CRTC Issues $250,000 in Penalties under CASL’s Anti-Malware Provisions

On July 11, 2018, the Canadian Radio-television and Telecommunications Commission (CRTC) issued Notices of Violation under Canada’s anti-spam law (the Act or CASL), including administrative monetary penalties of $100,000 to Datablocks Inc (Datablocks) and $150,000 to Sunlight Media Network Inc (Sunlight Media).

Both Datablocks and Sunlight are in the business of distributing online advertisements. Datablocks owns and controls software enabling a fully automated auction process through which online ads are delivered. Sunlight, using Datablocks’ software, operates an advertisement network and serves as a broker between advertisers and publishers. The two companies are closely connected and share ownership, directors/officers, and a physical location.

The CRTC discovered evidence that some of Sunlight’s clients were using Sunlight’s network to engage in “malvertising”.  Malvertising is the practice of serving “booby-trapped” online advertisements to install malware.  Such an act is a violation of Section 8 of CASL. Since aiding in a prohibited act is also prohibited by the Act, Datablocks and Sunlight allegedly violated CASL as well. According to the CRTC, Datablocks and Sunlight violated the Act by:

• accepting unverified, anonymous clients who used the Companies’ services to distribute malware;
• supplying the necessary infrastructure and software for the placement of the advertisments containing malware; and
• failing to implement adequate safeguards to prevent the prohibited acts. For violating the Act, the CRTC issued Notices of Violation to both Datablocks and Sunlight. The companies have until August 10, 2018 to either file written representations or pay the penalties.

Summary By: Jae Morris