The launch of Canada’s anti-spam law generated considerable criticism suggesting that the law was unenforceable and would not have a discernible impact on spam. Recent enforcement actions by the CRTC and the Competition Bureau, which led to millions on fines, demonstrates that the law can be used to target businesses that run afoul of the law. Now a new study from Cloudmark, a network security firm, concludes that there was a significant drop in spam originating from Canada once the law took effect. Moreover, Canadians received considerably less email after CASL was implemented. Cloudmark states:
Post Tagged with: "casl"
CRTC, Competition Bureau Enforcement Actions Show Anti-Spam Law Has Teeth
As the launch of the Canadian anti-spam law neared last spring, critics warned that enforcement was likely to present an enormous challenge. Citing the global nature of the Internet and the millions of spam messages sent each day, many argued that enforcement bodies such as the Canadian Radio-television and Telecommunications Commission and the Competition Bureau were ill-suited to combating the problem.
My regular technology law column (Toronto Star version, homepage version) notes that in recent weeks it has become increasingly clear that the CRTC and the Bureau can enforce the law against companies that send commercial emails that run afoul of the new legal standards. Those agencies have completed three enforcement actions against Canadian businesses that point to the risks of millions of dollars in fines for failing to obtain proper consent before sending commercial messages, not granting users the ability to unsubscribe from further messages, or sending false or misleading information.
In Defence of Canada’s Anti-Spam Law, Part Two: Why the Legislation Is Really a Consumer Protection and Privacy Law in Disguise
My first post defending Canada’s anti-spam law focused on why spam remains a problem and how the new law may help combat fraudulent spam and target Canadian-based spamming organization. Most would agree that these are legitimate goals, but critics of the law will argue that it still goes too far since it covers all commercial electronic messages, not just fraudulent or harmful messages.
If the law were only designed to deal with harmful spam, they would be right. However, the law was always envisioned as something more than just an anti-spam bill. Indeed, when it was first introduced, it was called the Electronic Commerce Protection Act, reflecting the fact that it was expressly designed to address online consumer protection issues (the name CASL was an unofficial working name developed within Industry Canada). The law has at least three goals: provide Canada with tough anti-spam rules, require software companies to better inform consumers about their programs before installation, and update Canadian privacy standards by re-allocating who bears the cost for the use of personal information in the digital environment.
In Defence of Canada’s Anti-Spam Law, Part One: Why Spam is Still a Problem and the New Law Will Help
Canada’s anti-spam legislation took effect at the beginning of the month, sparking a steady stream of critical opinion pieces calling it an absurd solution to a mostly non-problem or “ludicrous regulatory overkill.” The criticisms generally boil down to three claims: spam isn’t a big problem, the law is ineffective because most spam originates outside Canada, and the law is overbroad because it targets legitimate businesses alongside fraudulent spam. I think all three criticisms are wrong. This post addresses why spam is still a problem and how the law will help. A second post tomorrow tackles the broad scope of the law, arguing that it is better understood as privacy legislation that fairly apportions the costs associated with electronic marketing.
Enforcing CASL: How To Report Spam Violations
With Canada’s anti-spam law now in effect, many are starting to ask about enforcement of the law. While no one should expect the law to eliminate spam, the goal much more modest: target the bad actors based in Canada and change the privacy culture by making opt-in consent the expected standard for consumer consents. The CRTC, the lead regulatory agency, has made it clear that the fear-mongering of million dollar penalties for inadvertent violations is not going to happen. Chair Jean-Pierre Blais recently stated:
Recent Posts
The Law Bytes Podcast, Episode 235: Teresa Scassa on the Alberta Clearview AI Ruling That Could Have a Big Impact on Privacy and Generative AI 
What Is With This Government and Privacy?: Political Party Privacy Safeguards Removed in “Affordability Measures” Bill 
More Than Just Phone Book Data: Why the Government is Dangerously Misleading on its Warrantless Demands for Internet Subscriber Information 
Privacy At Risk: Government Buries Lawful Access Provisions in New Border Bill 
The Law Bytes Podcast, Episode 234: “Solutions Aren’t Going to be Found Through Nostalgia”: Mark Musselman on the CRTC Hearings on Canadian Content Rules
