Today the Canadian Radio-television and Telecommunications Commission (CRTC) announced a new undertaking under Canada’s Anti-Spam Legislation (CASL) with Notesolution Inc. (operating as OneClass) that alleges multiple potential violations of the Act.
The undertaking reads that OneClass voluntarily entered the undertaking for the following alleged violations of paragraphs 6(1)(a), 8(1)(a), 10(1)(a), 10(3), 10(4), and 10(5)(a) of the Act as well as sections 4 and 5 of the Electronic Commerce Protection Regulations (CRTC) SOR/2012-36 (the Regulations (CRTC)). These alleged infractions took place between October 2016 and March 2020.
If you’re following along these are the noted sections:
- 6 (1)(a) – Sending mail with consent (implied or express)
- 8 (1)(a) – The installation of a computer program (in this case a browser plugin) with consent (express)
- 10 (1)(a) – Explains the express consent is clear and explains the purpose for which is being sought
- 10 (3) – Details that the operation of the program must be clearly disclosed to the end user
- 10 (4) – Clarifies that developer must clearly explain the function of the application and disclose any operations mentioned in section 10(5) and seek consent separately from the software licence Agreement.
- 10 (5)(a) – Expands on 10 (4) explaining that the disclosures required around setting reasonable expectations with the end user, and disclosing items like 10 (5)(a) – The collection of personal information from the computer system.
- SOR/2012-36 – Section 4 – Information to be included in a request for consent
- SOR/2012-36 – Section 5 – Specified Functions of a Computer Programs
The results of the undertaking between the CRTC show that OneClass has agreed to pay $100,000 in penalties, bring their software and marketing efforts into alignment with the Act and implement a compliance program that includes; building corporate compliance programs, staff training and incentive reviews, and building of auditing and reporting programs.
The CRTC’s CCEO had this to say:
“We appreciate that OneClass took corrective action once it became aware of our investigation. The company has voluntarily entered into an agreement and committed to comply with Canada’s Anti-Spam Legislation. All businesses must ensure their commercial activities do not jeopardize Canadians’ online security or disrupt their online activities as they participate in the digital economy. I’d like to thank the University of Toronto and the University of British Columbia for their assistance with this investigation.”– Steven Harroun, Chief Compliance and Enforcement Officer, CRTC
The CRTC has also updated their guidance for installing a computer program on their information pages, relating to CASL. You can find this new information at Canada’s Anti-Spam Legislation Requirements for Installing Computer Programs.