Last week Michael Geist published a blog post summarizing his remarks to Industry Minister Moore as to why the almost universal criticisms of Canada’s anti-spam/malware law CASL are unfounded. He suggested it is intense lobbying by “squeaky wheels” with “knee jerk” “greatly exaggerated” and “Festivus” grievances about CASL” that has delayed bringing the law into effect”. He acknowledges that CASL creates new compliance obligations but suggests they are not onerous and even standard internationally (when referring to “opt-in” for spam) and that there is not much more to CASL than “a simple proposition – obtain customer consent and you can do pretty much whatever you like.”
Michael Geist is categorically wrong about CASL, the criticisms of it, and why CASL is not yet in force. In fact, he has been wrong about CASL since his testimony in 2009 before the Parliamentary Committee which studied what became CASL before it was passed by Parliament.
No one disputes that harmful forms of spam, malware or spyware need to be deterred. No one disputes that the public and especially consumers would benefit from an effective anti-spam/spyware law. No one disputes that CASL is intended to and would somewhat advance those goals.
The “squeaky wheels” Michael Geist refers to are organizations and individuals representing all sectors of the Canadian public including charities, not-for profit and educational institutions, private individuals, small, medium and large businesses, retailers, publishers, financial institutions, technology and telecom companies who want CASL fixed before it becomes law. Over 130 of them took the time to write to the Government to comment on the draft Industry Canada Regulations, almost all of them asking for CASL or the draft regulations to be changed.
Moreover, these “squeeky wheels” obviously read CASL to be a lot more involved and onerous than “a simple proposition – obtain customer consent and you can do pretty much whatever you like.”
The public’s “knee jerk” “grievances” about CASL is that its goals are not being met in a proportionate way and that, as structured and drafted, it would do far more harm than good to our digital economy, the protection of privacy, and digital freedoms and to everyone that has an interest in them including individuals, consumers, charities, not-for profits and businesses.
There is no good reason for a law that is intended to protect consumers to deprive them of valuable information they want and need by making it illegal to send messages that they will incur roaming charges, that a mortgage or other financial product of theirs is coming due, or other transactional or service messages, merely because they may not want other types of messages.
There is no good reason for a law that is intended to protect consumers to make it illegal to send them product recall information or safety or security information about products, goods or services the consumers use, have used or purchased, that may also inform them what their commercial options may be.
There is no good reason for a charity to have to cut off the poorest and most vulnerable members of society from receiving newsletters with needed information merely because it has some ad supported content unless the charity can obtain new express consents to replace the PIPEDA compliant consents they have been using for years.
There is no good reason for a law that is intended to promote privacy and security of online information to impair organizations from being able to secure their computer systems and networks and consumers’ personal information.
There is no good reason for a law that is intended to promote individual privacy to require individuals who want to send text (SMS) or similar messages that are CEMs to publicly post their names and addresses on a website and to thereby be forced to choose not to use their cells phones to send messages or to violate their own privacy interests.
There is no good reason for a law that is intended to be technologically neutral and to foster new business models to impose regulatory requirements designed for e-mail technologies on different more innovative messaging systems like social networks, portals, and IM networks where the regulatory requirements make no sense and can’t easily be complied with.
There is no good reason why a law that is intended to promote the use of open networks like the internet would define the term commercial electronic message so broadly that almost any type of content delivered by email becomes burdened by regulation including digital products such as ebooks, newsletters, magazines, music, videos, video games, and software (especially if they contain a hyperlink to the vendor’s website, the vendor’s logos or some information that tells consumers how to get an upgrade, update, or warranty service).
There is no good reason why a law that is intended to promote the growth of digital commerce would place our high tech industries in positions where they cannot compete with foreign competitors including in fast growing industries like cloud computing, computer outsourcing, and software distribution, maintenance and support.
There is no good reason for a law which is intended to protect individuals against the most harmful forms of spam to be so invasive as to make their most ordinary activities illegal including (contrary to what Michael Geist claims) a child sending out emails to invite neighbors to buy a glass of lemonade at his/her lemonade stand;[i] a child emailing the parent of a friend asking to baby sit or to shovel snow or mow a lawn for some extra school money; a child e-mailing her parents friends to buy Girl Guide cookies or to sponsor her in a school event; and e-mails sent out to acquaintances, colleagues, and business contacts asking them for sponsorship in a charitable event such as to raise money for cancer research or many other worthy causes.
There is no good reason why a law that is intended to promote expression using the internet would impair its use to such an extent that the public’s right to freedom of expression guaranteed by the Charter of Rights and Freedoms would be significantly impinged. These and many other criticisms about CASL are not “Festivus” grievances.
I have explained in detail elsewhere why CASL has these and other unintended consequences.[ii] It is CASL’s flawed structure and approach to spam and malware and poor drafting that has delayed its coming into force.
Michael Geist claims that CASL’s opt-in model is standard in most of the world including Australia. He has been saying this since Bill C-27 was first introduced. For example, when he testified about Bill C-27 before the Standing Committee on Industry, Science and Technology in June of 2009 he said that Australia has the “same opt-in consent model” He also testified that the term commercial electronic messages was defined “in much the same way”. He also testified that there was an exception for charities in CASL. He also told them that under that exception a University could send its alumni a newsletter that has advertising such as for a university branded credit card. He also told the Committee that CASL permitted sending newsletters, business publications, or company information to a consumer who made an inquiry about a company’s products or services more than six months before.
Michael Geist was inaccurate in what he told the Parliamentary Committee studying Bill C-27 and he continues to be inaccurate today when he describes CASL. For example, Australia’s SPAM ACT 2003 only targets a closed list of messages and consent can either be express or inferred,something that was pointed out to him at the INDU Committee by Liberal MP Siobhan Coady.[iii] The Australian law also has broader exemptions, such as for charities and educational institutions which CASL does not have.[iv] CASL would also have made it illegal to respond to the consumer inquiry, something Industry Canada recognized and had intended to fix in the second draft of its regulations.[v]
In his 2009 testimony, Michael Geist also made the claim that “any business or any organization can do anything it likes with respect to electronic marketing or software installation as long as it obtains consent”. This is essentially the same assertion he made to Minister Moore last week at “Festivus”. This simplistic view of CASL failed then and fails now to recognize that there are a plethora of situations where an express consent cannot always be obtained or should not be necessary. A classic example is where consumers’ safety is at risk, a situation that Michael Geist acknowledged was a potential problem with CASL on being questioned about CASL in 2009 by Liberal MP Marc Garneau.[vi] That is why both Australia (and New Zealand), which Michael Geist has always held out as a model for Canada, also recognizes consents that can be inferred from the conduct and business and other relationships of the persons concerned.
What is surprising is that Michael Geist continues to be CASL’s most staunch supporter. Ordinarily he advocates for an open Internet, technologically neutral solutions to Internet regulation, freedoms of speech, especially internet speech, protection of privacy, advancing the interests of consumers, and digital strategies that support new and innovative business models. Yet, overall, his unqualified support of CASL runs counter to these principles.
There was good reason for Minister Moore to meet with Canadian organizations from all sectors to hear about the problems with CASL. Minister Moore has a very good appreciation and interest in digital issues. One can hope he will recognize what just about everyone else does and fix CASL before it becomes law.
For more information about CASL See, CASL: the unofficial FAQ, regulatory impact statement, and compliance guideline.
[iii] Michael Geist asserts that Australia has an opt in model that is the same as what is in CASL. However, he was corrected about this when he made the same assertion in 2009 at the INDU Committee by a MP Siobhan Coady:
“Ms. Siobhan Coady: I’m going to move to consent provisions again, similar to what I started talking about an hour and a half ago. One of the concerns that keeps getting raised to me is that the consent provisions for the anti-spam prohibition are narrow. I’m going to look at what was adopted by PIPEDA and quoted by the anti-spam task force. It defined implied consent much more broadly than the legislation currently does. It says: “…where consent may reasonably be inferred from the action or inaction of the individual.” This covers situations where intended use or disclosure is obvious from the context…. What I’m reading in this particular bill is much more narrow than that. When I look at instances–for example, the Australia Spam Act, or the New Zealand spam act–that actually define consent to include express consent or consent that can be inferred from the conduct and business and other relationships without limiting the circumstances in which such consent can exist, then I’m concerned that we’re a bit narrow in this bill. Can you just give me some assurances? The anti-spam task force again recommended broader exceptions. For example, it said on page 44: If the organization has service, warranty or product-upgrade information, or if there are health and safety issues related to the product purchase, the organization may send e-mail messages to its customers. As I read Bill C-27, it doesn’t do that.
Prof. Michael Geist: I’m going to repeat this. As long as you understand that there’s a huge, massive exception, get consent. All of this is permitted as long as you obtain consent. We are now only in that basket where someone hasn’t actually obtained the person’s consent in the first place. They don’t really know whether the person wants to get this information. In every other instance where the person has actually given them consent, it’s fair game, and they can do whatever they like. So we’re only in that particular basket.”
[iv] See Schedule 1-Designated commercial electronic messages. Under CASL, there is only a limited exception for charities where the specific criteria for the existing non-business relationship consent exception can be met, which is why Imagine Canada is asking for an exception.
[vi] In the 2009 INDU Committee hearing MP Marc Garneau had this interchange with Michael Geist on this subject:
Mr. Marc Garneau: Let me ask you about some examples of what might be considered spam under the bill as currently written. A business that sends an electronic message that provides warranty, product recall, safety or security information about goods purchased more than 18 months previously, is that an example of spam, in your opinion?
Prof. Michael Geist: It’s not, and it’s not a problem under this bill. If I purchase a car seat for my daughter and send in the warranty card and give them consent to send me regular updates, as I no doubt would, because I’m going to be concerned about the prospect of safety recalls, then they can continue—and I would hope that they would—to send me any of that information. All they have to do is to obtain the necessary consent. It’s open to the consumer in every instance to ensure they get that warranty information.
Mr. Marc Garneau: So you’re saying that if the consent has not been given, it would constitute spam.
Prof. Michael Geist: I’m saying that if it is outside the 18 months and the consumer didn’t give consent for that warranty information to be sent to them, then I suppose, yes, it might be.
Neither Marc Garneau nor Michael Geist canvassed the challenges of interpreting s6(6)(a) to determine its actual scope.