Few Canadian laws have sparked as much animosity from the business community as Canada’s anti-spam legislation (CASL). The law, which took effect in 2014, has faced a barrage of complaints regarding its breadth and cost of implementation. Yet as a House of Commons committee nears the conclusion of a statutorily-mandated CASL review, it has become increasingly clear that the law has worked.
My Globe and Mail op-ed notes that while spam has obviously not disappeared from anyone’s inbox, the law never envisioned eradicating the proliferation of spam, spyware, malware, and other online ills. Rather, new data disclosed at the committee review reveal that Canada is a now a world anti-spam leader, resulting in more effective e-commerce campaigns and a significant reduction in the number of spam organizations operating within Canada.
Read more ›
The Standing Committee on Industry, Science and Technology is conducting a review of CASL, Canada’s anti-spam law. While the usual critics are out in full force, I had the opportunity to appear before the committee yesterday to explain why there is real harm, why CASL has helped solve the problem, and why claims that the law is overbroad are overstated. Of particular note was the discussion involving the significant decline in the number of major spamming organizations operating in Canada since the law took effect. Three years ago, Spamhaus’ Register of Known Spamming Organizations listed Canada as home to 7 of the top 100 spamming organizations worldwide (who are responsible for 80% of global spam). Canada’s presence on the ROKSO list has been dramatically reduced with only two Canadian-based organizations remaining on the list, suggesting that spam originating in Canada has experienced a significant decline. My full opening remarks are posted below.
Read more ›
On May 17, 2005, the National Task Force on Spam, which included stakeholders from the across the spectrum including the Canadian Marketing Association, ITAC, Bell, CAIP, and consumer groups, presented its final report to then-Industry Minister David Emerson. The unanimous report included the following recommendation:
There should be an appropriate private right of action available to persons, both individuals and corporations. There should be meaningful statutory damages available to persons who bring civil action.
The inclusion of a private right of action was no small matter. I was a member of the Task Force and recall discussion of lawsuits launched in the United States by large ISPs and Internet companies such as Microsoft and Amazon that had proven effective. It took nine years for the task force recommendations to become law when all parties – Conservative, Liberal, NDP and Bloc – supported the resulting legislation. The private right of action provision was to have taken an additional three years as the Conservative government chose to delay its implementation until July 2017 to give businesses three years to ensure compliance with Canada’s anti-spam law.
Yesterday, Innovation, Science and Economic Development Minister Navdeep Bains indefinitely suspended the private right of action before it could take effect. In doing so, Bains blocked important consumer redress for harmful spam and spyware that would have supplemented enforcement efforts overwhelmed by spam complaints. Bains indicated that the statutorily-mandated review of the law, which is required after three years, will be used to assess the law and the private right of action (the Canadian Federation of Independent Business holds out hope that it will be struck down permanently).
Read more ›
Canada’s anti-spam legislation has long been the law that Corporate Canada loves to hate. Months before it was slated to take effect in 2014, there were ominous warnings about how regulation would bring commercial e-mail to a screeching halt, banning everything from large-scale business marketing efforts to emails promoting a neighbourhood lemonade stand.
My regular Globe and Mail technology op-ed notes that nearly three years later, e-mail marketing is alive and well in Canada as many have adjusted to the tougher privacy standards that require informed consent prior to sending commercial electronic messages. Moreover, in a world where malware and ransomware have become serious cybersecurity threats touching millions of Internet users, the inclusion of antimalware provisions has proven prescient since they give authorities the legal tools to participate in global enforcement efforts.
Read more ›
The Trouble with the TPP and privacy, which includes weak privacy laws, restrictions on data localization, bans on data transfer restrictions, and a failure to obtain privacy assurances from the U.S., also includes the agreement’s weak anti-spam standards. Given the fact that nearly all TPP countries have some form of anti-spam law (with the exception of Brunei), the inclusion of anti-spam provision in the TPP was not surprising, yet the agreement sets the bar far lower than that found in many countries. Article 14.14 states:
Each Party shall adopt or maintain measures regarding unsolicited commercial electronic messages that:
(a) require suppliers of unsolicited commercial electronic messages to facilitate the ability of recipients to prevent ongoing reception of those messages;
(b) require the consent, as specified according to the laws and regulations of each Party, of recipients to receive commercial electronic messages; or
(c) otherwise provide for the minimisation of unsolicited commercial electronic messages.
The TPP provision features two key requirements: anti-spam laws that provide for a binding unsubscribe mechanism and some form of consent. Yet with the standard of consent left wide open, countries are free to adopt weak, ineffective standards and still comply with the TPP requirements. In fact, since spam raises global concerns that frequently requires cross-border co-operation, the TPP would have been an ideal mechanism to strengthen international anti-spam rules and enforcement.
Read more ›