Categories
CASL Consent Law Marketing & Communications Privacy

CASL at 10: Case File Anthology, 2015-2016

This is part five of a multi-part series reviewing Canada’s Anti-Spam Legislation in practice since its introduction in 2014 and the beginnings of enforcement in 2015. Crosslinks will be added as new parts go up.

Part 1: Terminology

Part 2: Parameters

Part 3: Big Numbers

Part 4: Case File – Compu-Finder

Part 5: Case File Anthology, 2015-2016

Part 6: Case File – Blackstone Education

Part 7: Case File Anthology, 2017-2018

Part 8: Case File – Brian Conley/nCrowd

Part 9: Case File Anthology, 2019-2022

Part 10: NOV – Sam Medouini

Part 11: Wrap-Up

Core resources:

The Act

Enforcement Actions Table (CASL selected)

Following the Compu-Finder penalty levied in early 2015 (to be walked back in 2017), CASL goes on a tear, dropping AMPs left and right. 7 out of the 15 total AMPs issued under CASL come from these two years.

We’re going to set aside one of them as particularly relevant to my interests (education space), and zip through some of the others:

March 25, 2015:

$48,000 AMP levied against “Plentyoffish Media”, a dating site. I’m not sure why people would want to date folks who are plenty offish, but there y’go. There was no question about consent here — CEMs were only sent to registered subscribers — but with no evident, or a non-functional, unsubscribe mechanism. This, along with a compliance program, seems to have passed without any re-evaluation or follow-up.

Issued penalty: $48,000

Final penalty: $48,000

Total issued AMPs: $1,148,000

Total imposed AMPs/monetary penalties: $248,000

Differential: $900,000

June 29, 2015:

$150,000 AMP levied against Porter Airlines, a small carrier. CEMs were sent to people without Porter being able to furnish any proof of consent. Some messages were sent without contact information, and others without “clear and prominent” unsubscribe information. Again, this plus a compliance program seems to have landed with no further appeals or follow-up.

Issued penalty: $150,000

Final penalty: $150,000

Total issued AMPs: $1,298,000

Total imposed AMPs/monetary penalties: $598,000

Differential: $900,000

November 20, 2015:

$200,000 monetary compensation paid by Rogers Media, a telecommunications giant. There were flawed unsubscribe mechanisms in emails they were sending, some unsubscribe requests were not acted upon within 10 days, others did not have an unsubscribe address that was valid for a minimum of 60 days after the message was sent. This, with a compliance program, landed without appeals or follow-up. The financial penalty is framed as “monetary compensation” rather than an “administrative monetary penalty,” with no further explanation.

Issued penalty: $200,000

Final penalty: $200,000

Total issued AMPs: $1,498,000

Total imposed AMPs/monetary penalties: $798,000

Differential: $900,000

September 1, 2016:

$60,000 monetary compensation paid by Kellogg Canada Inc., a food company. It, or authorized third parties, sent email without consent. This, with a compliance program, landed without appeals or follow-up. The financial penalty is framed as “monetary compensation” rather than an “administrative monetary penalty,” with no further explanation.

Issued penalty: $60,000

Final penalty: $60,000

Total issued AMPs: $1,552,000

Total imposed AMPs/monetary penalties: $858,000

Differential: $900,000

October 10, 2016:

$50,000 AMP levied against Blackstone Learning, a seminars/training company.

We’re going to unpack this more in the next post, as I’m very interested in education-space developments here, but in a nutshell, lots of email without proof of consent. The notice of violation (which was issued on January 30, 2015, but doesn’t seem to be available online) sent to Blackstone set out an AMP of $640,000, but the decision lowered it to $50,000.

Issued penalty: $640,000

Final penalty: $50,000

Total issued AMPs: $2,192,000

Total imposed AMPs/monetary penalties: $908,000

Differential: $1,284,000

December 14, 2016:

$100,000 AMP issued against Brian Conley of Couch Commerce/nCrowd, an online deals website. We’ll discuss this in detail when we get to 2019 and the final CRTC decision. Note that the link above goes to the final 2019 decision — Enforcement action 9090-2015-00414 (the 2016 notice) isn’t available, and the CRTC’s table of decisions links to the 2019 CRTC decision rather than the enforcement action.

The timing here is important, for reasons we’ll get into in our 2017-18 anthology including Conley’s case.

We’ll be back to look more in depth at Blackstone, and then get back to reviewing other CASL decisions.

Categories
CASL Consent Law Marketing & Communications PIPEDA Privacy

CASL at 10: Case File – Compu-Finder

This is part four of a multi-part series reviewing Canada’s Anti-Spam Legislation in practice since its introduction in 2014 and the beginnings of enforcement in 2015. Crosslinks will be added as new parts go up.

Part 1: Terminology

Part 2: Parameters

Part 3: Big Numbers

Part 4: Case File – Compu-Finder

Part 5: Case File Anthology, 2015-2016

Part 6: Case File – Blackstone Education

Part 7: Case File Anthology, 2017-2018

Part 8: Case File – Brian Conley/nCrowd

Part 9: Case File Anthology, 2019-2022

Part 10: NOV – Sam Medouini

Part 11: Wrap-Up

Core resources:

The Act

Enforcement Actions Table (CASL selected)

As we get into cases resulting in AMPs,1Administrative Monetary Penalties – check the terminology post for more acronyms! if there’s a theme here, I think it will be in establishing a prism of views on CASL: its effectiveness as a practical deterrent, its effectiveness as an educational tool, and how the marketing of CASL reflects the government’s (and our) view on the value of spam control vs. the panoply of other issues facing society today.

As somebody in marketing at the time, it’s hard to underestimate how vaguely scary CASL was for people who relied on email for marketing. The day CASL came into force as also _my_ first day on the job in higher ed marketing, having transitioned from almost a decade in for-profit marketing work, mainly in the pharma / CPG / health product sectors.

So I was cutting my teeth in higher education, a sector with a heavy reliance on email marketing, while CASL took shape. My higher ed marketing career has evolved concurrent with CASL, and it’s interesting to look at how my own views on it have evolved.

The following captures the anxiety and situation well just before the law came into force:

“When CASL comes into force on July 1, 2014, it will be one of the most demanding laws in the world dealing with CEMs. The requirements that recipients specifically opt-in to receiving CEMs and CASL’s classification of electronic requests for express consent CEMs themselves, combined with the potentially enormous financial penalties for breaching the legislation make CASL particularly daunting for businesses sending messages to or from Canada.

It is impossible to know at this point how strictly CASL will be enforced, and the severity of fines that will be issued for infractions.”2Jennifer Birrell, Emond Harnden LLP, Legislation to be Aware of: PIPEDA, Anti-Spam, Non-Discrimination, Harassment, Accessibility for Ontarians. https://www.canlii.org/en/commentary/doc/2014CanLIIDocs33375

Moving from that quote alone, we have a few areas for follow-up:

  • how closely is the requirement that recipients specifically opt into CEMs followed?
  • what are the financial penalties that have been levied, and have they been followed through on?
  • has the legislation worked, in the raw sense of whether or not spam is in fact being curbed?

The latter question is at least answerable through statistics — see this earlier post.

The straightforward answer to “Did CASL work?” depends on how you define its goal. We can start with the stated purpose from the Act itself:

Purpose

Purpose of Act

3 The purpose of this Act is to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means to carry out commercial activities, because that conduct

(a) impairs the availability, reliability, efficiency and optimal use of electronic means to carry out commercial activities;

(b) imposes additional costs on businesses and consumers;

(c) compromises privacy and the security of confidential information; and

(d) undermines the confidence of Canadians in the use of electronic means of communication to carry out their commercial activities in Canada and abroad.3An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23), section 3

“CASL hasn’t stamped out spam, and complaint rates remain relatively consistent, so it is not successful” is a defensible position, but per the Act itself, it is achieving its purpose as stated: to regulate commercial conduct and discourage communications that do a number of things that amount to what we think of as spam.

And even from the jump, reaction to the Act was mixed at best.

It’s also worth noting that the organization that enforces the law is also the one that gathers the complaints.

Which makes sense: the police get calls about people breaking the law, and enforce the law. The fire department gets the calls about fires and then puts out the fires. There’s no disconnect in the process, but it does leave a certain amount of latitude in terms of letting one body both define the problem and attempt to resolve it.

As mentioned in the statistical breakdown, the ratio of complaints to actions — be it requests for information, warnings, or eventually compliance actions — is immense. And the number of actual decisions is small, and the number of AMP penalties even smaller.

Small enough that one person can look at each of them in turn. We’ll start with one that got national headlines at the time: back in 2015, a $1.1 million AMP levied against Compu-Finder.4It’s spelled “Compu.Finder” in the header of the CASL decision, “CompuFinder” in the body of that decision, and “Compu-Finder” in the PIPEDA investigation referenced below – for the sake of consistency, we’ll be using “Compu-Finder”, which is how the company referred to itself in its promotional materials throughout.

Here’s the 2015 decision.

This drew national headlines as a definitive warning shot to violators of the new law.

What happened?

In a nutshell: Compu-Finder sent out a lot of unsolicited email without an adequate unsubscribe mechanism, which is pretty blatantly in violation of the law (and also — for anyone in marketing – not smart. Seth Godin wrote Permission Marketing in 1999, for Pete’s sake… this, even absent legislation, violated a lot of common sense and best practices).

The Notice of Violation is so brief that I can fit it all right here, in an accordion (fold out to view):

2015 AMP for Compu-Finder

Ottawa, 5 March 2015
File Nos.: 9094-2014-00302-001

To: 3510395 Canada Inc. (dba Compu.Finder)

Name: Ms. Sylvie Pagé, President

Address:
707, chemin du Village, suite 202
Morin Heights, QC, J0R 1H0

Issue Date of Notice: 5 March 2015

Penalty: $1,100,000

Pursuant to section 22 of the Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23 (the Act), the undersigned has issued this notice of violation finding 3510395 Canada Inc. to have committed the following violations contrary to Paragraphs 6(1)(a) and the Act:

Between 2 July 2014 and 16 September 2014, inclusively, 3510395 Canada Inc. sent or caused or permitted to be sent, to electronic addresses, commercial electronic messages, in three (3) patterns, without having the consent of the persons to whom the messages were sent, resulting in three (3) violations of section 6(1)(a) of the Act.

Between 2 July 2014 and 16 September 2014, inclusively, 3510395 Canada Inc. sent or caused or permitted to be sent, to electronic addresses, commercial electronic messages, containing an unsubscribe mechanism that did not function properly, resulting in one (1) violation of paragraph 6(2)(c) of the Act. Contrary to paragraph 6(1)(b) of the Act, 3510395 Canada Inc. did not ensure that the unsubscribe mechanism was valid for a minimum of 60 days after the message was sent, in accordance with subsections 11(1)(b) and 11(2) of the Act and as required by paragraph 6(2)(c) of the Act, or 3510395 Canada Inc. did not give effect to an indication sent in accordance with subsection 11(1) without delay, and in any event no later than 10 business days after the indication was sent, without any further action being required on the part of the person who so indicated, as required by subsection 11(3) of the Act.

Pursuant to section 20 of the Act, the undersigned has determined that the total administrative monetary penalty for the violations identified above is $1,100,000.

The penalty of $1,100,000 must be paid by 3510395 Canada Inc. to “The Receiver General for Canada” in accordance with subsection 28(3) of the Act.

Manon Bombardier
Chief Compliance and Enforcement Officer

The widely reported decision was a wake-up call for marketers from coast to coast in Canada. Over a million dollars? For 3 email campaigns? In a miasma of still not being entirely rock solid on how the law worked, and how aggressively it would be enforced, especially in the soft areas around what constituted a “business relationship,” it was pretty scary stuff. 

Other investigations and a walking-back of the $1.1M

In 2016, the Office of the Privacy Commissioner of Canada carried out its own investigation, using submissions and reports from the CRTC/CASL: PIPEDA Report of Findings #2016-003: Investigation into the personal information handling practices of “Compu-Finder” (3510395 Canada Inc.) – Office of the Privacy Commissioner of Canada  It was clear that the PIPEDA investigation is distinct from CASL [114].

Some interesting nuances in that investigation:

  1. While addresses were harvested before the Act introduced provisions regarding address harvesting on July 1, 2014, use of some of those addresses still constituted a violation of the Act [16].
  2. The volume of complaints to the SRC was 1,015 over a nine-months-plus-a-bit period. That’s over 100 complaints a month, which is a lot of complaints. Reading between the lines – if people were submitting that many complaints to a government body, surely Compu-Finder must have been getting a ton, enough that I’d hazard they were being deliberately obtuse about it. Again – permission marketing wasn’t a new concept, even in 2014. [27]
  3. Ultimately, 317 emails were at issue; ultimately this averages out to about 100 emails per “pattern” of email. Only 87 violated the unsubscribe requirement. [31]
  4. The emails came from a revolving door of domain names, including “coursacf”, “acfmanagement”, formationacf”, “objectifscommerciaux”, “gestionnaireschan, “laformationsenligne” and “moncourtravailz” – “to name a few,” as stated in the investigation. They were also sent / signed by generic names such as “Team Leader,” “Director General,” etc. [29,30]

…honestly, the investigation is worth reading. It feels like Compu-Finder missed a trick in not opening a highly profitable red flag factory.

Lack of meaningful consent, ambiguous phone scripts to cold-call companies and extract names and email addresses, reliance on implied consent (PIPEDA 4.3.6; PIPEDA 40.1) but disregarding express prohibitions against solicitation in public email directories… if I were to write a Goofus and Gallant children’s book on e-mail marketing in Canada, the Goofus pages are fully filled in.

Ultimately, Compu-Finder agrees to implement the OPC’s mandated changes “without prejudice and without admission.” [156]. The OPC determines that the issues are either well-founded and resolved, or well-founded and conditionally resolved, noting that the Office has a “continuing interest” in making sure Compu-Finder is compliant. [160, 161]

Then, in 2017, the CRTC walked back on the $1.1 million, dropping it to $200,000.

Which is still more money than most organizations would care to spend on a fine for spam, but a pretty huge leap back from the national-headline-grabbing over-a-million amount. Why? The reasoning extends across [87] through [124] of the decision, culminating in

[125] The Commission finds, on a balance of probabilities, that Compu-Finder committed the four violations set out in the notice of violation, and imposes a total penalty of $200,000 on the company.

So why was there apparently a $900,000 error in the first decision? This may seem cynical, but as somebody who works in marketing, the one line that that review that leaps out as pretty close to an admission that they did it for the shock and awe is here:

[92] The investigation report stated that the purpose of the penalty, being the promotion of compliance with the Act, was achieved through general deterrence created by the AMP, and that the proposed penalty was not disproportionate to the violations. (emphasis added)

The decision, in [87-124], covers ground including the offense, Compu-Finder’s ability to pay, whether or not the size of the penalty triggers a s11 Charter violation (more on constitutional challenges later), and proportionality.

It is what it is; but one might expect that the CRTC would have worked through all of this before issuing the AMP in the first place, unless the object was to terrify as opposed to impose a fee that sticks.

In a 2020 decision — and let’s remember that this all started back in November of 2014 — 3510395 Canada Inc. v. Canada (Attorney General), 2020 FCA 103 (CanLII), [2021] 1 FCR 615 saw the FCA roundly deny Compu-Finder’s appeal, in a decision that covered a substantial amount of ground.

I’m going to refer heavily here to a summary by Ryan J. Black, Becky Rock, Tyson Gratton & Meghan Bellstedt, then of DLA Piper (Canada) LLP, available on CanLii, and worth reading on its own. The FCA decision:

  • established that CASL is constitutionally valid federally (among other things this prevents “legislation shopping” among provinces for the one with the least stringent anti-spam legislation)
  • doesn’t violate Sections 7, 8 or 11 of the charter (the first because there’s no unreasonable seizure in a CASL request, the latter two because there’s no criminal charges or penal consequences)
  • justifiably violates S1 of the Charter, Freedom of Expression — of note, see Para 194 of the FCA decision and its statement that “commercial expression is not as jealously guarded as some other forms of expression”.

Compu-Finder then sought leave to bring this to the Supreme Court, and was rebuffed in March of 2021, six and a half years after the initial ruling.

We won’t be covering further decisions in this much detail, but out of the gate Compu-Finder establishes a few modes of action that are worth tracking:

  • Big-money AMPs that are later reduced
  • CASL decisions that get walked back by the CRTC later on
  • Targeting offenders that operate mainly in the private sector, and mainly in tech

On that first bullet, here’s the beginning of a running tally:

Issued penalty: $1,100,000

Final penalty: $200,000

Differential: $900,000

Let’s dive into a few more of these, and see where and when that pattern holds, and how those numbers differ over time.

Incidentally – Compu-Finder seems to have fallen on hard times since the Supreme Court’s rebuffing. At the time of writing, of the URLs identified in the PIPEDA investigation in 2016 as being the principal URLs for Compu-Finder have all fallen on hard times:

  • compufc.com – 404 error
  • acfmanagement.com – returns a blank page; View Page Source shows only a notification to enable JavaScript but not indication of what the content would be
  • prosperer.ca – clearly abandoned; there is content on the page but the CSS is broken and the page is unreadable
  • academiedegestion.com – redirects to an alphabet soup URL that requires you to allow notifications to view it – no thank you.
  • 1
    Administrative Monetary Penalties – check the terminology post for more acronyms!
  • 2
    Jennifer Birrell, Emond Harnden LLP, Legislation to be Aware of: PIPEDA, Anti-Spam, Non-Discrimination, Harassment, Accessibility for Ontarians. https://www.canlii.org/en/commentary/doc/2014CanLIIDocs33375
  • 3
    An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23), section 3
  • 4
    It’s spelled “Compu.Finder” in the header of the CASL decision, “CompuFinder” in the body of that decision, and “Compu-Finder” in the PIPEDA investigation referenced below – for the sake of consistency, we’ll be using “Compu-Finder”, which is how the company referred to itself in its promotional materials throughout.
Categories
Copyright Law Nerd

AI, the Mouse, and the Mask*

Another U.S. decision that AI-generated art cannot be copyrighted — while acknowledging that there will be “challenging questions about how much human input is necessary to qualify the user of an AI system as an ‘author’ of a generated work, the scope of the protection obtained over the resultant image, how to assess the originality of AI-generated works where the systems may have been trained on unknown pre-existing works, how copyright might best be used to incentivize creative works involving AI, and more.”

Where this is going to get really interesting, I think, is when somebody uses AI to produce something with a striking resemblance to a certain M. Mouse, or D. Vader.

AI generated image of a cartoon mouse with black ears and a white face, smiling, with exaggerated features.
A one-off ask in DALL-E with the prompt “cartoon mouse with black ears and a white face, smiling, with exaggerated features.”
AI generated image of "menacing figure with a cybernetic black mask, cape, respirator and holding a glowing laser sword"
A one-off ask in DALL-E with the prompt “menacing figure with a cybernetic black mask, cape, respirator and holding a glowing laser sword.”

See above for two 30-second not-even-trying prompts that are arguably completely innocent, but get within striking distance of the Disney Zone.

Secondary infringement — when you “should” know that you’re infringing, even if the resemblance is innocent or coincidental — is going to be come much more pivotal.

But even secondary infringement in the Copyright Act presumes an author:

  • Secondary infringement(2) It is an infringement of copyright for any person to
    • (a) sell or rent out,(b) distribute to such an extent as to affect prejudicially the owner of the copyright,(c) by way of trade distribute, expose or offer for sale or rental, or exhibit in public,(d) possess for the purpose of doing anything referred to in paragraphs (a) to (c), or(e) import into Canada for the purpose of doing anything referred to in paragraphs (a) to (c),
    a copy of a work, sound recording or fixation of a performer’s performance or of a communication signal that the person knows or should have known infringes copyright or would infringe copyright if it had been made in Canada by the person who made it.
Copyright Act, III 27(1) – emphasis mine

And/or prompts are going to become pivotal to prove primary infringement.

If AI can’t be an “author” and can still produce works that strongly resemble copyrighted work, I wonder if Compo Co. Ltd. v. Blue Crest Music et al. is going to become much more of a juggernaut in copyright law in Canada — precedence that producing something that violates copyright is itself copyright violation, even if you’re not the producer of the violating work. Even in Compo, the issue resided in the fact that the provider of the work, Canusa, _had_ violated copyright — which isn’t the case with AI.

It’s going to be an interesting decade for IP law…

*yes, of course it’s a reference. And yes, I know it’s not a Darth Vader mask. RIP Doom!

Categories
CASL Consent Law Marketing & Communications Privacy

CASL at 10 – Big Numbers

This is part three of a multi-part series reviewing Canada’s Anti-Spam Legislation in practice since its introduction in 2014 and the beginnings of enforcement in 2015. Crosslinks will be added as new parts go up.

Part 1: Terminology

Part 2: Parameters

Part 3: Big Numbers

Part 4: Case File – Compu-Finder

Part 5: Case File Anthology, 2015-2016

Part 6: Case File – Blackstone Education

Part 7: Case File Anthology, 2017-2018

Part 8: Case File – Brian Conley/nCrowd

Part 9: Case File Anthology, 2019-2022

Part 10: NOV – Sam Medouini

Part 11: Wrap-Up

Core resources:

The Act

Enforcement Actions Table (CASL selected)

With the 10th year anniversary of Canada’s Anti-Spam Legislation coming up in a few months, it’s beneficial to run through the data they provide (starting in 2018).

My interests here are chiefly:

  • establishing whether or not the overall rate of spam is going down
  • gaining some understanding of the likelihood of a significant action being imposed on an organization

On the first, CASL itself reports on the number of complaints it receives over time. I’ve aggregated these from their reports, such as the Sept. 2022 – March 2023 report presented here.

Based on complaints to regulators, is spam diminishing over time?

The number of complaints about unsolicited CEMs over time wobbles, but stays within a rough 140,000-170,000 range, trending up steadily since COVID.

A chart showing complaints to the CASL regulators over time. It wavers up and down, but on the whole stays within a range of 140,000 to 170,000.
Complaints over time: note that the baseline is set at 100,000.

On its face, then, the presence of the legislation isn’t slowing the rate of complaints about unsolicited messages.

Careful phrasing, there: I don’t want to say that the legislation is not having an effect on spam. All we’re seeing here is that complaints about spam are staying high and gently rising over time following a 2020 dip (COVID?) This could feel like it means “spam is not going down,” but there are counter-arguments to that – it may not be that spam is not decreasing, per se, but that growing awareness of CASL means that reporting rates are going up: people can recognize spam more readily, and know it is easy to report.

Even if you take the complaint number as representing spam volume overall, there are (at least) two arguments one could make that CASL is effective:

  • Spam would be growing unchecked were it not for CASL, and relatively flat numbers are a proof of its success.1Why do police budgets keep going up while crime rates fall? Because enough politicians believe that if we don’t keep buying military hardware for the police, crime will suddenly rise. I’m not a subscriber to this line of thought, and think declines in crime are more provably attributable to things the police have very little to do with — education, social services, access to mental health supports and healthcare — but this line of thought exists, and there’s no reason it shouldn’t apply to CASL as it applies to street crime.
  • Complaints aren’t really the right tool to measure its effectiveness: the legislation isn’t really about stopping commercial electronic messages (CEMs) entirely, but consumer and marketer education.

The best test would be to compare complaint rates with those from a country that has no CASL-type legislation or enforcement. Unfortunately, CASL is the reporting structure as well as the enforcement unit — if there are countries that track spam complaints but don’t have any mechanisms for controlling spam, please let me know.

What about the other easily measured numbers: notices to produce, and preservation demands – both easily interpreted as preludes to enforcement?

The graphs are a bit more jagged, due to the smaller overall numbers, and reflect a “ramping up” of CASL following its introduction – the complaints came hard and fast initially, but it clearly took some time to respond to them and begin issuing notices:

Graph showing notices to produce from CASL legislators. Quick clumb from 2018 to 2020, then varying from about 250 to about 125.
CASL – Notices to Produce, April 2018-March 2023.
Preservation demands from CASL. Numbers fluctuate from 0 to 21.
CASL – Preservation Demands, April 2018 – March 2023
Warning letters issued by CASL: one spike in March 2019, otherwise consistently between zero and 10
CASL – Warning Letters, April 2018 – March 2023

It feels like it took the CRTC a couple of years to hit its stride with Notices to Produce and Preservation Demands,2please see the Terminology blog post for descriptions of these! with complaints flowing in out of the gate and some ramping up of the tools and processes for investigation, with a fairly steady state since 2020 in terms of notices to produce and preservation demands. Until our most recent periods, anyway. I thought I’d identified a wave – notices to produce in one six-month span create higher preservation demands in the next – but the above shows that’s wrong.

Warning letters are very different – a (relatively) large burst in 2019, and then not much at all. I would have expected a consistency here, and can only speculate that the Commission has at some point decided that NoPs and preservation demands are more effective.

The complaints chart looks very smooth compared to the notices/preservation/warning charts because the scale of the numbers is different. Taking a reasonably high period for notices and demands (April-September 2020), here’s how they compare:

ComplaintsNotices to ProducePreservation Demands
14094525717

That is a whopping ratio: almost 550 complaints per notice to produce.

About 8300 complaints per preservation demand.

And if you dig into the actual actions beyond the “warning shots” of notices to produce, preservation demands and warning letters, the number gets very small indeed. From April 2018 to present, the ratios are:

1,529,257 complaints total 3This project overall might be read as critical of CASL, and I just want to be clear that processing 1.5 million complaints is nothing short of heroic. We’ll be getting to conclusions eventually, but please remember this number — I don’t know how many people are staffing the CASL project, but 1.5 million complaints in five years is an incredible amount of work to manage.

18,785 complaints per warning letter

21,240 complaints per preservation demand

1007 complaints per notice to produce4We have to be clear that this is not a magic number; when we get into looking at specific cases, sometimes a very low number of complaints ultimately result in a notice, preservation demand, or AMP. Saying “if less than a thousand people complain, nothing will happen” shouldn’t be the takeaway here!

There have been 16 undertakings and/or decisions with financial penalties issued since 2014. Nine happened prior to 2018, when complaint numbers started being made publicly available, so if we measure from when these stats were published, we arrive at 1,529,257 total complaints resulting in seven announced penalties – many of those later being reduced or ultimately not imposed (stay tuned for closer looks at the decisions and – more importantly – the follow-throughs).

That math breaks down to over 218,000 complaints per announced penalty.

That feels like a lot of complaints ultimately leading to a penalty (or in some cases, no penalty after all).

A summary in convenient graphic form, with tasteful gradient background:

Graph re-presenting the above information in a single graphic.

Arguably, warning letters and notices to produce are the deterrent, and the issue rate of warning letters / NOPs is chilling violators, and focusing solely on AMPs is a bit too narrow – but CASL likes to broadcast the dollar values of penalties levied on every report, so I think it’s fair enough to zero in on those as the key factor.

Next post, we’ll start to look at the actual decisions – those seven penalties – and poke at their stories a bit. It’s interesting stuff, I promise.

  • 1
    Why do police budgets keep going up while crime rates fall? Because enough politicians believe that if we don’t keep buying military hardware for the police, crime will suddenly rise. I’m not a subscriber to this line of thought, and think declines in crime are more provably attributable to things the police have very little to do with — education, social services, access to mental health supports and healthcare — but this line of thought exists, and there’s no reason it shouldn’t apply to CASL as it applies to street crime.
  • 2
    please see the Terminology blog post for descriptions of these!
  • 3
    This project overall might be read as critical of CASL, and I just want to be clear that processing 1.5 million complaints is nothing short of heroic. We’ll be getting to conclusions eventually, but please remember this number — I don’t know how many people are staffing the CASL project, but 1.5 million complaints in five years is an incredible amount of work to manage.
  • 4
    We have to be clear that this is not a magic number; when we get into looking at specific cases, sometimes a very low number of complaints ultimately result in a notice, preservation demand, or AMP. Saying “if less than a thousand people complain, nothing will happen” shouldn’t be the takeaway here!