Last December, the government celebrated passing eight bills into law, including the long-delayed anti-spam bill. Years after a national task force recommended enacting anti-spam legislation, the Canadian bill finally established strict rules for electronic marketing and safeguards against the installation of unwanted software programs on personal computers, all backed by tough multi-million dollar penalties.
Then-Industry Minister Tony Clement promised that the law would “protect Canadian businesses and consumers from harmful and misleading online threats,” but nearly a year later, the law is in limbo, the victim of a fight over regulations that threaten to delay implementation for many more months.
Although support for anti-spam legislation would seemingly be uncontroversial, various business groups mounted a spirited attack against the bill during the legislative process, claiming requirements to obtain user consent before sending commercial email would create new barriers to doing business online. Passing the anti-spam legislation ultimately proved far more difficult than most anticipated with groups seeking to water down tough provisions and greatly expand the list of exceptions to the general rules on obtaining user consent.
Months later, my weekly technology law column (Toronto Star version, homepage version) reports it is dÃ©jÃ vu all over again as the government works to finalize the regulations for the anti-spam legislation and the same groups make many of the same arguments. A call for comment over the summer from both Industry Canada and the Canadian Radio-television and Telecommunications Commission (enforcement of the law is shared by the CRTC, Competition Bureau, and Privacy Commissioner of Canada) generated dozens of responses, most of which begin by congratulating the government on passing anti-spam legislation and then proceeded to urge significant amendments.
Some of the suggested changes make sense and have garnered near-universal support. The proposed regulations adopted a restrictive approach to obtaining consent, requiring that it be “in writing.” Many submissions from business and consumer groups argue this is unnecessary since electronic or verbal consents should be equally valid.
Several business groups have also noted that the form requirements on commercial electronic messages require a website address, yet many businesses are still not online. Moreover, the telecom industry points to short code messaging that already require consent and do not fit neatly into the anti-spam form requirements.
Yet for every legitimate regulatory concern, there seems to be a group that wants to re-open the carefully crafted legislative compromise. For example, Advocis, the Financial Advisors Association of Canada, emphasizes the value of financial literacy in an effort to argue that rules on referrals and consent should contain specific exceptions for financial advisors.
The Entertainment Software Association of Canada calls for an astonishing seven new exceptions, including watering down consent requirements for the installation of computer programs. This particular issue was the subject of extensive debate during committee hearings with the ESAC position previously rejected by the government and opposition MPs.
Other submissions call on the government to eliminate consent requirements altogether for small and startup businesses, suggesting that businesses be permitted to send thousands of messages each year without any need for prior consent.
The relentless campaign against the legislation has proven effective as it appears virtually certain that the government will now delay its implementation. Industry Minister Christian Paradis has remained silent on the issue, but last week the Canadian Marketing Association told its members that further consultations are now planned and that the law will not take effect until the middle of 2012 at the earliest.
It is important to get the regulations right so that Canadians are better protected from online threats and business does not grind to a halt. But establishing new consent requirements or requiring changes to some online business methods are the point of the law, not something to be eviscerated through the fine print of regulation.