December 1 st 2020 Comments Off

Posted in:

Intellectual Property

Column

Anti-Spam Enforcement Action Continues Under CASL

by Martin Kratz

During the Covid-19 pandemic scams have not stopped and appear, by many accounts, to be on the rise. As a result, the Canadian Radio-television and Telecommunications Commission (CRTC) has continued its enforcement action under Canada’s Anti-Spam Law^[1] (CASL).

Most recently the CRTC conducted an investigation of Notesolution Inc. doing business as OneClass (OneClass). OneClass is an online educational platform for crowdsourced university course content. OneClass seeks to build a global interactive library for educational content across all levels of education.

The CTRC alleged that OneClass violated several provisions of CASL^[2], namely violation of:

(a) the electronic communications prohibitions^[3] in that between 31 October 2016 and 25 March 2020, OneClass sent commercial electronic messages without consent in order to promote its platform for university students to access student-created exam study guides, lecture notes and video tutorials, and

(b) the software prohibitions^[4] in that between October and November 2016, OneClass installed a computer program (the “OneClass Easy Invite Chrome Extension”), in the course of a commercial activity, on the computer systems of the university students without the express consent of the students and without setting out the purpose for which consent was being sought.

The CRTC also alleged that OneClass should have been aware that the software would cause the computer system to operate in a manner contrary to the reasonable expectations of the owners or authorized users of those computer systems, namely by collecting personal information stored on the students’ computer systems, including username and password credentials.

OnePass responded to the allegations by cooperating with the CRTC and by entering into an undertaking. Under the terms of the undertaking OneClass commits to pay a penalty of $100,000 and commits to implement a CASL compliance program including:

(a) corporate compliance policies and procedures;

(b) training and education for employees of OneClass; and,

OneClass also agreed to monitor its policies to assess if any provisions may act to invent staff to violate CASL.

The enforcement action is notable as it is the first public enforcement of the “special functions” provisions in the CASL software prohibitions. Examples of the “special functions” are such things as “collecting personal information stored on the computer system”, or “interfering with the owner’s or an authorized user’s control of the computer system”.^[5] These functions are things that would cause a computer to operate in a manner that is contrary to the reasonable expectations of the user.

CASL imposes enhanced express consent and notification requirements if software that carries out “special functions” is installed on the computer of another.

The effect of the undertaking completely resolves all issues between OneClass and the CRTC over these allegations. The undertaking is effective as of September 21, 2020.

_____________

^[1] An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, C. 23.

^[2] The CRTC alleged violations of Sections 6(1)(a), 8(1)(a), 10(1)(a), 10(3), 10(4), and 10(5)(a) of CASL as well as sections 4 and 5 of the Electronic Commerce Protection Regulations (CRTC) SOR/2012-36.

^[3] Sections 6(1)(a) (sending messages without consent) and 10(1)(a) (requiring the consent to be clear and explain the purpose for which it was sought) of CASL.

^[4] Sections 8(1)(a) (the installation of the browser plug-in software), 10(1)(a) (requiring the consent to be clear and explain the purpose for which it was sought), 10(3) (requiring disclosure of the purposes of the software), 10(4), (requiring explanation of the function of the software and seeking separate consent) and 10(5)(a) (the special function of the software by collecting personal information) of CASL

^[5] See S. 10(5) CASL for the list of special functions.

Comments are closed.

Most Recent Comments

Melanie Bueckert on Am I Just a Husky by Nature? Determining if You’re a Work-Based Person or Workaholic:

Thank you for this article, Melanie. Food for thought, for sure. I appreciated the acknowledgment in the CMHA article that… more »
John on The Inevitability of AI in Court: What Does It Mean for Self-Represented Litigants?:

(Part 2) Perplexity is catching up with Claude as an AI companion. The latest studies show AI’s primary use is… more »
Sam Laufer on Ontario Civil Rules Reform – the Good the Bad and the Ugly:

called in 75. Problems that I foresee: in fraud - misrepresentation and related type cases, good luck getting productions and… more »
John on The Inevitability of AI in Court: What Does It Mean for Self-Represented Litigants?:

AI became my digital buddy for a two-day family court trial. With only six weeks to prepare after a procedural… more »

+ -

Am I Just a Husky by Nature? Determining if You’re a Work-Based Person or Workaholic

In the Absence of Federal AI Laws, Privacy Regulators Lead the Way: Lessons From the Clearview Case

Letting Our Research Run With AI Content

Professional Identify Formation: What It Is and Why It Matters

Free AI Is All You Need to Supercharge Your Practice

Indigenous Cultural Competency for Tribunals – the Steps Ahead

Anti-Spam Enforcement Action Continues Under CASL