News

Canadian Chamber of Commerce Attacks Anti-Spam Law: Challenges the Law’s Opt-In Requirement

For the past two days I’ve called attention to the shocking demands by business groups, including the Canadian Chamber of Commerce, the Canadian Marketing Association, and the Entertainment Software Association of Canada, to legalize spyware by permitting the secret installation of computer programs to monitor activities of Canadians suspected a potential contravention of the law (including laws such as copyright or any foreign law) or unauthorized use of a computer system (including wireless networks).

The Canadian Chamber of Commerce added its own submission to the government’s consultation on the anti-spam regulations. The Chamber’s key concern is the very foundation of the law: opt-in consent that requires businesses to obtain consent before sending commercial electronic messages (subject to a wide range of exceptions). The Chamber says:

Despite the enduring need to combat nuisance messages and malware, the multitude of compliance problems introduced through the “opt-in” approach to regulating commercial electronic messages and software needs further scrutiny.

The business lobby group therefore argues that opt-in should be dropped for business-to-business email altogether, that the government hold another round of consultations (thereby further delaying the law), and that the law be delayed for at least a year after the final regulations are published.

The opposition to the opt-in approach permeates throughout the organization, its affiliates, and members. For example, earlier this week the Niagara Falls Chamber of Commerce reacted to concern from a member about the spyware provisions by pointing to the law’s opt-in requirements and asked “you don’t think obligating business to get consent prior to sending a CEM is wrong”? (the complainant said no). Similarly, Graham Henderson, the CEO of CRIA/Music Canada, a Chamber supporter, claims that the law will pose an “immense threat to independent labels and young bands.”

Despite these persistent claims that the opt-in approach found in the anti-spam law will greatly harm business (or apparently young music bands), the reality is that opt-in is the standard in most major developed countries.  For example, the Australian anti-spam law is based on an opt-in express consent model, with exceptions for opt-out consent based on an existing business relationship or a published email address (Canada has the same exceptions). As for the oft-repeated concerns that this will prevent cold calling via email, Australia has had this prohibition in place for nearly five years (along with a more restrictive third party referral system).

Similarly, Japan switched from an opt-out system to opt-in in 2009, after it found that the opt-out system simply doesn’t work. The Japanese system is described as follows:

The legislation is clear: Full auditable and trackable permission to receive email marketing messages must be received prior to any send. Even though there is a clause that states that for-profit entities who publicly announce their own email addresses or who have a preexisting business relationship with the sender can receive commercial email, there is still a requirement for an affirmative act prior to receipt.

The European Union has had an opt-in consent model for a decade. It describes its own system as:

Article 13(1) of the Privacy and Electronic Communications Directive requires Member States to prohibit the sending of unsolicited commercial communications by fax or e-mail or other electronic messaging systems such as SMS and MMS unless the prior consent of the addressee has been obtained (opt-in system).

This requirement has been implemented throughout Europe.  For example, the Privacy and Electronic Communications (EC Directive) Regulations 2003 in the United Kingdom provides the following on the use of electronic mail for direct marketing purposes:

Except in the circumstances referred to in paragraph (3), a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender.

3) A person may send or instigate the sending of electronic mail for the purposes of direct marketing where—
(a) that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;
(b)the direct marketing is in respect of that person’s similar products and services only; and
(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.

In other words, Canada is not an outlier in adopting an opt-in model. The only major trading partner with an opt-out model is the United States, whose CAN-Spam Act is widely regarded as a failure. While there are variations in the specifics between countries, the opt-in approach has been implemented around the world without email marketing grinding to a halt. As noted yesterday, the comment period on the draft regulations may have closed, but it is not too late to tell Industry Minister Christian Paradis or your local Member of Parliament to reject demands from groups like the Canadian Chamber of Commerce that would gut the anti-spam bill.

16 Comments

  1. Barry Soookman says:

    Michael, you are not accurately reflecting the laws you refer to. Australia has inferred consents besides express consents and has a closed category of CEM. EU limits its laws to “direct marketing”. Your comparison gives readers an inaccurate impression of the comparative laws.

  2. Barry Soookman says:

    The Australian law defines consent as:

    For the purposes of this Act, consent means:
    (a) express consent; or
    (b) consent that can reasonably be inferred from:
    (i) the conduct; and
    (ii) the business and other relationships;
    of the individual or organisation concerned.

    So your statement that Australia has only an express regime is simply wrong. Canada has closed categories of existing business relationships and non EBRs, unlike Australia which has a much broader flexible and workable regime.

    Some of the other exceptions are broader as well.

    http://www.comlaw.gov.au/Details/C2013C00021/Html/Text#_Toc345409592

  3. Rivalry
    I see the rivalry between Geist and Sookman is strong as ever…

  4. RE: Anon
    Or apparently, Barry “Soookman”. It really helps your argument presentation when you can’t spell your own name correctly.

  5. Eye Opener
    The Doc said:
    “… the Canadian Marketing Association, and the Entertainment Software Association of Canada, to legalize spyware by permitting the secret installation of computer programs to monitor activities of Canadians suspected a potential contravention of the law (including laws such as copyright or any foreign law) or unauthorized use of a computer system (including wireless networks). ”

    Well, let’s think about this for a minute. If they are actually fighing to allow this, then, at least to me, it stands to reason they are already doing it and are worried about lawsuits.

    What a twisted world we live in when all these industry groups want to be able to spy on their neighbours.

  6. Devil's Advocate says:

    If that’s even the real Barry
    @Anon:

    Methinks the first 2 comments were not made by Sookman (but by “Soookman”. I could be wrong.

    Either way, they both have BS in their names. :)

  7. Garbage in, Garbage out.
    The link posted by Barry “Soookman” will probably install spyware on the Doc’s machine. Put there by the likes of the CMA, Canadian Chamber of Commerce and the Entertainment Software Association of Canada.

    My Captcha phrase: “Roger that”

  8. Michael Geist says:

    @Barry Sookman
    Barry,

    I don’t dispute that there are differences between the Canadian law and those in Australia, Japan, etc. My post specifically states “there are variations in the specifics between countries.” The point of the post is to clarify that many countries use an opt-in approach as their starting point. There may be differences on exceptions or the breadth of the law, but starting from the position that explicit consent is needed prior to sending a commercial message ought to be uncontroversial.

    Unfortunately, the scorched earth tactics that we’ve seen from business groups makes it very difficult to have a reasonable discussion about the scope of the law and the appropriateness of certain exceptions. Instead, we get Chamber groups opposing opt-in altogether, unreasonable interpretations of the law involving car pools and lemonade stands, attempts to delay implementation for years, inaccurate claims about the costs of maintaining lists (when both opt-in and opt-out require maintaining lists), and the outrageous recommendations highlighted this week involving computer programs.

    MG

  9. Barry Sookman says:

    Michael, your main point about Australia is that express consent is the starting point as opposed to some other type. It is not true that express consents is the starting point because both express and inferred consents are the starting points. The submissions to recognize PIPEDA consents as a form of implied consent are asking for similar treatment.

    You raise the examples of “unreasonable interpretations of the law involving car pools and lemonade stands”, yet what is unreasonable is that CASL’s breadth actually produces these unreasonable results. My car pool example included sharing costs which is the commercial element you failed to mention in your blog. The lemonade stand is caught too, your only real response was that it wasn’t likely going to be a practical problem, implicitly acknowledging that CASL will actually apply to kids promoting lemonade stands. That is unreasonable, not the fact that it is raised as a problem.

    The costs are real Michael. Perhaps you haven’t been involved in system design and database structures to assess the costs of switching to new rules.

    I think if read the explanation for the proposed changes to the programs part of the submission rather than focusing on the specific wording of the recommendation and taking it out of context you would see that the apparent and stated goals are not the nefarious scenarios you paint. I am sure you must be as concerned as anyone about fighting cyber fraud and cyber crime. Yet, reading your blog, one would never know it.

  10. Vice President, Canadian Marketing Association
    Michael, you confuse the debate around the consent by incorrectly suggesting that those opposed to an “opt-in” express consent model for Canada’s anti-spam law are calling for adoption of the U.S. model. The U.S. CanSpam framework allows organizations to send at least one email to a consumer without any form of prior consent, although any promotional email must include an unsubscribe link so that a consumer can readily unsubscribe from receiving further emails.

    The current discussion in Canada about consent to send commercial electronic messages has nothing to do with the U.S. CanSpam regime, and everything to do with what is a reasonable approach to obtaining prior consent to send messages to an electronic address.

    You will certainly know that Canadian privacy law already requires that organizations must obtain prior consent before using a personal email address to send a commercial message. Most Canadian organizations concerned about the CASL regulations have objected to a major change from the decade-old PIPEDA standard for obtaining prior consent. Typically consent is obtained by advising a consumer, when they are making a purchase or just signing up for something, that the organization plans to use their electronic address to send commercial messages and providing that consumer a clear and easy opportunity to say “no” to that use before they submit their info or complete the transaction. In other words, the consumer is given a specific offer to “opt-out” before they agree to the various terms of an arrangement and well before they receive any messages. If a consumer gives consent, yet later changes their mind, they can easily withdraw consent by using the unsubscribe link on the first message they receive. I should point out that responsible email marketers in Canada have provided an unsubscribe mechanism on every commercial email for the past decade or more – long before the anti-spam law was passed.

    CASL was intended to be a legislative framework of clear rules, penalties and enforcement powers to ensure a crack down on the “bad guys” – the real spammers and online fraudsters. Not surprisingly, when sending messages the spammers and fraudsters don’t obtain any form of the “prior consent” you refer to in your post – simply requiring prior consent will inevitably place the bad guys on the wrong side of the law – and that is certainly a good thing. But for responsible organizations and ethical marketers who already get prior consent, a significant change from the PIPEDA rules for obtainig that prior consent will have major implications interms of established business processes, existing and future databases, even employee training.

    Unfortunately, when the anti-spam legislation was reviewed at Standing Committee and MP’s specifically inquired about the difference between opt-in and opt-out consent, rather than of a meaningful explanation about the PIPEDA-compliant approaches that organizations use to obtain prior consent, they were offered the same flawed argument that an opt-out consent model necessarily equates to what you described as the “failed” U.S. approach.

  11. Devil's Advocate says:

    Spam is what someone else does…
    @Wally:

    It doesn’t surprise me that a CMA Vice President, whose existence involves the very promotion of marketing, would think that sending a consumer an unsolicited e-mail should only be considered spam when it comes from “the real spammers and online fraudsters”. In other words, if it comes from a CMA member, or similar, you think it isn’t still spam. Because spamming is what “someone else” does.

    You also brought up the CANSPAM model (which many Americans refer to as the “You CAN Spam” legislation) as if it qualified as an actual alternative to opt-in. The fact that someone has to “unsubscribe” to something they didn’t subscribe to in the first place completely places such a model in the opt-out category, period.

    Marketers of all ilk simply cannot stand the idea of opt in. And, for good reason, I’m sure. After all, they know when people are actually given the choice, the vast majority of them would never opt in, also for good reason.

    Coming from the CMA, I’m certainly not surprised at the objection. We’re talking about the same CMA that always does what it can to keep these same consumers from ever gaining control over their incoming telephone calls.

  12. Spam = any email from anyone whom I don’t have a relationship with or have not opted in to receiving
    I would not consider emails from friends about their kids lemonade stand to be commercial in any way shape or form. In any case, I already have a relationship with that person so them sending me emails is absolutely acceptable.

    Now emails from random people who I don’t know telling me about their kids lemonade stand is a totally different matter as I have no relationship with them. Same goes for emails trying to sell me anything or send me links for phishing sites, are most definitely spam. This includes any emails from any ‘offical’ marketing agency, business, or corporation. If I don’t have a relationship with you, your email to me is spam, no ifs, ands, or buts.

    As for opt-in being hard to do? Sorry but I call BS on that. When I sign up for Amazon, Future Shop, or whatever, all they need is a little check box asking if I want to get marketing/promo emails from them and most of these sites already do that. And then the ability in my profile page to either check or uncheck the option, which again almost all sites I use have.

    Similarly if I buy a product from them, but have not opted in to promo material, it is totally acceptable for them to send follow on emails warning me about recalls, or what not.

    And for sending follow-on emails asking about my purchasing experience is ok too, presuming that it is only sent once.

    Anything I receive outside of that is spam, plain and simple.

  13. @migzy – it would be great if that’s what casl actually did, no? Unfortunately it stops and harms legitimate activity that has noting to do with spam or malware – and does very little to curtail the spam and malware that is its very reason for being.

  14. RED: Wally Hill
    Hey Wally, care to comment on that whole spyware thing? Cause before you criticize anything of Geist’s I think it’s only fair that you justify what appears to be an absurd and wildly outrageous position. If you don’t talk about this, we can assume that you are trying to sweep this under the rug, in which case we can claim that you are quite the malicious organization. Have a nice day!

  15. I don’t particularly feel bad that “legitimate marketers” (ie. spammers unless I ask for it specifically) will have to change how they get consent to send me marketing message. Just because you may be Bell does not mean you are not a spammer when you send me unwanted messages.

    Plus based on the way things work now, rather than having check boxes automatically checked for marketing email, you need to just change them to unchecked. Of course since I don’t think most people who sign up online accounts rarely check or uncheck those, I can understand how it would make your job harder since you’d actually have to draw major attention to those so you could get people to sign up.

  16. If you think Marie`s story is unimaginable…, two weeks ago my friends mom earnt $4836 grafting 10 hours a week from there house and their roomate’s sister-in-law`s neighbour done this for 10-months and earnt more than $4836 parttime On their laptop. applie the information available on this page… http://www.bit90.com