The Standing Committee on Industry, Science and Technology continues its hearing on the Digital Privacy Act (Bill S-4) yesterday, with appearances from Privacy Commissioner of Canada Daniel Therrien, the Canadian Chamber of Commerce, and the Canadian Marketing Association. Therrien expressed general support for the bill, but concern with the expanded voluntary disclosure provision.
The Canadian Chamber of Commerce and the Canadian Marketing Association seemed to take the committee by surprise by criticizing a provision in the bill that clarifies what constitutes meaningful consent. The proposed provision states:
6.1 For the purposes of clause 4.3 of Schedule 1, the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting.
That provision should be uncontroversial given that it only describes what most would take to mean consent, namely that the person to whom the activities are directed would understand the consequences of consent. Indeed, Therrien expressed support for the change, noting:
Read more ›
With the final Industry Committee review of C-27, Canada's anti-spam legislation, set for Monday afternoon, lobby groups have been increasing the pressure all week in an effort to water down many of the bill's key protections. Yesterday, the Canadian Marketing Association chimed in with an emergency bulletin to its members calling on them to lobby for changes to the bill. While the CMA was very supportive of the bill when it appeared before the committee in June, it now wants to kill the core protection in C-27 – a requirement for express opt-in consent.
The use of express opt-in consent is consistent with the experience in countries such as Australia and Japan, who have found that either opt-out (the customer must request off the list) or implied opt-in (the business assumes it has consent based on other factors) is ineffective and prone to abuse. C-27 includes many exceptions (business-to-business, all non-commercial email among them) to protect businesses, but without an express opt-in approach as the default, the law's effectiveness will be severely undermined. While the CMA did not even raise the issue in June, now it wants the bill changed, seeking reforms that would allow for implied consent, particularly where the information is less sensitive. The CMA argues that it needs the reforms to allow marketers to rent lists of potential customers, yet C-27 does nothing to stop renting lists with customer names who have opted-in. Instead, the CMA's change would eviscerate a key foundation of the bill by opening a huge loophole in the consent provisions.
Read more ›
My weekly technology law column (Toronto Star version, Ottawa Citizen version, homepage version) builds on the CRTC's announcement last week that the national do-not-call registry (DNC) will be operational by September 30th. I report that the CRTC also recently affirmed the ability for Canadians to use third-party websites – particularly iOptOut.ca – to opt-out telemarketing calls from organizations that are currently exempt under the law.
Last March, I established iOptOut.ca, a website that enables Canadians to opt-out of many exempted organizations with a few easy clicks at no cost. Visitors to the site are asked to enter their phone number (and email address if they wish) and to indicate their calling preferences for nearly 150 organizations. The public reaction has been extremely supportive. Since its launch, the site has sent out millions of opt-out requests on behalf of tens of thousands of Canadians. The reaction from several leading associations has been less enthusiastic. Within weeks of its debut, both the Canadian Marketing Association and the Canadian Bankers Association sent letters to CRTC Chair Konrad von Finckenstein complaining about the service and seeking support for their position that requests generated from the site were invalid. In fact, the CMA sent a notice to its members stating that "it is the view of the Association that members need not honour do-not-call requests that originate from the organization in question."
Von Finckenstein recently responded to the letters (CMA letter, CBA letter – posted with CRTC permission) with an unequivocal rejection of the complaints, providing a clear indication that failure to honour the opt-out requests could lead to significant penalties (companies face penalties of up to $15,000 per violation under the law).
Read more ›
The Canadian Marketing Association responds to this week's column on the iOptOut service with a letter to the editor professing its support for the national do-not-call list (though notably not for the public's right to opt-out without first receiving a phone call). Update: The CMA's John Gustavson responds to an […]
Read more ›
My weekly technology law column (Toronto Star version, Ottawa Citizen version, Vancouver Sun version, homepage version) focuses on the reaction to iOptOut.ca which includes advice from at least two Canadian associations to their members not to respect the legitimate opt-out requests of thousands of Canadians. I argue that this provides a good sense of what lies ahead this fall when the government-mandated list makes its long awaited debut. The iOptOut.ca site is based on a simple premise, namely that Canadian privacy law already gives Canadians the right to withdraw their consent over the use of their personal information (including phone numbers) for telemarketing calls. Visitors to the site are asked to enter their phone number (and email address if they wish) and to indicate their privacy preferences for nearly 150 organizations.
With a single click, the selected organizations each receive an opt-out request, enforceable for the moment through the complaint process under national privacy law. Once the do-not-call list is up and running, there will be a further enforcement mechanism – complete with financial penalties – for those organizations that do not respect the opt-out request. After only one week online, it has become readily apparent that the site has struck a chord with Canadians. More than 17,000 phone numbers have been registered, resulting in over 1.7 million opt-out requests. Interestingly, many users pick-and-choose their organizations, as over a quarter of all registrants do not check all available options.
Read more ›