Serving Canada's Legal Community Since 1983  
RSS Feed RSS Feed
This Week's Issue:

Want to learn more about this week's issue?

Legal Update Services

Click on the links above to view recent decisions from the Supreme Court of Canada and summaries for noteworthy cases from across the country.

Private right of action a duplication

CASL’s dual track prohibition means public regulatory enforcement will most likely intervene
By David Young
March 10 2017 issue


Click here to see full sized version.

Please contact us at
Please include your name, your law firm or company name and address.

The private right of action under CASL (Canada’s Anti-Spam Law) comes into force on July 1, 2017. It is a right for private parties to obtain what are characterized as statutory damages for breach of CASL’s anti-spam and computer download prohibitions, as well as the e-mail harvesting/computer hacking provisions under the Personal Information Protection and Electronics Documents Act (PIPEDA) and the prohibitions against false or misleading e-mails under the Competition Act.

While the ostensible purpose of the private right of action is to provide a user-friendly monetary remedy for people impacted by prohibited practices, in reality it will only be well-resourced parties who will be able to initiate a claim.

Furthermore, cost-benefit considerations suggest that only class action claims are likely to be made. However, the factors required to be taken into account — focused on compliance — suggest that any global monetary award in a class action must be determined on the same basis as if the matter were subject of regulatory enforcement. To date, we have seen that those factors point to penalties that, while they are not insignificant, do not approach the potential amounts provided for under the private right of action, at least with respect to prohibited e-mails under the commercial electronic messaging (CEM) rules.

Clearly, there could be significant monetary awards in cases of highly egregious matters involving large-scope incidents. However in such circumstances it is more likely that, in light of the statute’s “dual track” prohibition, public regulatory enforcement will intervene with the result that no private right of action application can be entertained.

The analysis suggests that the private right of action should be seen as a proxy for regulatory enforcement and not as a practicable means for affected people to claim compensation: the private right of action is primarily a penal provision, not a private party compensation remedy. Characterized in this way, it is duplicative of existing regulatory remedies. The private right of action is a distraction from the proper compliance objectives of CASL, particularly in light of the anxiety it is causing within both the business and the non-profit sectors. If its role is merely a proxy for regulatory enforcement, the question should be asked whether it is needed, or appropriate.

There is concern about the litigation risks posed by the private right of action. The potential remedies are significant — in addition to actual losses or expenses, complainants may recover, without any proof of loss, monetary amounts of $200 for each contravention of the anti-spam rules (example, each non-compliant e-mail) or each misleading e-mail, up to $1 million for each day that the contravention occurs or continues and similar maximum amounts for computer hacking or e-mail address harvesting.

These monetary payment provisions have been characterized as “statutory damages,” a legislative tool designed to assist plaintiffs recover losses that otherwise might be difficult to establish. However one may ask whether this is the true objective of the private right of action since complete protection from an order is provided if the matter is pursued under a regulatory track. Furthermore a court, in hearing any application, must consider factors similar to those under the regulatory tracks for CASL and the Competition Act.

Protection against liability under the private right of action is afforded to a person who has contravened CASL’s CEM or computer download rules if prior to an application being heard they have entered into an undertaking to comply with CASL or have been served with a notice of violation. While similar protection is not afforded for claims of address harvesting, computer hacking or misleading e-mails, the same result could be obtained since the court is required to take into account the compliance purpose of any order.

It may be surmised that a party, faced with a class action claim for potentially millions of dollars, would seek (such as through voluntary disclosure) a resolution of the issue with the CRTC. The recent CRTC decision in the Blackstone Learning Corp. case — in which the CRTC (meaning the commission, not its enforcement staff) reduced the amount sought under a notice of violation from $640,000 to $50,000 — is instructive. In that case, the CRTC referred to the factors that CASL requires be considered, including in particular the legislative purpose of encouraging compliance and the offending party’s ability to pay.

The protective rule is one aspect indicative of the private right of action being a proxy for regulatory enforcement. The factors that a court is required to consider when making any order also support this characterization. These factors suggest that an award must be consistent with any monetary penalty that would be imposed under the applicable regulatory rules. The most significant of these factors is the purpose of encouraging compliance. The stipulated factors are almost identical to the factors required to be taken into account in respect of administrative fines for violations under sections 6 to 9 of CASL (the anti-spam and computer download rules) and are consistent with considerations to be taken into account by the Competition Tribunal when imposing administrative penalties in respect of false or misleading e-mails.

In sum, understanding how the private right of action rules will work suggests that the provision is essentially penal in nature, governed by the same criteria as the administrative penalty provisions of CASL and the Competition Act, and that monetary awards, even in class actions, may be limited in scope. Seen in this context, the legislation arguably is duplicative of existing enforcement tools and does not further CASL’s compliance objectives.

David Young is principal at David Young Law, a privacy and regulatory counsel practice in Toronto.

Click here to see this article in our digital edition (available to subscribers).