Anti-Spam Enforcement Action Continues Under CASL

During the Covid-19 pandemic scams have not stopped and appear, by many accounts, to be on the rise. As a result, the Canadian Radio-television and Telecommunications Commission (CRTC) has continued its enforcement action under Canada’s Anti-Spam Law[1] (CASL).

Most recently the CRTC conducted an investigation of Notesolution Inc. doing business as OneClass (OneClass). OneClass is an online educational platform for crowdsourced university course content. OneClass seeks to build a global interactive library for educational content across all levels of education.

The CTRC alleged that OneClass violated several provisions of CASL[2], namely violation of:

(a) the electronic communications prohibitions[3] in that between 31 October 2016 and 25 March 2020, OneClass sent commercial electronic messages without consent in order to promote its platform for university students to access student-created exam study guides, lecture notes and video tutorials, and

(b) the software prohibitions[4] in that between October and November 2016, OneClass installed a computer program (the “OneClass Easy Invite Chrome Extension”), in the course of a commercial activity, on the computer systems of the university students without the express consent of the students and without setting out the purpose for which consent was being sought.

The CRTC also alleged that OneClass should have been aware that the software would cause the computer system to operate in a manner contrary to the reasonable expectations of the owners or authorized users of those computer systems, namely by collecting personal information stored on the students’ computer systems, including username and password credentials.

OnePass responded to the allegations by cooperating with the CRTC and by entering into an undertaking. Under the terms of the undertaking OneClass commits to pay a penalty of $100,000 and commits to implement a CASL compliance program including:

(a) corporate compliance policies and procedures;

(b) training and education for employees of OneClass; and,

(c) monitoring, auditing and reporting mechanisms.

OneClass also agreed to monitor its policies to assess if any provisions may act to invent staff to violate CASL.

The enforcement action is notable as it is the first public enforcement of the “special functions” provisions in the CASL software prohibitions. Examples of the “special functions” are such things as “collecting personal information stored on the computer system”, or “interfering with the owner’s or an authorized user’s control of the computer system”.[5] These functions are things that would cause a computer to operate in a manner that is contrary to the reasonable expectations of the user.

CASL imposes enhanced express consent and notification requirements if software that carries out “special functions” is installed on the computer of another.

The effect of the undertaking completely resolves all issues between OneClass and the CRTC over these allegations. The undertaking is effective as of September 21, 2020.


[1] An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, C. 23.

[2] The CRTC alleged violations of Sections 6(1)(a), 8(1)(a), 10(1)(a), 10(3), 10(4), and 10(5)(a) of CASL as well as sections 4 and 5 of the Electronic Commerce Protection Regulations (CRTC) SOR/2012-36.

[3] Sections 6(1)(a) (sending messages without consent) and 10(1)(a) (requiring the consent to be clear and explain the purpose for which it was sought) of CASL.

[4] Sections 8(1)(a) (the installation of the browser plug-in software), 10(1)(a) (requiring the consent to be clear and explain the purpose for which it was sought), 10(3) (requiring disclosure of the purposes of the software), 10(4), (requiring explanation of the function of the software and seeking separate consent) and 10(5)(a) (the special function of the software by collecting personal information) of CASL

[5] See S. 10(5) CASL for the list of special functions.

Comments are closed.