For the past month, business groups from across the country have waged an extraordinary campaign against Canada’s anti-spam legislation. With the long overdue law likely to take effect by year-end, groups such as the Canadian Chamber of Commerce, the Canadian Federation of Independent Business, and the Canadian Marketing Association, have launched an all-out blitz to carve out large loopholes in the law and exempt highly questionable conduct.
My weekly technology law column (Toronto Star version, homepage version) notes that the business groups’ chief concern is that the law moves Canada toward a stricter “opt-in” privacy approach that requires marketers to obtain customer consent before sending commercial electronic messages. The move will provide Canadians with greater control over their in-boxes, while also resulting in more effective electronic marketing campaigns for businesses.
Moreover, the government has added numerous safeguards for business to the law. The general requirement may be opt-in consent, but there are many exceptions that allow for softer, implied consent. These include exceptions for existing business relationships, personal and family relationships, business-to-business emails, and third-party referrals.
In fact, there is even an exception for email addresses that have been posted online without a notice that the poster does not wish to receive unsolicited commercial email. For companies seeking to develop lists of potential contacts, this exception ensures that will remain a possibility.
In addition to the exceptions, the business community has been granted years to comply with a transition period that could run to 2017 before a business must switch to opt-in consent for its existing customers.
Despite the numerous carve outs, the business groups claim that the law will result in significant new expenditures, including the need to maintain a database of opt-in consents and a website to allow for easy access to contact information and unsubscribe mechanisms. Yet those businesses are already required to maintain databases with opt-out information and electronic marketing without a website seems somewhat pointless.
Perhaps the most surprising demand from business groups is an expansive exception to a new requirement to obtain express consent prior to the installation of computer software. The groups have asked the government to delay implementation of this rule indefinitely. Alternatively, they are seeking at least ten additional exceptions, including one that would permit surreptitious surveillance for private enforcement purposes.
The business groups’ proposed provision would remove the need for express consent for the installation of any program designed “to prevent, detect, investigate, or terminate activities” such as the unauthorized use of a computer or the contravention of any law, whether Canadian or foreign. Once operational it would effectively legalize spyware in Canada on behalf of these industry groups and create a new mechanism for enforcing foreign laws in Canada.
The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. So too would programs designed to block access to certain websites, attempts to access wireless networks without authorization, or even key-logger programs that track unsuspecting users.
The anti-spam law was enacted with the promise of increasing consumer confidence in e-commerce by providing protections commonly found in other countries. With the latest round of lobbying, however, business groups are pressuring Industry Minister Christian Paradis to turn the law upside down by shifting from protecting consumers to protecting businesses.