The undertaking resulted from an alleged failure to obtain
consent from recipients prior to sending commercial electronic
messages. The alleged violations apparently occurred over an
11-week period in late 2014.
As with previous undertakings announced by the CRTC, the summary
produced by the CRTC includes few details about the alleged
non-compliance, such as whether the company sent messages without
obtaining consent, failed to meet form requirements in collecting
consent, or was unable to prove the existence of an existing
business relationship that would give rise to implied consent.
Interestingly, the CRTC summary does note that the messages in
question were allegedly sent by "Kellogg and/or its third
party service providers", and that Kellogg undertook to comply
with CASL and its Regulations, and to "ensure that any third
party authorized to send a commercial electronic message on its
behalf" did the same – suggesting that the alleged
violations may have stemmed, at least in part, from the activities
of a third party service provider. This, in turn, raises
important – but unfortunately, unanswered -- questions about
how penalties are assessed in such circumstances, and the extent to
which due diligence in vendor selection and procurement
arrangements might impact liability for non-compliance under
The central prohibition in CASL relating to commercial
electronic messages does refer explicitly to those sending such
messages, as well as to those causing or permitting such messages
to be sent; accordingly, the law appears to apply to both marketers
and the service providers that may be retained to send marketing
messages on their behalf. Organizations would be well advised
to choose third party vendors carefully, and to impose clear
contractual and process requirements on such vendors to help avoid
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).