MPs To Rewrite Canada's Anti-Spam Law (CASL)

Anti-spam legislation has failed to combat malicious emails, MPs yesterday told hearings of the Commons industry committee. A statutory review of the 2014 law is expected to result in amendments.

“No one is against the original intent of the legislation, which is to attack malware, the fraudulent or malicious spam that’s out there,” said Liberal MP Frank Baylis (Pierrefonds-Dollard, Que.). “We did hear there has been no concrete action taken against those players in the market, and the people getting swept up are the legitimate business operators.”

Bill C-28 An Act To Promote The Efficiency & Adaptability Of The Canadian Economy broadly restricts unsolicited “commercial electronic messages”. Marketers and retailers yesterday told MPs that enforcement by the Canadian Radio Television & Telecommunications Commission has resulted in six-figure fines for inadvertent mistakes by reputable companies.

“Everybody has told us it is way too broad,” said MP Baylis; “We understand that”. Conservative MP Maxime Bernier (Beauce, Que.), former member of the Conservative cabinet that introduced the Act, told the committee: “We know we have to change that legislation.”

The Act defines restricted email as any message with data, hyperlinks or contact information intended to “encourage participating” in commercial activity. “Unfortunately, I think the legislation has gone far beyond its original content,” said Jason McLinton, vice-president of regulatory affairs for the Retail Council of Canada. “In the end it has had limited success in targeting the Nigerian princes.”

McLinton said the Act should be rewritten “with a consideration of intent, so that those really stiff fines are focused on fraudulent, malicious, intentional spammers”; “The CRTC is not going to bring down the Nigerian prince over a phishing scam,” said McLinton.

The CRTC earlier levied a $150,000 fine against Porter Airlines for sending emails to prospective clients who’d unsubscribed from messages. Rogers Media in 2015 was fined $200,000 for sending emails without workable “unsubscribe” prompts

“The penalties under this Act are huge, and frankly if you get it wrong you could find yourself in difficulty,” said Wally Hill, vice-president of government and consumer affairs for the Canadian Marketing Association; “To date the penalties imposed under the legislation are not proportional.”

“We receive complaints from consumers about marketers’ activities, and the principle concern you hear from consumers is they want to have control over the communication they are receiving,” said Hill.

“Typically the complaints we receive are where an ‘unsubscribe’ request is being ignored. That is what consumers really want, and it’s a legitimate concern. They should be able to control the nature of the marketing communications they are receiving.”

The CRTC yesterday in an enforcement decision dismissed an appeal by a Québec company threatened with $1.1 million in fines for blitzing 475,000 email addresses in breach of the Act. CompuFinder Ltd. of Morin Heights, Que. in 2015 was cited for compiling an email database to pitch its executive training courses. The Commission lowered the fine to $200,000, noting Compu-Finder had net revenues of less than $100,000 a year.

“It has been estimated that in 2007, prior to the enactment of the legislation, the proportion of all email that was sent unsolicited was over 80 percent,” CRTC staff wrote in Enforcement Decision 2017-367; “The record clearly demonstrates that Parliament’s intention when enacting the legislation was to fight online threats in Canada, particularly unsolicited commercial electronic messages.”

Originally published in Blacklock's Reporter