Columns

CMA and MRIA Recommend Against Respecting iOptOut Requests

My weekly technology law column (Toronto Star version, Ottawa Citizen version, Vancouver Sun version, homepage version) focuses on the reaction to iOptOut.ca which includes advice from at least two Canadian associations to their members not to respect the legitimate opt-out requests of thousands of Canadians.  I argue that this provides a good sense of what lies ahead this fall when the government-mandated list makes its long awaited debut. The iOptOut.ca site is based on a simple premise, namely that Canadian privacy law already gives Canadians the right to withdraw their consent over the use of their personal information (including phone numbers) for telemarketing calls.  Visitors to the site are asked to enter their phone number (and email address if they wish) and to indicate their privacy preferences for nearly 150 organizations.

With a single click, the selected organizations each receive an opt-out request, enforceable for the moment through the complaint process under national privacy law.  Once the do-not-call list is up and running, there will be a further enforcement mechanism – complete with financial penalties – for those organizations that do not respect the opt-out request. After only one week online, it has become readily apparent that the site has struck a chord with Canadians.  More than 17,000 phone numbers have been registered, resulting in over 1.7 million opt-out requests.  Interestingly, many users pick-and-choose their organizations, as over a quarter of all registrants do not check all available options.  

Given the public support for the do-not-call list (an Industry Canada study once found over 90 percent of those surveyed favoured a list), the enthusiastic response was predictable.  In fact, it suggests that once the official list is launched, millions of numbers will likely be registered in fairly short order. Registration will provide a measure of relief for Canadians tired of unsolicited telemarketing calls; however, the iOptOut.ca experience to date suggests that some challenges will remain.

First, many users have noted the growing number of telemarketing calls that originate from outside Canada, particularly the United States.  Canadians are currently unable to register their numbers on the hugely successful U.S. do-not-call list (over 100 million numbers registered) and Canadian privacy law cannot be easily enforced outside domestic borders. This jurisdictional loophole has not attracted much attention, but Canadian and U.S. officials should explore a mutual recognition system that would force U.S. telemarketers to abide by the Canadian list and Canadian telemarketers to respect the U.S. list.

Second, some industry groups have reacted with considerable hostility toward iOptOut.ca.  For example, both the Canadian Marketing Association and the Marketing Research and Intelligence Association have advised their members that they may be able to ignore Canadians' opt-out requests since the requests are not "authenticated."  There is no requirement under Canadian law for such authentication and the CMA itself runs an opt-out list without authentication.  In fact, neither the Canadian nor the U.S. do-not-call list features telephone number authentication. Moreover, the MRIA has deliberately entered false information into iOptOut.ca, presumably in an effort to undermine the site's reliability (less than 1 in 1000 registrations have been demonstrably false).  Other organizations have sought to stop opt-out attempts by simply blocking the email requests before they enter their email systems.

While these actions can be challenged before the Privacy Commissioner of Canada, they foreshadow a more troubling concern.  The imminent arrival of a Canadian do-not-call list will reshape telemarketing in Canada, forcing thousands of organizations to pay closer attention to the privacy preferences of their customers.  There is no right to opt-out of the law, but it would appear that not everyone will welcome the do-not-call list with open arms.

11 Comments

  1. It seems that the MRIA does not recognize requests made from anything other than the affected phone as being not validated, based on blog entry. So, would this mean that if I call from my cell phone or work phone to request removal of my home phone they would consider it not validated and could choose to ignore the request?

  2. 150 Organizations
    It seems to me that the do-not-call won\’t be a one-size fits all solution.

    What about small companies, startups, small websites, etc?

    I believe there is value in a privately run do-not-call solution targetting smaller players.

  3. Anonymous says:

    Well, this surely isn’t a surprise? What would you all be blogging about privacy if they did accept instructions from anyone other than the verified owner of the number?

  4. Anonymous says:

    I agree. How are CMA and MRIA supposed to know this is genuine? Isn’t it better to wait till there is a registry where the blocking will apply to ALL calls? This iOptOut solution is far too complex in listing who can’t call, and the accuracy of the requests can’t be known.

  5. Rogers 1 strike
    They called.
    So much for this working.

  6. opt out
    great service thanks. Can you add MNBA Bank to the list? They are a real pain.

  7. If you’re a customer of MBNA, you can’t block them from calling under the new law.

  8. Mike writes that \”The iOptOut.ca site is based on a simple premise, namely that Canadian privacy law already gives Canadians the right to withdraw their consent over the use of their personal information (including phone numbers) for telemarketing calls.\” As I indicated in reaction to another one of your story\’s on this, not sure your premise is correct with respect to Charities as solicitation of donations may not be considered a \”commercial activity\” under Canadian privacy laws.

  9. ioptout.ca
    I was keen to try ioptout.ca but before leaving my contact info on your servers, I have a question:

    who is Nicholas Costello and Open Commuications [sic] at 134 Adelaide Street East Suite 30 Toronto ?

    He’s listed as both the admin and tech contact for the domain. his email address is listed as ncostello@opencommunications.ca but

    [ link ] doesn’t answer.

    He doesn’t seem to be the admin or tech contact on any of your other domains.

    Just wondering…

    grumpy@ambleside.com (in Vancouver)

  10. mria / cma comments
    Can someone point me to a quote from the MRIA or CMA about “ioptout.ca”? I want to know exactly what they have said about this and what they are doing about it.

  11. Ian Collins says:

    I see on the Toronto Star page that this article is subject to legal complaint- from whom?