Enforcement Highlights
Dark Web Investigation
As part of an investigation, in January 2021, the CRTC’s Chief Compliance and Enforcement Officer issued administrative monetary penalties totalling $300,000 to four Canadians for their involvement with a company in the Dark Web Marketplace known as CanadianHQ.
The CRTC’s actions resulted in the shutdown of CanadianHQ, which was one of the largest Dark Web marketplaces of its kind in the world and a significant contributor to harmful cyber activity in Canada. The CRTC’s investigation focused on four individuals who allegedly sent emails that mimicked well-known brands in order to obtain personal data including banking credentials and other sensitive information.
This investigation has also allowed the CRTC to identify a number of other vendors where it expects to take additional enforcement actions.
To find out more on the CRTC’s investigation of CanadianHQ, consult the CRTC’s news release on Targeting the Dark Web Marketplace.
Complaints from Canadians support CRTC’s investigation
In December 2021, the CRTC reached an agreement with Gap Inc. (Gap) for allegedly violating CASL. In addition to implementing corrective measures, Gap agreed to make a payment of $200,000.
As part of the investigation, the Chief Compliance and Enforcement Officer had reason to believe that Gap sent commercial electronic messages to Canadians without the necessary consent. Gap’s messages also allegedly did not consistently include either an unsubscribe mechanism or an unsubscribe mechanism which could easily be performed.
Upon being made aware of the Chief Compliance and Enforcement Officer’s concerns, Gap proactively made changes to its marketing practices to meet CASL requirements.
This investigation was supported by complaints received from Canadians. Canadians are encouraged to report spam and suspicious practices to spam@fightspam.gc.ca or by using the Spam Reporting Centre’s (SRC’s) online form.
Enforcement Measures
Long description:
- 1 Undertaking
- 230 Notices to Produce
- 21 Preservation Demands
Payments and Penalties Under CASL
Since CASL came into force in 2014, enforcement efforts have resulted in more than $1.9 million payable. Of this amount, approximately $1.1 million is from administrative monetary penaltiesFootnote 1 and $868,000 from negotiated undertakings.
Complaints to the Spam Reporting Centre (SRC)
Between October 1, 2021 and March 31, 2022
Over 167,939 complaints to the Spam Reporting Centre.
That’s 6,459 per week.
Approximately 4,069 of these complaints were submitted using the online form, which represents only about 2.42% of total complaints. The remainder of complaints were sent by email at spam@fightspam.gc.ca.
The CRTC encourages Canadians to use the SRC’s online form to provide as much information as possible about potential CASL violations. The information provided by Canadians is an essential part of the intelligence the SRC gathers on spam and electronic threats. Each report is valuable and helps us to enforce CASL.
SRC Database Updates
Not only does the SRC allow Canadians to report spam, it also provides the 3 enforcement agencies responsible for ensuring compliance with CASL: the Canadian Radio-television and Telecommunications Commission, the Competition Bureau, and the Office of the Privacy; with access to a central database which can be used for CASL investigative and enforcement purposes.
The CRTC has enhanced the search and reporting functions built into the SRC case management system. This will foster more complex searches and allows the enforcement agencies to create a variety of reports to help provide analytical insight for identifying new trends, violations and investigations.
Canadians need to watch out for POP-UP, CALL, SPAM EMAIL or any other urgent message about a virus on their computer.
Sources of spam (reported through online form)
Long description:
- Email: 65%
- Text message (SMS): 23%
- Instant message (IM): 2%
- Unspecified: 10%
Reasons why Canadians complain
Long description:
Complaint reasons and percentages
- Lack of consent: 94%
- Indentification of Sender: 39%
- Deceptive Marketing Practices: 33%
- Other: 20%
- Software and Malware: 3%
Note: The total does not add to 100% since Canadians can select more than one category for a complaint.
Per month complaints about consent highest in November 2021
Looking at submissions from Canadians to the SRC over the last 6 months, per month complaints about consent issues were at their highest in November 2021.
Note: Statistics derived from spam reports filed through the SRC online form.
Long description:
| Year-Month | Lack of consent | Deceptive Marketing Practices | Identification of Sender | Other | Software and Malware | Grand Total |
|---|---|---|---|---|---|---|
| 2021-10 | 632 | 208 | 244 | 111 | 26 | 1221 |
| 2021-11 | 780 | 256 | 303 | 149 | 15 | 1503 |
| 2021-12 | 591 | 172 | 216 | 98 | 8 | 1085 |
| 2022-1 | 592 | 237 | 282 | 149 | 40 | 1300 |
| 2022-2 | 574 | 238 | 267 | 138 | 16 | 1233 |
| 2022-3 | 646 | 247 | 292 | 150 | 25 | 1360 |
| Grand Total | 3815 | 1358 | 1604 | 795 | 130 | 7702 |
Between October 2021 and March 2022, about 65% of the messages reported to the SRC were related to affiliate marketing or legitimate businesses selling or promoting the sale of a good or service.
The top five categories of affiliate marketing messages reported to the SRC relate to: (1) Dating; (2) Food, Drug & Health; (3) Online Shopping; (4) Leisure and Gambling; and (5) Technology.
The top five categories of commercial messages reported to the SRC
relate to: (1) News & Media (2) Online Shopping; (3) Technology; (4) Financial; and (5) Business to Business.
Outreach
Outreach and engagement activities are a critical means to help legitimate businesses, including marketers, email senders, and other small and medium businesses, with their compliance efforts under CASL.
CRTC Compliance and Enforcement staff participated in 4 virtual engagement activities with companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications. This included a fireside chat by the CRTC’s Chief Compliance and Enforcement Officer with the Retail Council of Canada where complaints received from Canadians about commercial spam was highlighted.
"I have received spam from this company for over a year. The link to unsubscribe is not active.""
In February 2022, the CRTC's investigation into the Dark Web Marketplace was one of the top stories in the Brussels-based Cullen International's reportFootnote 2, which was timely since March was fraud prevention month.
In February and March, the CRTC continued to leverage online platforms to promote Fraud Prevention Month and remind Canadians to stay vigilant against scams, and how to recognise, reject and report fraud. As examples, the CRTC created an easy to follow infographic on how to spot an online scam and sent out social media alerts associated with investment scams, including paying in cryptocurrencies.
Collaboration with International Partners
The CRTC has also forged partnerships with organizations across the globe in order to better fulfill its mandate. The CRTC is part of the Unsolicited Communications Enforcement Network (UCENet). Members from over 26 countries work together to promote international spam enforcement cooperation and address problems relating to spam and unsolicited telecommunications.
Long description:
Canada (CA)
Memorandum of Understanding:
- Competition Bureau (CB) and Office of the Privacy Commissioner (OPC)
- Consumer Protection Authority of British Columbia
Enforcement Collaboration:
United States (US)
Memorandum of Understanding:
Enforcement Collaboration:
United Kingdom (UK)
Memorandum of Understanding:
Information Commissioner’s Office (ICO)
Japan (JP)
Memorandum of Understanding:
Ministry of Internal Affairs and Communications
Australia (AU)
Memorandum of Understanding:
Australian Communications and Media Authority (ACMA)
Enforcement Collaboration:
Australian Federal Police (AFP)
New Zealand (NZ)
Memorandum of Understanding:
Useful Resources
Check out recent fraudulent activities reported to the Canadian Anti-Fraud Centre.
Looking for cyber safety tips?
Office of the Privacy Commissioner of Canada
Frequently Asked Questions about CASL
Information Bulletin - Guidelines on the Commission's Approach to Section 9 of CASL
- Date modified: