Response to House of Commons study on Canada’s Anti-spam Legislation

Last week, the Honourable Navdeep Bains, Minister of Innovation, Science and Economic Development (ISED) – formerly Industry Canada – responded to the House of Commons study on Canada’s Anti-spam Legislation (CASL). As a reminder, the Information Technology Association of Canada (ITAC) testified as part of the Standing Committee on Industry, Science and Technology’s (INDU) review of Canada’s Anti-Spam Legislation.

Our submission to the Committee is available here. We noted on behalf of our industry the significant challenges that CASL’s overly broad scope and prescriptive requirements have created for legitimate businesses, including how some elements of CASL, such as the computer software requirements, can undermine innovation and cybersecurity. We also noted how the scope of what is and what is not a commercial electronic message needs to be clarified.

To be fully transparent, it’s important to note that in my former role, I was the lead developer of this legislation, and the regulations, as manager of the National Anti-spam Coordinating Body at ISED from 2008 to 2015. As a result, I can provide a different perspective on what changes are expected, and in certain circumstances, needed.

The INDU Committee report made recommendations to the Government to help clarify how to comply with the law, and asked the Government and agencies to help limit costs to business and better guide compliance.

The legislation itself was developed hurriedly (from February to April 2009) and for a Bill with some 320+ clauses and sub-clauses, it was a significant endeavour. By contrast, The Electronic Commerce Protection Regulations (ECPR), which focused on providing exceptions and exemptions to industry, were developed over the course of over three years and significant consultations with Canadians.

The original goal of CASL was to address the most malicious forms of spam, malware and botnets as these undermine consumer confidence in electronic media and would slow Canadians’ engagement in the Digital Economy. At the time the legislation passed (upon re-introduction in 2010), some complications during the Parliamentary process saw the short title (Fighting Internet and Wireless Spam Act) removed at Committee (INDU), and, a draft speech which included a motion to re-introduce the original short title (Electronic Commerce Protection Act) to be delivered in the House of Commons wasn’t used.

Subsequently, the Bill was moved to the Senate without a short title. It would have slowed down passage to introduce a short title in the Senate, which would have required the Bill to return to the House of Commons for approval. It’s the only Act developed in recent history with no short title, and the long title is over 50 words long. Where this creates a problem is when other Acts or Bills refer to CASL, the must do so using the long title; this chews up a lot of space on the page.

Consequently, the response from Minister Bains indicates that the first proposed area of action from Government is to consult on a new short title. I suggest this would be a waste of time, money and effort, as the stakeholder community has identified with the Act’s nickname, CASL, and it only solves a problem that exists for Government.

More importantly is that when enacted, the Legislation did not have sufficient guidance for businesses and marketers to simply comply with the law. Attempts were made, because ISED believed CASL should be easy to comply with, especially for small businesses. Unfortunately, there were power struggles between agencies and departments over whom could provide this information and offer certain interpretations of the law, including the interpretation what is, and what is not, a commercial electronic message or a computer program.

What did catch us off-guard, was the extent of confusion around how certain provisions were being interpreted, by consultants, lawyers and businesses. Many in this community were seeking to profit from providing advice to business about how to comply, essentially filling the void left by a lack of simple compliance guidance from the Government. Because of the size of the potential penalties for violations (up to $10 million CDN) businesses were fearful, confusion was evident and many sought external advice on how to comply.

To be fair, the anti-spam provisions of the legislation were borrowed extensively from Australia, New Zealand and Japan; Canada literally copied certain provisions verbatim. The assumption was that these were tried, tested and had been applied to economies not wholly dissimilar from Canada. I had also engaged my counterparts in those jurisdictions to ask if business found it difficult to comply, and the answer was resoundingly ‘no’. The difference was that those laws were enacted in 2003/2004, whereas Canadian businesses had already been living without requirements on commercial messaging up to 2014. Migrating pre-existing practices to become compliant with CASL would be complex for some.

Moreover, the computer installation provisions to address the installation of malware on users’ computers were new in administrative law on a global level. There was no pre-existing law to follow. Again, no simple guidance and clear interpretations leaves many businesses confused about just how and when CASL does and does not apply.

To address the confusion and compliance costs, INDU asked Government to clarify interpretations and provide improved guidance to Canadians, who want to comply. The goal is to increase compliance with the Act and to focus enforcement on actual spammers, phishers and scammers. Unfortunately, the Government’s response provides no critical path to this end, and no timelines for amending the Legislation or the accompanying Regulations (ECPR).

The Government essentially said, we’d like to consult on INDU’s recommended changes and would think about amendments to the Act and Regulations. These included: adding a short title; clarifying definitions and certain sections and how these are applied; and reviewing how to implement the Private Right of Action (which would allow consumers and businesses to sue those who violate the Act for both actual and statutory damages), by potentially requiring it to be linked to “tangible harm”.

This is not surprising, given that the Government is trying to provide itself with as much flexibility as possible, hence, no promises to amend or update the law or Regulations. Essentially, the document says they’ll get to work on it.

So, what’s next? ITAC will engage ISED and the Canadian Radio-television and Telecommunications Commission (CRTC) in the coming weeks to provide our industry’s position on these issues and highlight some of the key areas that need reform, including the computer installation provisions.