Assessing ESP Liability Under The Canadian Spam Law

Much analysis and guidance has been written about the new requirements (and significant penalties) imposed on senders of unsolicited e-mail by the Canadian Anti-Spam Law set to go into effect in the fall. What seems less thoroughly addressed to my non-lawyerly eyes is what specific liability is created by violations of CASL upon the ESP used by their clients to transmit the infringing commercial electronic message (CEM).

I put the question to Neil Schwartzman, a long-time colleague and Executive Director of CAUCE North America, one of the very earliest anti-spam advocacy groups and the primary driver of CASL through its storied journey across the Canadian legislative landscape. Neil recently left ReturnPath to start, a firm offering expertise on CASL compliance. He and consulting legal counsel Shaun Brown of nNovation LLP respond:

The language in the law is very broad. The issue for ESPs is not vicarious liability – as [Andrew (that’s me)] points out, this concept attributes liability to corporations for actions conducted on their behalf.

Rather, the key language is found in section 6, which states that “It is prohibited to send or cause or permit to be sent [a CEM in violation of the law].” An ESP is potentially doing all three when it sends non-compliant mail on behalf of their client.

Section 9 also extends liability to anyone who “aids”, “procures” or “induces” anyone to violate the act.

Section 6 does not apply to a telecommunications service provider “merely because the service provider provides a telecommunications service”. This is intended to apply to ISPs. In some cases, an ESP might fall under this exemption, if they are merely providing the infrastructure necessary to send mail.

Thus, the extent to which an ESP is potentially liable would be determined on a case-by-case basis, and is a factor of the services that the ESP provides beyond merely offering infrastructure to send mail.

I’m employed by an ESP, so I can’t pretend to be a disinterested third party. I don’t take much comfort from Shaun’s assurance that an ESP’s liability is established on a case-by-case basis, particularly in the face of the very strong language he cites in pertinent part from Sections 6 & 9.

In the US, becoming a defendant is often loss enough, even when one prevails on the merits. The time and expense of defending a suit is often the more significant loss. In Canada, however, plaintiffs must post financial bond to cover defendants’ expenses if the suit fails.

As Neil points out (correctly, I think):

The point is, how to mitigate this liability, and there are several ways in which to do so – legal agreements with between the ESP & their clients, other good faith efforts like educating their clients, a complaint header deployment protocol, and a number of different things.

The only affirmative defense I find in the language of the law is “due diligence”; that is, the ESP (in this case) was making a reasonable effort to comply with the law at the time of the violation – so I think Neil’s advice makes good sense here.

I plan to work with Neil and his group (if my benevolent overlords are willing) on identifying and implementing the kinds of strategies he references. I’ll keep you posted.

One thought on “Assessing ESP Liability Under The Canadian Spam Law

  1. Reblogged this on The E-mail Skinny and commented:

    So, now that we know when CASL will become enforceable, the next question in the minds of companies who send bulk mail on behalf of other companies is, “What specific liability accrues to the ESP that is used to transmit an infringing message under CASL?” I explore some answers here – reblogged from March of 2010.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s