Notice of Violation: Investigation into non-compliant emails sent by Couch Commerce Inc. and nCrowd, Inc. including the vicarious liability of corporate directors
Ottawa, 23 April 2019 (updated 17 June 2020)
File number: 9090-2015-00414
Summary of investigation
Violations pursuant to An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010, c 23 (the Actor CASL).
As a result of complaints submitted by Canadians to the Spam Reporting Centre, designated persons of the Commission (Commission staff) initiated an investigation in April 2015 in order to assess the business activities of two groups of companies, the Couch Commerce groupFootnote1 and the nCrowd groupFootnote2, for compliance with section 6 of the Act.
When sending commercial electronic messages (CEMs), section 6 imposes three types of requirements, which relate to the recipient’s consent, the unsubscribe mechanism and the identification of the sender.
The business activities of the Couch Commerce group and the nCrowd group consisted of the online sale of coupons. More precisely, companies within these ownership groups promoted the products and services of merchants on various internet websites, and sold electronic vouchers corresponding to these products and services. Descriptions of the deals were delivered to potential customers via weekly or daily emails; up to 4 emails per day per complainant in some cases. In this business model, the purchaser of a voucher (the customer) presented it to the merchant, who was responsible for shipping the product to the customer. The voucher company (here, companies of the Couch Commerce group and the nCrowd group) took a percentage on the selling price, typically around 35%, and the other part went to the merchant. In this e-commerce business, one of the voucher company’s greatest assets is their email distribution list, since consumers are profiled and receive daily emails highlighting available products relevant to their profile, and directing them to the voucher company’s websites to make purchases.
The investigation uncovered a chain of business acquisitions out of bankruptcies or going out of business sales, through which a customer email distribution list grew exponentially to reach more than 2 million email addresses. The string of acquisitions of email distribution lists is shown in the chart below and detailed in the corresponding description.
The key assets acquired in the chain of transactions listed in the chart were intangible, essentially the email distribution list, domain names and trademarks. These ownership changes allowed a new company to continue on the business with an ever larger email distribution list without the assumed liabilities of the former company. However, the continuity of service was damaged: as merchants ceased being paid for their products, they refused to ship products ordered by customers. As a result, both merchants and customers ended up losing money, since the voucher business closed or entered into bankruptcy proceedings before merchants and customers were fully compensated for their transactions.
Canadian and American consumersFootnote3 and merchantsFootnote1 reported that they lost money. Media outlets alerted the public about Couch Commerce Inc. operating as Teambuy and Dealfind, nCrowd and Boomstreet.Footnote5 The industry, via the Canadian Deals and Coupons Association, also issued warning notices regarding nCrowd and Boomstreet.Footnote6
As a result of the circumstances cited above, specifically the fact that the companies involved were operational then dissolved or otherwise ended, any enforcement actions directed towards such companies would have no deterrent effect nor effectively promote compliance. Therefore, Commission staff pursued the corporate directors through vicarious liability in order to encourage future compliance with the Act.
Investigation of nCrowd, Inc. and its director Brian Conley
Commission staff alleged and the Commission found in Decision 2019-111 that between 25 September 2014 and 1 May 2015, nCrowd, Inc. sent CEMs or caused or permitted any of its subsidiaries, namely nCrowd Commerce, Inc. and nCrowd Limited, to send CEMs to electronic addresses, without consent and without a functioning unsubscribe mechanism contrary to paragraphs 6(1)(a) and 6(2)(c) of the Act.
Commission staff also alleged and the Commission found in Decision 2019-111 that Brian Conley acquiesced in these violations, while he was the President and Chief Executive Officer (CEO) of the nCrowd companies. As CEO, Brian Conley took no action and turned a blind eye to the practices being employed at his companies in terms of the acquisition and use of email distribution lists, despite the fact that in this line of business, an email distribution list is one of the most important assets through which to generate revenues. Protecting such an asset, including ensuring continued ability to use it, under CASL, should therefore have been important to the nCrowd group and its CEO. However, the nCrowd group’s email distribution and consent-tracking lists were largely inaccurate, incomplete, and altered.
- The type of consent is listed for each and every one of the 1,928,015 entries as “explicit” consent although a significant number of email addresses on this list were generic or belonged to institutions or governments, including police services and hospitals (some of which were available online).
- The date at which the consent was allegedly obtained and the legal person who allegedly sought and obtained the consent were obviously inaccurate or altered. For example, on numerous occasions consent was obtained for more than 3,000 addresses in just one day, and more than 80% of all parties provided consent (1,566,114) on the same day.
- nCrowd, Inc.’s non-compliant unsubscribe mechanism was a broad and recurring issue that Brian Conley ought to have known about over the time, and the appropriate steps to fix the unsubscribe process were never taken. The non-compliance continued for almost a year and evidence shows that even when the nCrowd group’s employees informed customers that they had been unsubscribed, they had actually not been.
- No evidence was found that Brian Conley ever verified or required the conducting of any audit of the consent list provided by the Couch Commerce group or other lists purchased by the nCrowd group to ensure its validity and accuracy.
- Brian Conley instituted no policies or procedures relating to the nCrowd group’s compliance with the Act.
Of interest, Commission staff noticed that the nCrowd group used a technique, called “pixel tag”Footnote7, one of many used by e-marketers and spammers alike to track whether an email address is valid, if and when the email was opened, and from which computer the email was viewed, without asking the recipient directly. This technique may be used for analytics of email open rates. While a long list of valid email addresses with high open rates collected through the use of pixel tags may be a good indicator of a distribution list’s reach and value when selling/purchasing it, Commission staff alleged that the technique itself by its very nature does not reflect the existence of consent from recipients, and thereby it cannot be a way to manage distribution lists in compliance with the Act. In other words, by opening an email, a recipient does not provide (nor retroactively provide) the originator with express or implied consent to send them CEMs.
Investigation of Couch Commerce Inc. and its director Ghassan Halazon
Commission staff alleged that between 2 July 2014 and 9 September 2014, Couch Commerce Inc. sent CEMs, or caused or permitted any of its subsidiaries, namely 8108773 Canada Inc. and DealFind.com Inc., to send CEMs to electronic addresses, without a functioning unsubscribe mechanism contrary to paragraph 6(2)(c) of the Act.
Commission staff also alleged that Ghassan Halazon acquiesced in this violation while he was the President and CEO of Couch Commerce Inc. Couch Commerce’s non-functioning unsubscribe mechanism was a broad and recurring compliance issue that Ghassan Halazon ought to have known about over the time, considering the importance of email distribution lists to the Couch Commerce group’s business. Evidence shows that even when Couch Commerce group’s employees told a customer they had been unsubscribed, they had actually not been. No evidence shows that Ghassan Halazon instituted any written policy or procedure relating to compliance with the Act. However, Ghassan Halazon produced documentation showing good faith as well as some steps undertaken to comply with CASL, and further agreed to develop and implement a compliance program (see below).
Pursuant to section 22 of the Act, the CRTC designated person served a Notice of Violation (NOV) on Brian Conley on 13 February 2017, whereby it was alleged that he was liable, in his director capacity, for the violations committed by nCrowd, Inc. pursuant to section 31 of the Act. The NOV set out an administrative monetary penalty totaling $100,000. Pursuant to section 24(1) of the Act, Brian Conley submitted representations to the Commission (see details below).
Pursuant to section 22 of the Act, the CRTC designated person served a NOV on Ghassan Halazon on 7 February 2017, whereby it was alleged that he was liable, in his director capacity, for the violation committed by Couch Commerce Inc. pursuant to section 31 of the Act. In addition, a warning letter was served upon Ghassan Halazon on 10 February 2017. The purpose of this letter was to raise concerns regarding new compliance issues, considering that the email lists that were at the core of the alleged violations committed by Couch Commerce Inc. and nCrowd, Inc. were appropriated, after a series of bankruptcies and transactions, by Transformational Capital Corp. (TCC), a company directed by Ghassan Halazon. Following discussions between Mr. Halazon and Commission staff, an undertaking was signed to address the alleged violations and ensure future compliance. The undertaking included, an amount to be paid, set at $10,000, and a compliance program to be put in place by TCC. This undertaking ended the proceeding commenced by the NOV, pursuant to section 21 of the Act.
In addition, warning letters were served on 16 December 2016 upon Salesforce.com, Inc., formerly known as ExactTarget, Inc. (Couch Commerce group’s email service provider or ESP) and Sailthru, Inc. (nCrowd group’s ESP). Commission staff advised these ESPs that some CEMs sent on behalf of their respective client did not properly identify the ESP as the senderFootnote8 and did not always contain a functioning unsubscribe mechanism. These letters required both ESPs to take corrective action to ensure compliance with CASL.
Decision of the Commission
In its Decision 2019-111 dated 23 April 2019, the Commission confirmed the violations committed by nCrowd, Inc. and the liability of its director, Mr. Conley, pursuant to section 31 of the Act, as well as the penalty amount set out in the NOV ($100,000). Mr. Conley did not bring an appeal in the Federal Court of Appeal pursuant to section 27 of the Act.
This decision has no impact on the undertaking signed by Mr. Halazon.
- Date modified: