Spam laws gone wrong
To date, three years after Canada’s AntiS pam Legislation (CASL) went into force, only eight public fines have reportedly been levied, none of which have been against an entity outside Canada. Yet, the bulk of spam and cybersecurity threats originate outside Canada.
Moreover, many have accused the CRTC, which enforces CASL, of using it as a blunt instrument against legitimate Canadian companies. For instance, three of t he eight f i nes were “undertakings” against Rogers Media Inc., Porter Airlines, and Kellogg Canada Inc., none of whom are exactly fly- by- night scammers ( an undertaking is a nice way of saying “don’t fight this fine and it’ ll cost you less money and public embarrassment”). When a group of people dreamed up this legislation — starting as early as 2004 — was the aspiration really for regulators to go after legitimate Canadian companies that employ thousands of people and help drive our economy?
On September 26 at a parliamentary committee meeting, the CRTC noted that it exercised restraint, having i ssued numerous warnings, and not only notices of violations and undertakings. Yet at the October 17 committee meeting, a Rogers executive reported that: “During this committee review, we have heard that warning letter( s) are often issued for violations requiring corrective action. This was not the experience of Rogers when faced with a CASL investigation. We were given no warning at all.”
And a new Canadian Chamber of Commerce survey found that 42 per cent of business operators agreed strongly that “obtaining CASL- compliant consent is too difficult,” 56 per cent agreed strongly that “the ( CASL) l egislation i s too complicated and confusing” and 63 per cent agreed strongly that their “organization is concerned about the high penalties under CASL.”
Opponents of CASL reform often cite Cloudmark’s 2015 Q1 Global Threat Re- port, which noted that spam originating from Canada dropped 37 per cent. However, these same opponents often fail to cite that the same study also noted a 29- per- cent drop of all emails originating f rom Canada, legitimate or not. When Canadian businesses are prohibited from sending reasonable electronic messages, they become less competitive against foreign counterparts who are under less stringent anti- spam requirements.
And then there are the recently cited results of the Return Path 2017 Deliverability Benchmark Report that positively notes that Canada has among t he highest email- deliverability rate in the world, at 90 per cent. The same report also showed that Australia is identical at 90- per- cent deliverability. Ironically, one of the most prominent rec- ommendations by business groups across Canada ( referenced in a 2015 Canadian Chamber policy paper and most recently recommend by a major coalition including the Canadian Bankers Association, CFIB, Canadian Chamber, Retail Council of Canada, Canadian Marketing Association, and others) is for l awmakers to reform CASL’s rules for implied consent to receive communications to better match Australia’s. Australia refers to its implied consent as “inferred” consent, which allows for a consumer’s consent to be implied in situations where it’s reasonable to think that, given the circumstances, it would appropriate to send a commercial electronic message ( CEM) to the recipient. Making this slight alteration to CASL would lessen the anti- competitive environment the CRTC has created for Canadian businesses.
As a result of markedly improved technologies used by email service providers and global collaboration around the formation and maintenance of email blackl i sts, actual spam really isn’t a major nuisance issue for most people anymore. However, cyber- security threats are growing. Canada requires an effective anti- spam legislation that targets threats while leaving reasonably appropriate CEMs untouched. Through reform, CASL has the potential to be just that, but it needs to be improved to allow for companies to easily comply, while still protecting consumers.
Some ways to improve CASL is to make implied consent much broader and therefore, practical. In that vein, get rid of the excessively expensive- to- admini strate two- year and sixmonth “existing business relationship” purge dates; put the legal onus solely on the party that authorizes the creation and sending of a CEM so that innocent intermediaries aren’t being inadvertently caught by the act; and narrow private right of action to only be in the hands of email and internet service providers in all cases, and consumers in the most egregious of situations (i.e., cyber security).
CASL need not be thrown out with the bathwater, but it can and should be improved to stop punishing legitimate businesses.
WAS THE ASPIRATION REALLY FOR REGULATORS TO GO AFTER LEGITIMATE CANADIAN COMPANIES?