The CRTC just released a bulletin that goes to surprising lengths to impose liability on third parties for CASL violations. Lengths that may not be supported by the legislation.
It basically tries to turn intermediaries into enforcers. An approach this aggressive is surprising in light of the INDU committee report on CASL released in December 2017 that concluded in part: “The Act and its regulations require clarifications to reduce the cost of compliance and better focus enforcement.”
The bulletin is Compliance and Enforcement Information Bulletin CRTC 2018-415 Guidelines on the Commission’s approach to section 9 of Canada’s anti-spam legislation (CASL)
Section 9 of CASL says “It is prohibited to aid, induce, procure or cause to be procured the doing of any act contrary to…” the anti-spam provisions. In other words, anyone who helps someone spam, is also guilty.
The bulletin states that intermediaries subject to this provision include: Advertising brokers, Electronic marketers, Software and application developers, Software and application distributors, Telecommunications and Internet service providers, and Payment processing system operators.
It states that these intermediaries can be liable even though they have no knowledge that a customer of theirs is violating CASL.
It then goes on to list some over the top things that intermediaries are expected to do to avoid liability, including getting incorporation documents, validating customer director identity, researching the reputation of customers, and reviewing customer services of potential customers for legal compliance.
It seems to be drafted from the lens of what an intermediary would have to do to catch a spammer, not what it is reasonable for an intermediary to do in real life.