Compliance and Enforcement Decision CRTC 2019-111
Ottawa, 23 April 2019
File number: PDR 9094-2015-00414-001
Brian Conley – Liability for violations of Canada’s Anti-Spam Legislation committed by nCrowd, Inc.
The Commission finds that nCrowd, Inc. committed one violation of paragraph 6(1)(a) and one violation of paragraph 6(2)(c) of Canada’s Anti-Spam Legislation (the Act) in relation to commercial electronic messages sent to recipients in Canada. The Commission also finds that Brian Conley is liable, under section 31 of the Act, for those violations. Accordingly, the Commission imposes an administrative monetary penalty of $100,000 on Brian Conley.
- From 25 September 2014 to 21 June 2015, the Commission received 246 submissions through the Spam Reporting Centre (SRC) in relation to email messages that appeared to have been sent by nCrowd, Inc. or by its subsidiaries, nCrowd Commerce, Inc. and nCrowd Limited (collectively, nCrowd).
- These submissions were investigated and, on 14 December 2016, pursuant to section 22 of An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act, and the Telecommunications Act (the Act or Canada’s Anti-Spam Legislation [CASL]),Footnote 1 a person designated by the Commission issued a notice of violation to Brian Conley.Footnote 2
- In the notice, the designated person informed Mr. Conley that he was being held liable, pursuant to section 31 of the Act,Footnote 3 for the following violations committed by nCrowd between 25 September 2014 and 1 May 2015:
- one violation of paragraph 6(1)(a) of the Act, which states that it is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message (CEM)Footnote 4 unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied;
- one violation of paragraph 6(2)(c) of the Act, which states that a CEM must set out an unsubscribe mechanism in accordance with subsection 11(1).Footnote 5
- The notice of violation set out an administrative monetary penalty (AMP) of $100,000 and was served on Mr. Conley on 13 February 2017.
- Pursuant to paragraphs 22(2)(c) and (d) of the Act, the notice of violation informed Mr. Conley that he had 30 calendar days from the day following service of the notice to either pay the penalty or make representations to the Commission regarding the violations allegedly committed by nCrowd, his liability for those violations, and the amount of the penalty set out in the notice.
- The Commission received representations from Mr. Conley on 16 March 2017. In his representations, Mr. Conley argued, in summary, that he should not be held liable for the violations and that he could not afford to pay the AMP proposed in the notice of violation.
- Based on the record of this proceeding, the Commission has identified the following issues to be addressed in this decision:
- Did nCrowd commit the violations?
- If yes, is Brian Conley liable for the violations?
- If yes, is the amount of the AMP reasonable?
Did nCrowd commit the violations?
Nature and sender of the electronic messages at issue
- Subsection 1(1) of the Act defines an “electronic message” as “a message sent by any means of telecommunication, including a text, sound, voice or image message.”
- Subsection 1(2) of the Act provides that CEMs are electronic messages for which, having regard to their content and any hyperlinks or contact information contained therein, it would be reasonable to conclude have as one of their purposes the encouragement of participation in a commercial activity. This includes electronic messages that offer “to purchase, sell, barter or lease a product, goods, a service, land, or an interest or right in land” or that advertise or promote the same.
- Subsection 12(1) of the Act provides that “a person contravenes section 6 only if a computer system located in Canada is used to send or access the electronic message.”
- The electronic messages at issue varied greatly, but, at a minimum, they all promoted products or services offered by various merchants via the online sale of corresponding vouchers through nCrowd’s platform.
- The electronic messages consistently identified their sender as one of the business names under which nCrowd, Inc. or its subsidiaries operated, or referred to websites associated with those business names.Footnote 6
- Of the electronic messages referred to in the SRC submissions, 111 were sent to email addresses associated with Canadian businesses, Canadian domains (.ca) registered in Canada, or Canadian Internet service providers. Furthermore, three complainants who provided written witness statements to the designated person confirmed that they resided in Canada and used computers in their homes to access the messages.
- In his representations, Mr. Conley did not contest these elements of the investigation report.
- In light of the above, the Commission finds, on a balance of probabilities, that nCrowd sent the 246 electronic messages in question, that the messages were CEMs within the meaning of the Act, and that they were sent to a number of recipients located in Canada.
Consent to send CEMs
- Paragraph 6(1)(a) of the Act provides that it is prohibited to send or cause or permit to be sent to an electronic address a CEM, unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.
- Section 13 of the Act provides that a person who alleges that they have consent to perform an act that would otherwise be prohibited under any of sections 6 to 8 of the Act has the onus of proving that they have such consent.
- The date on which consent was obtained is essential to proving the existence of either valid express consent, or implied consent through an existing business relationship or an existing non-business relationship, since consent must be acquired within the two-year period immediately before the day on which the message was sent, or within the six-month period immediately before the day on which the message was sent, in the case of an inquiry.Footnote 7
- In their submissions to the SRC, complainants indicated that they did not believe that they had given consent to receive the messages at issue. Additionally, in the witness statements referred to above, the complainants mentioned a lack of consent to receive messages from nCrowd, Inc. or its subsidiaries.
- During the investigation, nCrowd stated that it had consent to send CEMs to all the email addresses on its email distribution list and that express consent was obtained through either Couch Commerce Inc.’s (Couch Commerce) or nCrowd’s website.
- The list that nCrowd provided to a person designated for the purpose of section 17 of the ActFootnote 8 contained 1,928,015 email addresses, most of which were purchased from Couch Commerce on 24 September 2014.
- According to information on that list, express consent to send CEMs to 1,566,144 email addresses on that list was obtained on a single day, 13 August 2014. nCrowd explained that the date in question was the date on which Couch Commerce moved its email records from one email service provider to another. No other supporting documents were provided, nor was any information included on what, specifically, consumers might have consented to.
- The evidence on the record of this proceeding indicates that, on 25 September 2014, the day following the purchase of Couch Commerce’s email distribution list, nCrowd started sending CEMs to email addresses on that list.
- In his representations, Mr. Conley did not address any of the consent issues brought to his attention in the investigation report.
- The Commission notes that nCrowd’s response to the designated person does not demonstrate that the company had express consent to send CEMs to the email addresses on the list. The lack of a valid date on which consent was obtained makes it impossible to verify that express or implied consent was obtained within the two-year period immediately before the day on which the CEM was sent by nCrowd, or within the six-month period immediately before the day on which the CEM was sent by nCrowd in the case of an inquiry.
- The Commission further notes that the list contained several general email addresses typically reserved for the technical support and website management of major companies. It is unlikely that the authorized users of those email addresses would have expressly consented to receiving CEMs from a daily deals company such as nCrowd. It is more likely that those email addresses were published and accessed online.
- Accordingly, the Commission determines that nCrowd failed to demonstrate what steps it took, if any, to ensure that it had express or implied consent to send CEMs to the email addresses on its list.
- In light of the above, the Commission finds, on a balance of probabilities, that nCrowd sent the CEMs at issue without the consent of the recipients, in violation of paragraph 6(1)(a) of the Act.
nCrowd’s unsubscribe mechanism and processing of unsubscribe requests
- Paragraph 6(2)(c) of the Act provides that CEMs must conform to prescribed requirements and must set out an unsubscribe mechanism in accordance with subsection 11(1).
- Section 11 of the Act states that (i) unsubscribe mechanisms must be usable at no cost, (ii) a consumer must be able to unsubscribe from further messages from either the person who sent the message or the person on whose behalf it was sent, and (iii) a consumer must be able to make unsubscribe requests either to a specified electronic address, or through a link accessible via a web browser. The electronic address or link must be valid for a minimum of 60 days after the message is sent, and effect must be given to unsubscribe requests without delay, no later than 10 business days after the request is sent, and without any further action being required on the part of the person who made the request. In addition, pursuant to subsection 3(2) of the Electronic Commerce Protection Regulations (CRTC), as set out in Telecom Regulatory Policy 2012-183, the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be able to be readily performed.
- Several of the people who made submissions through the SRC and the three individuals who provided witness statements indicated that (i) the unsubscribe links in the CEMs they received were not functioning, (ii) their unsubscribe requests were not given effect within 10 business days, or (iii) further action on their part was required to complete their unsubscribe requests.
- During the investigation, nCrowd failed to provide the designated person with any document showing policies and procedures relating to its unsubscribe mechanism.
- In his representations, Mr. Conley did not address any of the issues regarding unsubscribing that were brought to his attention in the investigation report.
- In light of the above, the Commission finds, on a balance of probabilities, that nCrowd violated paragraph 6(2)(c) of the Act.
Is Brian Conley liable for the violations?
- Section 31 of the Act provides that an officer, director, agent, or mandatary of a corporation that commits a violation is liable for the violation if they directed, authorized, assented to, acquiesced in, or participated in the commission of the violation, whether or not the corporation is proceeded against.
- The notice of violation states that Mr. Conley is liable for the violations committed by nCrowd, Inc. between 25 September 2014 and 1 May 2015, because he acquiesced in the commission of those violations while he was the President and Chief Executive Officer (CEO) of that corporation.
- In the absence of any specific definition in the Act, the Commission defines “acquiesce,” based on its ordinary meaning and on Canadian jurisprudence, as agreeing to something tacitly, silently, passively, or without protest.Footnote 9
- The designated person’s assessment is that email distribution lists were central to nCrowd’s business, that Mr. Conley was familiar with both their importance and with nCrowd’s platform for managing them, and that Mr. Conley was personally involved in acquiring them; therefore, he must have either known about the problems with nCrowd’s lists, or knowingly turned a blind eye to these problems.
- The evidence presented in the investigation report shows that Mr. Conley was listed as one of the four co-inventors of nCrowd’s email marketing tool, which included the sending of targeted CEMs based on the interests and preferences of the recipient.
- The evidence also shows that, on 24 September 2014, Mr. Conley personally signed an Agreement of Purchase and Sale whereby nCrowd acquired Couch Commerce’s assets, including its email distribution list. The agreement stipulated that “the Seller shall be in compliance with Canada’s Anti-Spam Legislation, to the satisfaction of the Buyer in its sole discretion.” As noted above, the following day, nCrowd started using the list to send CEMs that the Commission has found to be in violation of paragraphs 6(1)(a) and 6(2)(c) of the Act.
- In his representations, Mr. Conley claimed that he never acquiesced in any of the violations mentioned in the notice of violation and should not be held liable for them. Mr. Conley stated that it would be impossible for a company CEO to have first-hand knowledge of millions of email addresses or the functionality of an opt-out button.
- Mr. Conley also pointed to the representation made by Couch Commerce that its list was compliant with the Act when it was sold to nCrowd. He further submitted that prior to finalizing the purchase of Couch Commerce’s assets, an “independent investigation into [Couch Commerce’s] email processes at that time revealed that, up to that point, no alleged violations of Canadian law pertaining to email marketing had ever been levelled against Couch [Commerce].” He added that “nCrowd never intended to send emails to people who did not want to receive them and we took great pains to [ensure] that that did not happen.”
- Mr. Conley further argued that he resigned as CEO of nCrowd before the designated person contacted nCrowd for the first time, and that he never had any first-hand knowledge of violations allegedly committed by nCrowd before he received the notice of violation. To support this claim, he included with his representations a written decision from the United States District Court for the Northern District of Georgia, arising out of a contract dispute between nCrowd and other companies. The decision states that Mr. Conley resigned as CEO of nCrowd and as a member of its board of directors on 22 May 2015.
- The Commission considers that, in light of both the evidence regarding Mr. Conley’s experience with email distribution platforms (having invented one) and the importance of this method of marketing to his business, Mr. Conley was familiar with the functionalities of sending CEMs and of unsubscribe mechanisms. The Commission also notes that Mr. Conley was personally involved in the acquisition of email distribution lists for his business. The Agreement of Purchase and Sale for the major acquisition at the centre of this case – the list acquired from Couch Commerce – included terms indicating that Mr. Conley was aware of the Act generally, and terms requiring nCrowd to take steps to satisfy itself with respect to Couch Commerce’s compliance with the Act. However, Mr. Conley did not provide any evidence to demonstrate that he, or nCrowd, actually did take such steps.
- In addition, Mr. Conley did not refute any of the designated person’s arguments with respect to his knowledge of the business, his knowledge of the email distribution platform, or his direct involvement in the acquisition of the email distribution list used in the commission of the violations. The Commission considers that it is not reasonable to believe that Mr. Conley had an active and personal role in acquiring the assets of a company one day, which the evidence demonstrates, and yet had no knowledge at all of how those assets were being implemented in his own company the very next day.
- Finally, the Commission considers that the date of Mr. Conley’s resignation is not relevant since the notice of violation indicates that Mr. Conley is held liable only for violations related to CEMs sent by nCrowd from 25 September 2014 to 1 May 2015, during which time Mr. Conley was the President and CEO of nCrowd.
- In light of the above, the Commission finds, on a balance of probabilities, that Mr. Conley acquiesced in the commission of the violations of paragraphs 6(1)(a) and 6(2)(c) of the Act committed by nCrowd between 25 September 2014 and 1 May 2015, and is therefore liable, pursuant to section 31 of the Act, for those violations.
Is the amount of the AMP reasonable?
- The notice of violation set out an AMP of $100,000.
- Subsection 20(3) of the Act sets out the following factors that must be taken into consideration when determining the amount of an AMP:
- the purpose of the penalty;
- the nature and scope of the violation;
- the person’s previous history with respect to any previous violation under the Act, or any previous contravention of section 74.011 of the Competition Act or any previous contravention of section 5 of the Personal Information Protection and Electronic Documents Act;
- the person’s history with respect to any previous undertaking entered into under subsection 21(1) of the Act, and any previous consent agreement signed under subsection 74.12(1) of the Competition Act relating to conduct reviewable under section 74.011 of the Act;
- any financial benefit that the person obtained from the commission of the violation;
- the person’s ability to pay the penalty;
- whether the person has voluntarily paid compensation to a person affected by the violation;
- the factors established by the regulations; and
- any other relevant factor.
- The purpose of a penalty is to promote compliance with the Act, and not to punish. The quantum of the AMP must therefore be commensurate with the nature of the non-compliance and must serve as a deterrent for future non-compliance.
- While nCrowd ceased operations and dissolved in the months following the period during which the violations occurred, the investigation report indicates that Mr. Conley continued to be involved with nCrowd’s remaining assets and with similar lines of business. Mr. Conley did not provide evidence to the contrary in his representations.
- The Commission considers that the penalty can contribute to promoting compliance by Mr. Conley and to ensuring that he complies with the requirements of the Act in any future endeavours he may undertake that involve the sending of CEMs to Canadian consumers.
- Regarding the nature and scope of the violations, the Commission considers that the violations are serious. Not only did they occur, but elements of them that were called to nCrowd’s attention during the investigation were not remedied, and there is no evidence that nCrowd had policies or procedures in place that would have served to prevent them. Mr. Conley provided no evidence that he implemented such policies as President and CEO of nCrowd, nor did he explain them in his representations if they did exist.
- Mr. Conley has no history of violations or undertakings under CASL, the Competition Act,orthe Personal Information Protection and Electronic Documents Act.
- Regarding the financial benefit obtained, the Commission considers that it is reasonable to assume, on balance of probabilities, that some consumers were driven to nCrowd’s websites through a hyperlink embedded in a non-compliant CEM, and that they may have subsequently made a purchase online, benefitting nCrowd. However, the record of the proceeding does not contain any direct evidence that demonstrates that nCrowd or Mr. Conley directly obtained a financial benefit as a result of the violations.
- Regarding ability to pay, the designated person assessed that Mr. Conley had a personal minimum net worth exceeding $1 million, and that the proposed AMP of $100,000 is within his ability to pay. This assessment was based on the value of his properties, his position as President and CEO of nCrowd during the years it operated, his personal investments in nCrowd, and his shareholder status in other businesses, including nCrowd’s biggest creditor.
- In his representations, Mr. Conley disputed this assessment, and stated that (i) all of the assets that he owned were heavily leveraged, (ii) he was unable to service the debt on them, (iii) he lost his life savings when nCrowd failed, and (iv) he was unable to pay the $100,000 penalty. However, Mr. Conley did not provide any evidence to support these claims.
- The Commission has previously noted, in Compliance and Enforcement Regulatory Policy 2015-109, that when a person making representations in response to a notice of violation argues that they are unable to pay a penalty, there is an expectation that the person will provide documentation or detailed information supporting that position, or rebutting any analysis of that factor set out in the notice of violation. The Commission further noted that it would generally not be sufficient for a person making representations to merely state that they cannot afford to pay a penalty.
- In addition, the notice of violation informed Mr. Conley that his representations must include fulsome arguments, including any documentation or evidence, in support of his position.
- There is no information on the record of the proceeding to indicate that the company has paid compensation to any persons affected by the violations, and there are no applicable additional factors established by the regulations.
- In light of the above considerations, the Commission finds, on a balance of probabilities, that the proposed AMP of $100,000 would not exceed Mr. Conley’s ability to pay, and is reasonable and necessary to promote compliance with the Act.
- The Commission finds, on a balance of probabilities, that nCrowd committed the two violations set out in the notice of violation.
- Additionally, the Commission finds, on a balance of probabilities, that Mr. Conley is liable, pursuant to section 31 of the Act, for the commission of those violations, and imposes a penalty of $100,000 on Mr. Conley.
- The Commission hereby notifies Mr. Conley of his right to appeal this decision by bringing an appeal in the Federal Court of Appeal within 30 days after having been served with a copy of this decision. An appeal on a question of fact may be brought only with the leave of the Federal Court of Appeal, an application for which must be made within 30 days after having been served this decision.
- The amount of $100,000 is due by 23 May 2019 and is to be paid in accordance with the instructions contained in the notice of violation. For any amount owing that is not paid by 23 May 2019, interest calculated and compounded monthly at the average bank rate plus 3% will be payable on that amount and will accrue during the period beginning on the due date and ending on the day before the date on which payment is received.
- If payment has not been received within 30 days of the serving of this decision, the Commission intends to take measures to collect the amount owing, which may include certifying the unpaid amount and registering the certificate with the Federal Court.
- Administrative monetary penalties under the Voter Contact Registry, Compliance and Enforcement Regulatory Policy CRTC 2015-109, 27 March 2015
- Electronic Commerce Protection Regulations (CRTC), Telecom Regulatory Policy CRTC 2012-183, 28 March 2012
- Date modified: