On April 23, 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) issued Compliance and Enforcement Decision 2019-111, imposing an administrative penalty of $100,000 on Brian Conley — the President and Chief Executive Officer of nCrowd — for infringing consent and unsubscribe requirements under Canada's Anti-Spam Legislation (CASL).
CASL
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit unsolicited or misleading commercial electronic messages (CEMs), the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud. For more background information on CASL, please see our earlier bulletin.
The nCrowd Decision
Following the acquisition of Couch Commerce’s assets, which included an email distribution list, nCrowd Inc., nCrowd Limited and nCrowd Commerce Inc. (nCrowd) sent 246 emails promoting products or services offered by various merchants through its platform to recipients located in Canada — up to four emails per day for some — over an eight-month period. nCrowd ceased its operations and dissolved in the months that followed. The CRTC hence pursued the president and CEO in order to encourage future compliance with CASL.
The CRTC investigation revealed that nCrowd and its CEO failed to demonstrate the steps they took, if any, to ensure they had obtained the express or implied consent of Canadian recipients to send promotional emails to the addresses included on its acquired list. The decision also highlights that nCrowd violated the unsubscribe requirements of CASL1.
Interestingly, the Commission notes in its decision that the list, which contained more than 1.5 million email addresses, included email addresses typically reserved for technical support and website management of major companies, making it likely that such addresses were made available online rather than voluntarily provided by individuals interested in Couch Commerce/nCrowd’s products and services.
The CRTC concluded that, in accordance with section 31 of CASL2, the CEO of nCrowd must be held personally responsible for the violations committed by the company since he had acquiesced to such violations (i.e., agreed to them “tacitly, silently, passively or without protest”). Given the key role the CEO played in the acquisition of Couch Commerce’s assets, the Commission makes it clear that he had to ensure personally that such verifications were made prior to launching the organization’s direct marketing campaigns. The fact that he had resigned from his position was considered irrelevant since the violations occurred while he was a CEO and had knowledge of same.
The CRTC fixed the amount of the penalty to $100,000, taking into account the seriousness of the violations and the fact that its CEO, whose personal net worth exceeded $1million, continued to be involved in nCrowd’s assets after its dissolution.
Key Takeaways for Corporate and Commercial Transactions
The nCrowd decision contains key learnings for organizations involved in the acquisition of intangible assets that include email distribution lists.
1. Consent due diligence
Organizations acquiring current or potential customers’ email addresses must conduct audits of such lists to ensure that the seller has obtained valid and accurate consent. Inclusion in such lists of generic email address that are typically used for technical support, website management, general information or other corporate functions should be treated as red flags, indicating that the consent list may not be valid.
2. Corporate officers’ obligations
Prior to using acquired email distribution lists to send commercial electronic messages, corporate officers in charge of transactions involving the acquisition of such lists should personally ensure that positive steps are taken to verify that proper consents to receiving CEM were obtained by the seller and that such consents are broad enough to encompass emailing activities to be conducted after the acquisition. Such steps must also be documented in writing.
3. Representations and warranties
Representations and warranties of the seller in purchase agreements must include clear language regarding compliance with CASL, notably regarding the validity and accuracy of the consent to receiving CEM by recipients included in email distribution lists.
4. Remedies
Where there is uncertainty about the validity of consents included in acquired email distribution lists, buyers should consider including remedies addressing infringement of CASL in their purchase agreement. Specifically, to address the risk of insolvency/dissolution of the seller post-closing (which happened in the nCrowd case), such remedies could include — for instance — price correction mechanisms and placing a portion of the purchase price in escrow.
1 nCrowd sent several CEMs which contained unsubscribe links that were not functioning, or did not process opt-out requests within the 10 business days delay required by law. In some instances, further action was required from recipients to complete their unsubscribe request, in violation of the requirements set forth in CASL, the Electronic Commerce Protection Regulations (CRTC) and Telecom Regulatory Policy 2012-183.
2 CASL, art. 31: “An officer, director, agent or mandatary of a corporation that commits a violation is liable for the violation if they directed, authorized, assented to, acquiesced in or participated in the commission of the violation, whether or not the corporation is proceeded against.”