1
The categories they’re measuring are:

Read More

CASL botnet take down

biohazardmailThe CRTC served its first ever warrant as part of an international botnet takedown. The warrant was to take down a C&C (command and control) server for Win32/Dorkbot. International efforts to take down C&C servers take a lot of effort and work and coordination. I’ve only ever heard stories from folks involved but the scale and work that goes into these take downs is amazing.
Bots are still a problem. Even if we manage to block 99% of the botnet mail out there people are still getting infected. Those infections spread and many of the newer bots steal passwords, banking credentials and other confidential information.
This kind of crime is hard to stop, though, because the internet makes it so easy to live in one country, have a business in a third, have a shell corp in a fourth, and have victims in none of those places. Law enforcement across the globe has had to work together and develop new protocols and new processes to make these kinds of takedowns work.
 

Read More