The legality of recommending a dental surgeon to someone with a toothache should be a no-brainer. But under CASL sending anyone an email, IM, or other electronic message that encourages participation in a commercial activity may be illegal. Even recommending a dentist to a person with a toothache could be illegal under CASL. In fact, in many instances it would be impossible for the average Canadian to comply with all of CASL’s strictures even if all they wanted to do was recommend a dentist to someone with a toothache.

To determine whether a person will be able to legally email a recommendation for a dentist to someone asking for one without worrying about violating CASL, the average Canadian will have to make a number of legal determinations.

The first is whether the email or other electronic message is a “commercial electronic message” (a “CEM”).  An email would be an electronic message. To be a CEM the message including any links in the message need only encourage participation in a commercial activity. It is not limited to encouraging participation in a commercial activity with the sender of the message.

My email to my relative may well have been a CEM because it contained a recommendation and encouragement to purchase services from a dental surgeon and because the link to the clinic would display the clinic’s website which contains a description of clinic’s services, hours of operation, contact details, and other information about the clinic designed to solicit patients and new business. The referral to another dentist to recommend a dental surgeon would not likely have been enough to make the email a CEM on its own. However, since an email is a CEM if any part of it encourages participation in a commercial activity, the email as a whole would still likely be a CEM.

The next question is whether CASL contains any exceptions that make its internationally unprecedented onerous requirements inapplicable. There is an exception that permits a CEM to be sent to a person who has a personal or family relationship with the sender, as defined in the regulations. Since only draft regulations are available, we don’t know for sure whether sending a CEM to one’s relatives, friends or others will be illegal or not if CASL is not complied with. However, if we assume that the regulations that are ultimately finalized will be at least as broad as the draft CRTC and Industry Canada regulations, we can make some preliminary conclusions.

Under the draft Industry Canada regulations family relationship and personal relationship are defined as follows:

(a) “family relationship” means the relationship between individuals who are connected by

(i) a blood relationship, if one individual is the child or other descendant of the other individual, the parent or grandparent of the other individual, the brother or sister of the other individual or of collateral descent from the other individual’s grandparent,

(ii) marriage, if one individual is married to the other individual or to an individual connected by a blood relationship to that other individual,

(iii) a common-law partnership, if one individual is in a common-law partnership with the other individual or with an individual who is connected by a blood relationship to that other individual; and

(iv) adoption, if one individual has been adopted, either legally or in fact, as the child of the other individual or as the child of an individual who is connected by a blood relationship to that other individual; and

(b) “personal relationship” means the relationship, other than in relation to a commercial activity, between an individual who sends the message and the individual to whom the message is sent, if they have had an in-person meeting and, within the previous two years, a two-way communication.

Under these definitions some of my relatives and I would have a “family relationship”. For example, CASL exempts sending CEMs to parents, siblings, children, and other lineal descendants. I could also respond to an email with an email recommending a dentist to my aunts and uncles and first and second cousins as they are of “collateral descent” to my grandparents without violating CASL.[1]

Once you get past the obvious close “family” relationships, however, the average Canadian would need to have the knowledge of an estates, family, tax or immigration lawyer to know whether their family member is someone to whom they can recommend a dentist without being subject to CASL’s strictures.[2] Recommending a dentist would likely be illegal if sent by email, for example, to a great uncle or aunt or someone more removed than a second cousin, or members of their immediate families, unless CASL’s strictures are complied with.

CASL exempts certain friends where they fit into the “personal relationship” class, as defined in the regulations. However, CASL and its prohibitions against sending emails and other electronic messages that are CEMs would apply to a variety of other situations the average Canadian would never expect. It would apply to sending a recommendation to a friend you went to high school or university with, played a sport or went to camp with, were members of the same club, or simply had lost touch with, and hadn’t spoken or “had a two-way communication” within the last two years. It would apply to a friend who had moved away for a few years and was moving back and needed a dentist. You couldn’t email a friend of a friend to recommend a dentist, without violating CASL. You couldn’t recommend one to your brother or sister’s friend, or the parents of your child’s friend. You couldn’t reply to an email to recommend a dentist by email to a person you met at a party from out of town, but that you didn’t have a chance to directly speak to.

You also couldn’t send an instant message to someone recommending a dentist you had been conversing with over Facebook, even though you may have shared family pictures and videos with the person as well as had real time live video chats with the person continuously over the course of years. CASL does not recognize virtual friends as “friends”, even though many people would, at least in some circumstances.

Trying to help others by recommending a dentist to remedy a toothache could also be illegal in many other circumstances. If the person asking for help is not within the definition of “family relationship” or “personal relationship”, making a recommendation using email could be illegal. For example, if you are a lawyer negotiating a deal with out of town lawyers and are asked by email for a recommendation to a dentist to address a sudden toothache, none of the CASL exceptions would apply. They would also not apply to helping out a person you had just met related to a commercial activity e.g. a sales meeting with an out of town potential customer or supplier.

Unless the person asking for help is totally excluded from CASL by virtue of being in the “family relationship” or “personal relationship” classes, the next question the average Canadian will need to know before responding to a request for help is whether the person has the consent of the recipient to respond to the email. Again, one would have thought that it was a no-brainer that a person could reply to an email asking for a dental recommendation since one could easily imply or infer consent from the request. However, unlike New Zealand and Australia, Canada has chosen not to recognize inferred consents as valid under CASL. CASL also excludes all implied consents unless the relationship between the parties falls into the tightly defined categories of “existing business relationship” or “existing non-business relationship”, or several other limited classes in Section 10(9). In the case of a request for a dental referral, none of them are necessarily going to be applicable. Neither would any of the exceptions in Section 6(6) which sets out specific circumstances in which the requirement for an express consent is waived.

In these circumstances, a person could only respond to the email request if the request itself can be construed as an “express consent” to respond with a recommendation. CASL does not define the term “express consent”. It likely means an affirmative consent – something more than the type of consent that can be implied under paragraph 4.3.7 of Schedule 1 to PIPEDA,[3] or inferred from the circumstances. From a form perspective, it may also require that the consent be in a verifiable form including in writing or in an electronic format.[4] If so construed, an oral consent would not be recognized as a valid consent.

It is unclear whether a person asking for a recommendation gives an express consent (as contrasted with an implied or inferred consent) to reply with a recommendation. It is even more unclear whether a request for help includes an express consent for a third party, such as in my case, my wife, to give her recommendations. In the circumstances, there would be little doubt that my wife would have had implied or inferred consent. But, that would not have been enough to make her reply legal under CASL. CASL even makes it illegal to ask someone for consent to send him or her a CEM. Calling to ask permission wouldn’t help either since CASL’s draft regulations require all requests for consent to be in writing. So as absurd as it seems, it would not be clear that my wife or I would have had consent under CASL needed to make recommendations to the person in need of dental services –  even in reply to the person’s own email asking for help. Even more incredibly, there would be no legally recognized way to even ask for the consent.

Even assuming my wife and I had express consent to send the email replies, the emails would still need to comply with CASL (and its regulations’) formalities. In particular, our emails, to be legal, would need to

(a) set out prescribed information that identifies the person who sent the message;

(b) set out information enabling the person to whom the message is sent to readily contact the sender (the contact information must be valid for 60 days; and

(c) set out the prescribed unsubscribe mechanism.

Under the draft CRTC regulations, our email replies would have been illegal unless they contained our names and our “physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address”.

It seems absurd that my wife and I would be forced to disclose our personal information – information protected by PIPEDA – simply to reply to an email requesting a recommendation for a dental surgeon. However, CASL compels every individual who sends a CEM on their own account to disclose this personal information. In fact, CASL makes all anonymous commercial speech in the form of CEMs illegal in Canada, regardless of the circumstances.

Moreover, it would be illegal to send the recommendations unless the other CASL requirements including having a web address and a voice mail system are met. My wife doesn’t have a web site. While I have this blog, it is not set up to receive communications under CASL. Accordingly, when CASL is proclaimed into force, we would not be able to reply to requests for recommendations in a manner that meets CASL’s identification requirements.

It doesn’t end there. CASL also sets out extremely onerous requirements for an unsubscribe mechanism which must be included with all CEMs. Under CASL, the unsubscribe mechanism must

(a) enable the recipient to indicate, at no cost to them, the wish to no longer receive any CEMs, or any specified class of such messages, from the sender, using (i) the same electronic means by which the message was sent, or (ii) if using those means is not practicable, any other electronic means that will enable the person to indicate the wish; and

(b) specify an electronic address, or link to a page on the World Wide Web that can be accessed through a web browser, to which the indication may be sent.

Under the draft CRTC regulations, the unsubscribe mechanism must also be able to be performed in no more than two clicks or another method of equivalent efficiency.

So, incredibly, under CASL, unless one of the “family” or “personal” relationship exemptions applies, neither my wife nor I could legally respond to a request for a recommendation for a dentist unless we also included in our emails the above unsubscribe options to the hapless requestor. CASL would require the average Canadian to license the same kind of “unsubscribe” tools that have become common place with commercial newsletters and mailouts – just to be able to recommend a dentist to a person with a toothache.

It is also interesting to consider the position of the dentists who were asked for email recommendations for dental surgeons. Their recommendations would likely also be CEMs. If they responded directly to my wife or me, they may, depending on our relationship with them, have an existing business relationship which would permit them to reply to us without an express consent. However, they would likely not have had express consent to send recommendations directly to my relative, nor would any consent to send these CEMs be implied under CASL. The dentists wouldn’t even have been able to pick up a phone to call to get permission to send recommendations electronically or send an email asking for permission. Accordingly, it would likely be illegal for the dentists to reach out electronically to my relative with recommendations for an oral surgeon. It also seems unlikely they would even think to comply with CASL’s identification and unsubscribe requirements. Their best legal course of action would be to refuse to help – and leave my relative without important information needed to assess what dental surgeon to retain. Ironically, they could communicate with my relative through conventional mail or by phone, methods usually seen as more intrusive forms of communications.

The strictures of CASL will also apply to other electronic formats including messages sent using instant messaging systems like BlackBerry Messenger (BBM) and other social networks, and SMS messages. They would also likely apply to recommendations forwarded using services such as Groupon or Livingsocial. However, it is virtually impossible to practically comply with all of CASL’s formalities using these messaging types – even assuming it is desirable to have these formalities apply in the circumstances.[5]

Consider for example if the request for the recommendation for the dental surgeon had been received via an SMS message. It would likely be impossible for the average Canadian to respond to the message via an SMS message. As noted above, CASL requires each CEM to include detailed identification information as well as an unsubscribe mechanism. It is impossible to include all of this information in the 140 character space limits that this messaging format permits.

The draft CRTC regulations provide an alternative that is equally unworkable. They provide that:

If it is not practicable to include the information referred to in subsection (1) and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act in a commercial electronic message, that information may be provided by a link to a web page on the World Wide Web that is clearly and prominently set out and that can be accessed by a single click or another method of equivalent efficiency at no cost to the person to whom the message is sent.

The CRTC draft regulations would require individual Canadians, young and old, to do the following merely to reply to a request for a dental recommendation using SMS:

• Have or establish a web site.
• Publically post on the web site the individual’s PIPEDA protected personal information including physical and mailing address, telephone number and email address.
• Establish a mechanism to receive unsubscribe requests and disclose this on the individual’s web site.
• Include in the reply SMS message the dental recommendation and in the same 140 character space limit “clearly and prominently set out” the web link. Some links can be more than 140 characters. So this would force individuals to find link shortening tools that work on the person’s mobile phone and to copy the results into the SMS message. Even then, it is hard to see how the recommendation and the links could be included in only 140 characters.
• Find a way to make the individual’s web site accessible in a single click from the SMS message. (On my phone it takes at least two clicks. One to select the link, the other to engage it.)

Consider next if the request for the recommendation for the dental surgeon had been received via an instant message from a BBM user. Again, it would likely be impossible for the average Canadian to respond to the message via BBM. Since it would not be practical to include all of the identification and unsubscribe information in a BBM message, individual Canadians would need to do the same things as a person replying using SMS. This is as unworkable for BBM and other IM messaging systems as it is for SMS messaging.

CASL is touted as being technologically neutral. But only part of it is. A CEM is defined, essentially, to include email, IM, telephone and similar messaging systems. However, the message form, prescribed requirements, and unsubscribe mechanisms are firmly rooted in a PC based email architecture, with work around add-ons that permit, without necessarily enabling, compliance using another specific technology – the web.  This asymmetrical approach to technological neutrality makes it a problem today – even before CASL is proclaimed into force. One can well imagine that as the technologies of communication evolve, CASL will increasingly hinder the innovation and deployment of new technologies and business models in Canada. This will undoubtedly disadvantage Canadians, who alone will be subject to laws as stringent and prescriptive as CASL.

It is obvious that the strictures of CASL are not limited to requests for dental surgeons. They would apply to requests that ordinary Canadians routinely get. They would apply ubiquitously to recommendations for any product or service including recommendations for doctors, lawyers and other professionals, restaurants, financial planners, stockbrokers, bankers, real estate agents, car dealers, bakers, plumbers, electricians and other contractors, retail stores, movers, babysitters, school tutors, and so forth – you name it. They would also apply to prevent individuals whose business life blood relies on third party recommendations from reaching out electronically to prospective new clients. For example, a real estate agent could not email a friend of a satisfied customer for a potential listing at the suggestion of the customer. Nor could a stockbroker make a “cold email call” to a friend of a customer at the suggestion of the customer.

It is also obvious that CASL could apply also to a myriad of other situations in which email or other electronic means are used in relation to a commercial activity. For example it could apply to a kid trying to buy or sell a baseball or hockey card; a student trying to buy or sell high school, college or university used textbooks; a mother trying to hire a new babysitter; or a kid soliciting a parent of a friend to shovel snow or mow a lawn for some extra cash. It goes on and on – you can only imagine.

CASL also makes it illegal for anyone to “aid, induce, procure or cause to be procured” breaching the anti-spam and its other provisions. Accordingly, it would also be illegal for a parent to help his or her child buy or sell the baseball or hockey card or the school textbooks or to solicit customers for snow shoveling by electronic means. Conceivably, providing access to a home computer with permission to use it for these purposes could be enough to create liability.

CASL and its strictures could apply to an unlimited and unpredictable set of activities engaged in by individuals, professionals, and large and small businesses including start-up businesses. Yet, its list of exceptions is narrow and can only change through a slow reactive regulatory process. Meanwhile, kids selling baseball cards or trying to make some needed money cutting grass, students trying to buy a used textbook to save money, mothers trying to hire babysitters for a needed night out, and others would have to set up websites, establish unsubscribe mechanisms and publically disclose their personal information on the web to try and comply with CASL just to do those basic things.

While on vacation I also thought about the occasional emails I get from my local cottage street association asking for a financial donation to help fund issues of importance to our neighborhood (my cottage is close to the riding of Minister Clement, who was originally the Minister responsible for CASL). Sending these emails will become illegal under CASL. No one has expressly consented to receiving them. But, it is implied, or at least inferred, by most everyone that such emails are wanted. In some cases the individuals receiving the emails would have “personal relationships” (as defined in the draft Industry Canada regulations) with the street volunteer who sends out the emails. In some cases they would not. None of the other exceptions in CASL would apply to dispense with obtaining express consents to send out the  emails. The local street volunteer is also unlikely to want to disclose his or her PIPEDA protected personal information merely to send emails to members of the street “association”. The street volunteer is also unlikely to be able to comply with CASL’s formality requirements which include having a web address and a formal unsubscribe mechanism.  (So will many unregistered charities which will also be very significantly impacted by the restrictions in CASL.) So, when CASL comes into force, the street volunteer will either likely continue as before illegally, or stop because CASL stifles using electronic means of communication.

The volunteer may need think long and hard before violating CASL, however, because the penalties for violation can be severe. Every person who contravenes any of anti-spam provisions can be liable for a fine (an administrative monetary penalty or AMP). The maximum penalty per violation is a $1,000,000 in the case of an individual, and $10,000,000 in the case of any other person. A person who merely aids in the violation – for example, the parent who helps a child get a snow shoveling job – can be liable for a fine of up to the same $1 million dollar maximum per violation. CASL also subjects individuals to damages and penalties under the private right of action provisions. The penalties can reach a maximum of $200 for each contravention not to exceed $1,000,000 for each day on which it occurred.

It is highly unlikely that the CRTC would seek the maximum penalties against individuals for some of the activities described here, assuming it even decided to prosecute individuals for some of these kinds of transgressions. However, individuals who know about these potential fines – such as the dentist who is asked for a recommendation or the street volunteer- might well decide that the risks associated with CASL to them outweigh the socially beneficial activities they were inclined to engage in.

It is ironic that under the Bill-C-11 (The Copyright Modernization Act) , the Government plans to lower the current cap on statutory damages from a maximum of $20,000 for each work infringed in the proceeding to a maximum $5,000 for all works infringed where the infringement is for a non-commercial purpose. Yet, when it comes to CEMs, CASL would make individuals liable for up to $1 million dollars per violation.

It is hard to imagine that Parliament could have intended to make electronic communications responding to requests for recommendations for needed information illegal. Nor is it conceivable that Parliament intended to make it illegal for local neighborhood associations to communicate electronically. Nor is it likely that many of the other problems described here could have been intended by Parliament. I very much doubt, for example, that Parliament intended to make kids buying or selling baseball cards or mothers trying to hire babysitters, or people trying to help them with these things, worry about CASL. But, CASL potentially affects everyone.

My colleague Lorne Salzman and I have pointed out elsewhere, that CASL will have many more unintended consequences including:

1)      FISA will impede start-up businesses from launching in Canada.

2)      FISA will impede Canadian businesses from developing new marketing models over the Internet.

3)      FISA will deter suppliers of service providers, including outsourcing and cloud service providers, from operating with or maintaining facilities in Canada.

4)      FISA will deter foreign businesses from offering their products to Canadians via the Internet, mobile and other communications networks.

5)      FISA will impose costs and restrictions on Canadian businesses that their competitors outside Canada will not have to bear.

6)      FISA contains very strong incentives for Canadian businesses to confess wrong-doing, even in cases of questionable or trivial conduct, thereby tarnishing the reputation of legitimate businesses in circumstances where the offending conduct is not significant.[6]

Numerous organizations filed detailed submissions with Industry Canada and the CRTC in response to the draft regulations. They pointed out a multitude of unintended consequences with CASL that would make doing business in Canada electronically difficult, expensive, and in some cases impossible. The submissions pointed out how CASL could stifle innovation and put Canada at a competitive disadvantage relative to our trading partners, none of which have taken such an onerous or prescriptive approach to regulating electronic commerce. A summary of the comments can be found here. The Government is currently reviewing these submissions to determine if changes to the regulations, or additional regulations, are required to address these problems.

The problems identified above can be somewhat alleviated by adding new exceptions to CASL by regulation. However, regulations which merely incrementally add more narrow exceptions to address newly identified problems will not solve the fundamental structural problem with CASL. CASL bans all commercial speech in the form of commercial electronic messages – whether wanted or unwanted – unless the specific class of the message falls into an identified exception, and unless its strictures are also met. This approach inevitably will ban some – probably a lot of – desirable and constitutionally protected speech. Incrementally creating new exemptions to address newly recognized impingements on commercial speech will not solve the structural problems with CASL. It would be playing wac-a-mole with basic freedoms of Canadians. (CASL takes the same “ban-all” approach to computer programs, making illegal the installation of any program –good or bad- without express consent and compliance with other requirements.)

The approach CASL takes to commercial speech is akin to trying to prevent crime by making it an offense for citizens to leave their homes except for purposes that are listed as exemptions in the Criminal Code or in regulations – regulations that incrementally grow in number as new non-criminal activities are identified. It would be easy to name obvious initially exempt purposes such as work, school, and sports. But, with the myriad of diverse human activities, an unforeseeable plethora of legitimate activities that individuals expect can be legally engaged in in a free and democratic society would be criminalized. For example, if going camping, bird watching, or attending the annual Santa Claus parade were not in the class of exempted activities, it would be illegal to do them until the Government enacts new regulations to exempt them. The same is true with CASL.

One of the greatest problems with CASL is that it will chill and make legitimate commercial speech illegal. It will undermine fundamental freedoms protected by the Charter of Rights and Freedoms. My colleague Lorne Salzman and I raised this issue previously. So did a number of entities who made submissions to Industry Canada and the CRTC on the draft regulations.[7]

Following the Supreme Court of Canada’s decision in the Reference re Securities Act, 2011 SCC 66 case, questions might also be asked about the Federal Parliament’s constitutional jurisdiction to enact major portions of CASL including the anti-spam, anti-spyware, and address harvesting provisions. It may be that CASL would do better than the proposed national security regulator proposal as it does not interfere with property and establishes rules to address threats to commerce. However, it does regulate matters of a contractual nature such as consents and disclosures related to contractual activities and has similarities to provincial consumer protection legislation.

In light of the very substantial questions about, and problems with, CASL, once its regulations are finalized, the Government should consider referring the constitutionality of CASL including its compliance with the Charter of Rights and Freedoms to the Supreme Court of Canada.

Of course, steps could be taken to fix CASL before it is proclaimed into force. These measures could also help CASL survive the inevitable Charter challenge once it becomes law. But, merely tinkering with CASL through the regulatory process will not be enough. And it certainly won’t help you if you need a dentist when out of town.

[2] See Wikipedia “Cousins” http://en.wikipedia.org/wiki/Cousin

[3] Individuals can give express consent under PIPEDA in several ways. For example:

(a) an application form may be used to seek consent, collect information, and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and the specified uses;

(b) a checkoff box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of this information to third parties;

[4] See, Collection and Debt Repayment Practices Regulation, Alta Reg 194/1999, (Fair Trading Act) Consolidated Regulations of Alberta; Regulation respecting the Taxation Act, RRQ, c I-3, r 1; Income Tax Regulations, CRC, c 945, (Income Tax Act) Consolidated Regulations of Canada

[5] See, Fixing CASL: comments on the draft CRTC and Industry Canada regulations; Electronic Commerce Protection Regulations – Much Work Remains; Rethinking FISA

[6] See, Fixing CASL: comments on the draft CRTC and Industry Canada regulations; Electronic Commerce Protection Regulations – Much Work Remains; Rethinking FISA

[7] Rethinking FISA

Most people would agree that unwanted commercial emails – commonly called spam – are awful. Spam wastes our time. It clogs our inboxes and can be full of scams, malware and fraudulent, false and misleading messages. So who wouldn’t have cheered when Canada finally decided to outlaw spam and related afflictions?

With the September 7 conclusion of the public comment period on the new anti-spam law, known as CASL (for Canada’s anti-spam law), Canada has taken a major step toward finalizing legislation designed to outlaw practices such as sending commercial electronic messages without recipients’ consent or using misleading information in the online promotion of products. Reason to celebrate, one would think.

But those who have studied the bill and its consequences more closely have concluded that there might not be as much to cheer about after all, with CASL potentially having a number of negative effects on the Canadian businesses and consumers it seeks to protect.

In its current guise, CASL will provide Canadians with the toughest anti-spam law in the world. Some of the restrictions that will be imposed by CASL include requirements related to messaging consents, message formalities, working with third parties, technical compliance and the updating of messaging systems.

However, while this may seem all well and good, its implementation could lead to potentially substantial costs for Canadian businesses because our anti-spam law will be much more onerous than similar legislation in any other country, including any other G20 country.

So what are the costs of CASL and the draft regulations as currently drafted? In addition to the dollar outlays that Canadian businesses will have to bear to comply with CASL, the new law will have a number of other unwelcome consequences.

These include impeding start-up businesses from launching in Canada. Start-ups do not have ready-to-use email lists and the new legislation will greatly hinder the ability to develop these from scratch or source them from a third party. Canada, which already suffers from insufficient entrepreneurial activity, should not be placing new hurdles in the way of budding entrepreneurs, but this is precisely what CASL will do.

There will also be issues for Canadian business looking to develop new Internet-based marketing models. CASL was designed to address email spam, and its requirements do not easily fit with social networks such as Twitter, referral marketing and other more modern vehicles for transmitting commercial electronic messages. Sadly, it appears CASL is already in danger of becoming antiquated thanks to social networking.

CASL will likely also discourage some server operators, including outsourcing and cloud service providers, from operating facilities in Canada. Any business that sends commercial electronic messages from a server in Canada will be caught by CASL, even where the recipient is outside the country. Accordingly, companies that wish to send messages to non-Canadians, but avoid restrictions, will want to do so from servers outside Canada. This cannot be a good thing.

CASL will deter some foreign businesses, notably social network companies, from offering their products to Canadians, as they may find it too onerous to comply with the new law. Canadian consumers will lose out while foreign competitors with less stringent anti-spam legislation will pick up the pieces.

Perhaps worst of all, it is also likely that some legitimate and even useful online communication will be prohibited due to the wide scope of the bill. This means CASL could be challenged as presenting an infringement of the protection of free expression in the Canadian Charter of Rights and Freedoms. If proven, CASL would be undermined, leading to inevitable amendments and further compliance costs for Canadian businesses.

Many of these shortcomings have been addressed in the public comments recently submitted to the Canadian Radio-television and Telecommunications Commission and Industry Canada. Unfortunately, it appears that CASL could succeed in partially stemming the deluge of spam, but at the same time create a series of much greater problems for Canadian businesses and consumers.

The CRTC and Industry Canada initiated the public consultation process by issuing the draft regulations in June and July 2011 respectively. Each organization published their own draft regulations as each has distinct regulation-making powers under CASL. The CRTC promptly published on its website all the comments that it received. Industry Canada indicated it will follow suit shortly. That said, most of the commentators submitted combined comments on the two sets of draft regulations, and thus the CRTC filings give a good picture of what has been submitted to Industry Canada as well.

Fifty-seven trade and public interest organizations, businesses, and individuals filed comments with the CRTC. Most of the commentators represented Canadian businesses, large and small. Many industry associations filed comments, including: Association of Canadian Advertisers (ACA), Association of International Automobile Manufactuers of Canada (AIAM), Canadian Bankers Association, Canadian Bar Association (CBA), Canadian Chamber of Commerce, (The Chamber), Canadian Federation of Independent Business (CFIB), Canadian Life and Health Insurance Association (CLHIA), Canadian Manufacturers & Exporters (CME), Canadian Marketing Association (CMA), Canadian Real Estate Association (CREA), Canadian Vehicle Manufacturers’ Association (CVMA), Canadian Wireless Telecommunications Association CWTA), Direct Sellers Association of Canada (DSAC),  Entertainment Software Association of Canada (ESAC), The Financial Advisors Association of Canada (FAAC), Information Technology Association of Canada (ITAC),  Insurance Bureau of Canada (IBC), Investment Industry Association of Canada (IIAC), Magazines Canada, Ontario Telecommunications Association (OTA), Retail Council of Canada (RCA), and The Investment Funds of Canada (IFC). A number of individual businesses also submitted comments, including: AVLA Audio-Video Licensing Agency Inc. (AVLA), Bell Canada, Johnson & Johnson Family of Companies in Canada (J&J), Microsoft Canada Inc. (Microsoft),  Primerica Financial Services, Re:Sound, Research In Motion Limited (RIM),  Rogers Communications Partnership (Rogers), Shaw Cablesystems G.P. (Shaw), Tbaytel, TELUS Communications Company (Telus),  and Wells Fargo & Company. Together these organizations represent hundreds of thousands of Canadian businesses.

Two consumer organizations filed comments: Public Interest Advocacy Centre/ Option consummateurs (PIAC) and Union des consummateurs.

Some individuals also filed comments. Among them, we personally filed detailed comments with the CRTC and Industry Canada. These comments followed on from an earlier paper that we published suggesting that CASL needed rethinking.

Canadian businesses all agreed with the goal of reducing unwanted CEMs, or “SPAM”, and malware, but most expressed concern that the proposed regulations contain significant problems that need to be addressed. In some cases, the problems are those of omission, namely failure to set out needed exemptions or needed clarifications. In other cases, the regulations impose requirements that are unworkable or unduly cumbersome and expensive to operate.

The purpose of this paper is to briefly describe and summarize the key positions parties submitted in their filings with the CRTC, with a particular focus on the concerns expressed by Canadian businesses and their representative associations. Distilled to the essence, their comments identify the following concerns:

1. Although all parties support the goal of reducing SPAM and malware, most considered that the draft regulations fail to address the overreach inherent in CASL. Consequently, CASL plus its regulations are a disproportionate response to the acknowledged problems of SPAM and malware.

2. Although many commentators had expected that the proposed regulations would target truly offensive conduct under CASL and, as well, clarify ambiguities, thereby enabling the law to better meet the Government’s objectives, this has not occurred. The proposed regulations fail to set out worthwhile classes of exempt conduct, and they impose extra compliance costs that many businesses found troubling.

3. Under CASL and the proposed regulations, some inoffensive communications will become illegal, an overreach that will invite challenges under the freedom of speech provisions of the Canadian Charter of Rights and Freedom, with unpredictable results.

4. The proposed regulations do not remedy the concerns that CASL will hinder the start up and growth of small business.

5. The proposed regulations do not look beyond CASL’s “email-focused” model and consequently they fail to fit well with other messaging systems. As a result, CASL is not technologically neutral in its regulatory approach.

6. The proposed regulations fail to address messaging systems where SPAM is not a problem, such as Common Short Code Messaging, Opt-in Instant Messaging and similar systems, and where the additional regulation would impose costs, be impractical or impossible to comply with.

7. The proposed regulations fail to address CASL’s territorial overreach, and the consequent risk to investment and innovation in cloud computing and outsourcing in Canada.

8. The proposed regulations fail to properly clarify what is included under the definition of a CEM, thereby subjecting non-CEMs to CASL’s unsubscribe and formality requirements.

9. The proposed regulations fail to recognize the value of other, reasonable, approaches to obtaining consent to send CEMs, such as under existing PIPEDA rules.

10.The proposed regulations fail to clear the confusion in CASL between holders of message accounts and recipients of messages.

11.The proposed regulations stipulate that requests for consent be in writing, a requirement that is both limiting and, in some cases, impractical.

12.Most commentators criticized as unworkable the CRTC’s proposed regulation which requires that each CEM and each request for consent to send a CEM include the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the sender and any other electronic address used by the sender.

13.The CRTC’s proposed regulation requiring that each request for consent include a statement that a consent can be withdrawn using any of the mandatory contact information is contrary to CASL and is unworkable. It would require organizations to monitor physical and mailing addresses, a telephone number, an email address and a web address and any other electronic address used by those persons.

14.The CRTC’s proposed regulation is unworkable where it requires that request for consent must be sought separately for each act described in sections 6 to 8 of CASL.

15.The CRTC’s proposed regulation permitting prescribed information to be made available on the web is not a practical or technologically neutral solution to the disclosure requirement problems created by CASL and the proposed regulations.

16.The proposed regulations fail to accommodate a business that does not maintain a web site from receiving unsubscribe requests. Further, the CRTC’s proposed regulation requiring the unsubscribe mechanism be performed in no more than two clicks is not technologically neutral or workable in many circumstances.

17.The heightened consent requirements in Section 5 of the draft CRTC regulations for computer programs that perform one of the functions listed in Section 10(5) is unworkable. It is impractical to require that such consents be in writing or to require the ser provide an acknowledgement. Further, there are many circumstances in which meeting these requirements would be either technically or commercially unfeasible.

18.Certain of the CRTC’s proposed regulations may be beyond the CRTC’s authority under CASL.

In the following, we expand on the concerns with the proposed regulations that have been identified by Canadian businesses and their representatives.

1. Although all parties support the goal of reducing SPAM and malware, most considered that the draft regulations fail to address the overreach inherent in CASL. Consequently, CASL plus its regulations are a disproportionate response to the acknowledged problems of SPAM and malware.

Although commentators agreed that containing the flood of SPAM and malware is desirable, CASL and the proposed regulations will impose costs and inefficiencies on Canadians that exceed the benefits. These costs and inefficiencies are significant. They are not just the substantial compliance costs that Canadian businesses must bear.  They extend to impeding the use of electronic means of communicating, putting Canadian businesses at competitive disadvantages to their foreign competitors, retarding the growth of small and start-up businesses, and potentially limiting the use by Canadian businesses of modern messaging platforms.

A key source of the problem is the design of CASL. Its approach is to forbid practically all commercial electronic messages, and then prescribe certain exemptions in both the law and the regulations. Thus, rather than targeting truly offensive conduct in the first place, the law and proposed regulations are based on the sweeping proposition that, in effect, nothing is permitted except that which is specifically allowed.  CASL takes the same prohibitory approach to regulating the installation of computer programs on computers, mobile phones, tablets and other devices.

The Chamber, which represents over 192,000 Canadian businesses, had this to say:

“The Act and proposed Regulations do not adequately balance the objective of preventing unwanted, or harmful behaviour with the objectives of ensuring that perfectly legitimate acts are not made illegal, and preserving the vitality of the Internet for electronic commerce. Furthermore, they introduce conflicting or unnecessary regulatory regimes that needlessly impose significant costs on legitimate business.”

”The overly broad language in both the Act and the proposed regulations could circumscribe legitimate business-to-business activities and inadvertently impact businesses ability to deliver products and services to consumers.”

“The over-broad scope of the Act and proposed Regulations, the lack of exceptions for socially valuable activities, unwieldy consent requirements, administrative monetary penalties and statutory damage provisions that have little relation to actual harm suffered may collectively have the opposite effect: rather than promoting Canada’s digital economy, the Act and proposed Regulations may actually create significant impediments to electronic commerce and the development of the digital sector.”

The Canadian Federation of Independent Business (CFIB) which represents over 108,000 small business owners from coast-to-coast commented as follows:

“This new level of regulation and oversight on industry seems contrary to the government’s stated objectives to encourage entrepreneurial growth and reduce the regulatory burden”, based on their announcements earlier this year designating 2011 the Year of the Entrepreneur, and the creation of the Red Tape Reduction Commission to tackle red tape”.

The Canadian Wireless Telecommunications Association (CWTA) is the authority on wireless issues, developments and trends in Canada.  It represents cellular, PCS, messaging, mobile radio, fixed wireless and mobile satellite carriers as well as companies that develop and produce products and services for the industry. It had this to say:

“The Act and the proposed Regulations are highly prescriptive and create a high degree of regulation for legitimate commercial messages.  This will result in significant compliance costs for businesses that communicate with their customers electronically”.

“No one wants to permit true spammers to continue operating unfettered, but it would be antithetical if the result of the Regulations were to dampen bona fide electronic business activities”.

The Entertainment Software Association of Canada (ESAC) represents Canada’s leading interactive entertainment software publishers and distributors, which collectively accounted for more than 90 per cent of the $2 billion in entertainment software and hardware sales in Canada in 2009. It stated as follows:

“We are deeply concerned that the extremely broad application of the Act to all forms of electronic messaging and software, the often onerous and inflexible requirements and the potential for massive, multi-million dollar liability for inconsequential breaches, will have a negative impact on the growth of electronic commerce in Canada that outweighs the benefits.”

2. Although many commentators had expected that the proposed regulations would target truly offensive conduct under CASL and, as well, clarify ambiguities, thereby enabling the law to better meet the Government’s objectives, this has not occurred. The proposed regulations fail to set out worthwhile classes of exempt conduct, and they impose extra compliance costs that many businesses found troubling.

In introducing CASL at second reading, Minister Clement stated that CASL’s purpose “is not to limit legitimate online business. It is to promote electronic commerce by increasing confidence in the use of the Internet to carry out business transactions”. CASL was passed to “deter the most damaging and deceptive forms of SPAM from occurring in Canada and help drive spammers out of Canada”[3] and to encourage the use of electronic means to carry of commercial activities.[4] These goals were intended to be accomplished without negatively impacting legitimate businesses that use electronic means to market their products and services to Canadians.[5]

With appropriate regulations, CASL could go a long distance to achieving its goal of deterring the most damaging and deceptive forms of SPAM and help drive spammers out of Canada. However, virtually all business commentators contended that the proposed regulations miss the mark. They do not address the issue of overreach by establishing categories of exempt conduct. Moreover, the proposed regulations add to the difficulty and cost of compliance with CASL.

The costs and inefficiencies are significant. They are not just the substantial compliance costs that Canadian businesses must bear.  They extend to impeding the use of electronic means of communicating, putting Canadian businesses at competitive disadvantages to their foreign competitors, retarding the growth of small and start-up businesses, and potentially limiting the innovation and use by Canadian businesses of modern messaging platforms.

The Canadian Marketing Association (CMA) is the national voice for Canada’s marketing community. It stated the following about the regulations:

“The proposed rules, as well as those published by Industry Canada, are problematic, cumbersome and ultimately serve to negatively impact legitimate marketing practices in Canada with consequent negative economic impact.”

The Canadian Bankers Association represents over 50 banks and lending institutions in Canada. The association was critical of the proposed regulations, stating as follows:

“The stated goal of the CRTC Draft Regulations is to clarify the required content and form of commercial electronic messages (“CEM”) and the request for consent under the Act. It is disappointing, however, and a cause for concern, that the CRTC Draft Regulations do not address some of the operational challenges created by the requirements of the Act”.

“Several additional requirements and a number of undefined terms have been introduced in the CRTC Draft Regulations that we believe are problematic for business, exceed best marketing practices, do little to protect customers from SPAM or malicious software and, therefore, should be reconsidered”.

“Our members anticipate significant planning and resource implications with respect to the implementation of the Anti-SPAM Act and the related Regulations (particularly with respect to technology systems and processes).”

Commentators strongly proposed that Industry Canada use the broad regulatory powers conferred on the Governor in Council by Section 64(1) to fix CASL to enable it to a achieve its objectives. The Chamber stated as follows:

“Several of the most problematic and unwieldy requirements imposed by the Act can be addressed by the introduction of judicious regulation that provides ‘greater flexibility and exempts legitimate forms of electronic communications.”

“The more details that the CRTC can provide, through regulations or interpretation guidelines, and the more flexibility that is added to the regime, the less the impact on legitimate businesses and the smoother the transition to the new regime will be, especially for small businesses across Canada.”

“Using the regulations to achieve a reasonable balance of costs and benefits will be critical if unintended impacts, such as deterring suppliers of services, impeding businesses from developing new marketing strategies involving electronic communications and creating material costs and restrictions on enterprises carrying on business in Canada, are to be avoided.”

3. Under CASL and the proposed regulations, some inoffensive communications will become illegal, an overreach that will invite challenges under the freedom of speech provisions of the Canadian Charter of Rights and Freedom, with unpredictable results.

CASL prescriptive approach to regulating commercial speech will see the banning of all commercial electronic messages unless they are sent with express consent, or a consent which falls into an exclusive list of exceptions for which consent is deemed to be implied or not to be required and unless they comply with onerous, and sometimes impossible to meet, form, disclosure, and unsubscribe requirements. This wide regulatory sweep is bound to impinge on legitimate and beneficial commercial speech  thereby raising concerns as to compliance with the Canadian Charter of Rights and Freedoms.

RIM, one of Canada’s leading telecommunications companies, articulated this concern as follows in a brief that thoroughly commented on the proposed regulations:

“RIM notes that CASL’s approach to SPAM is to broadly prohibit the sending of all CEMs unless the messages are sent with express consent or fall into an excluded category.  It does not prohibit just the sending of only unwanted, false, fraudulent, misleading or otherwise harmful messages. Its “ban all unless allowed” structure guarantees that some legitimate and useful commercial speech will be become illegal. This restriction on legitimate CEMs, ultimately when challenged, will have to pass the scrutiny of the Canadian Charter of Rights and Freedoms. The limits on commercial speech imposed by CASL must be reasonable and justified, with minimal impairment of the free speech right and with the limits on free speech being in proportion to the harm that is being targeted.”

“In order to be consistent with the Charter and the intent of Parliament, the government must take steps in the regulations to ensure that legitimate online commercial activities are not unnecessarily hindered by CASL, while at the same time curtailing real and harmful SPAM. Unchanged, CASL will not achieve, and would undermine, some of its most important objectives.”

4. The proposed regulations do not remedy the concerns that CASL will hinder the start up and growth of small business.

Under CASL, it will be illegal to send a commercial electronic message unless the individual or business sending the message establishes and maintains a web site to receive unsubscribe requests.^[6] Under the proposed CRTC regulations, the individual or business would have to have a physical and mailing address, a telephone number, an email address and a web address if it wants to obtain consents to send out CEMs or to send out a CEM. Not every individual or small business can meet these requirements.

Unlike established companies, start-up companies also do not have a ready list of electronic contacts they can approach to market their products and services.  Rather, they have to develop electronic lists from a variety of sources and use them to launch their products. Although few would find these activities offensive, they will all be potentially problematic under CASL.  Rather than using electronic communications, business start-ups will be forced to send their messages using the post or other more expensive and less convenient and efficient mechanisms, or limit the persons to whom they can send messages to the limited exception that permits use of conspicuously published e-mail addresses.

CFIB expressed its concern as to the impact of CASL and the proposed regulations on small businesses as follows:

“The proposed regulatory regime “may make it more difficult for smaller businesses to start up and grow and may even hinder some small-and medium-sized enterprise (SME) members from providing better and more customized products for their clients”.

“The Draft Regulations propose that all communications must contain the following: the names of every party involved, physical and mailing address, a telephone number, an email address and a web address.

The assumption is that every single business in Canada has a website, however only about half of small businesses have a website yet two-thirds use the web as part of their business.

Newer businesses trying to increase their customer base and garner revenue might not be able to initially spend money on a new website, but this requirement will force them to take time and money away from their priorities to comply with the rules”.

The Canadian Real Estate Association (CREA) is one of Canada’s largest single-industry trade associations, representing more than 100,000 real estate Brokers/agents and salespeople working through more than 100 real estate Boards and Associations. It stated the following:

“The Draft Regulations raise compliance to impractical levels for small businesses and their clients, and they go beyond the scope and jurisdiction provided by the government to the CRTC.”

“The CRTC regulations are “putting up unreasonable barriers to legitimate commerce and eliminating legitimate business tools and communications practices for small business.   As a result, small business will be impeded and opportunities will be lost.””

“The requirement for senders of requests for consent and CEMs to include a web address effectively excludes persons unless they have a website.”

“Not all businesses that use email have websites – particularly small businesses – and to require a website is unnecessary, unfair, and costly.   In addition, consumers wishing to seek consent on behalf of another person would be prevented from doing so unless they had a web address.’

5. The proposed regulations do not look beyond CASL’s “email-focused” model and consequently they fail to fit well with other messaging systems. As a result, CASL is not technologically neutral in its regulatory approach.

Although CASL is supposed to be technologically neutral, applying broadly to all electronic means of sending electronic messages, the CASL regulatory regime is modelled on regulating electronic messages that are sent as emails. This focus on emails means that other forms of electronic messaging, such as instant messaging and those through social networks, do not easily fit within the CASL framework. As a result, Canadian businesses that wish to exploit new and developing alternative electronic messaging systems will be impeded by CASL.

The CMA noted this problem as follows:

“In addition, there seems to be an underlying assumption that email communication is the sole or primary form of electronic communication covered by the Anti-SPAM Act.

Notwithstanding the additional detail included in the CRTC Draft Regulations, we believe they fall short of properly accommodating other forms of electronic communication (e.g. SMS communications, instant messaging, text messaging).

Digital communications continue to evolve.  To be relevant, the statutory framework needs to “fit” with new and emerging digital constructs including SMS messages and social media based communications, and be flexible enough to accommodate future technologies.

The technologically specific regulatory requirements of CASL are also discussed below.

6. The proposed regulations fail to address messaging systems where SPAM is not a problem, such as Common Short Code Messaging, Opt-in Instant Messaging and similar systems, and where the additional regulation would impose costs, be impractical or impossible to comply with.

The CASL regulatory regime is modelled on regulating electronic messages that are sent as emails. This focus on emails means that other forms of electronic messaging, such as those sent using opt-in messaging systems like RIM’s BBM, other social networks, and short form messaging systems like Short Code Messages social networks, do not easily fit within the CASL framework. Users who use opt-in messaging networks will face risks of offending CASL, and operators could face risks of aiding conduct that is contrary to CASL.

Social networks often operate under rules enforced by contract and by an administration that monitors and enforces compliance. As such, there are mechanisms in place to control unwanted commercial electronic messages. Where such protections are in place, CASL’s requirements are not needed, and can be counter-productive.  Faced with the risks of offending CASL, Canadian businesses will be wary of developing (or continuing to offer) innovative business models or implementing similar models that are legal in other countries such as the United States.

Numerous commentators asked for new classes of exceptions for these messaging systems. The CWTA stated the following on this point:

“The Act, and therefore the Regulations have been framed on the basis that every Commercial Electronic Message will be an email.  For CWTA’s membership, this drafting bias causes a considerable challenge for compliance.”

“Compliances with the form requirements in the Act in the context of CSC messages could be exceedingly challenging in light of the severe constraints on message size (typically 136 or 140 characters )”.

Telus which filed a very comprehensive brief to both sets of regulations, for example, stated the following:

“By imposing an additional layer of regulation on top of existing governance regimes, CASL threatens to reduce the utility of certain modem messaging platforms, without having a material impact on the volume of SPAM experienced on those platforms (which is typically none).  These platforms, such as BlackBerry Messenger (BBM) and Common Short Code (CSC) SMS text messaging, are inherently opt-in environments with existing anti-abuse rules and tools that empower users to protect themselves from unwanted messages (in the unlikely event that they should receive any).”

“Application of CASL in these circumstances [where Canadians are already protected by other regimes, such as through contractual arrangements] would add an unnecessary and inefficient layer of regulation that would have little to no effect on actual SPAM or malware, and, to the contrary, could actually reduce the utility (and/or increase the cost) of electronic messaging and software installation for legitimate purposes.”

RIM made the following submission on this point:

“Some messaging platforms are “closed” such that users can only receive messages from others in an opt-in contact list.  For example, BlackBerry Messenger (BBM) is a strictly opt-in system. That is, users specifically invite contacts, or accept requests from contacts, before any messages can be sent between them.  As these messaging systems will not allow messages from senders that the user has not pre-approved, these types of “closed” platforms should be exempted from the requirements of CASL.

“RIM recommends such an exemption for at least three reasons.  First, the user has already consented to receiving messages.  Second, the user has the ability to “unsubscribe” using system tools.  Third, users would find it a burden and unnecessary to comply with the consent, form, disclosure and unsubscribe requirements, especially given the short message format and the informality associated with this type of messaging system.  Section 2(2) of the CRTC Regulations does not provide a practical solution to complying with the form requirements of Section 6(2) of CASL over social networks such as BBM.  We also note that there is no equivalent to Section 2(2) of the CRTC Regulations in Section 4 of the CRTC Regulations to help address obtaining consents under Section 10(1) or 10(3) of CASL in similar circumstances.”

7. The proposed regulations fail to address CASL’s territorial overreach, and the consequent risk to investment and innovation in cloud computing and outsourcing in Canada.

CASL applies to commercial electronic messages that are sent from computer systems in Canada to recipients outside of Canada.  As such CASL imposes the Canadian standards of disclosure, consent and unsubscribe on non-Canadians. This will inevitably discourage the use of Canadian facilities for activities that are perfectly lawful in other countries.

The problem is particularly troubling where companies rely on cloud computing. Under cloud computing, a company can use a variety of servers in a variety of locations to perform computing work, including the sending of messages.  The location of the server sending particular messages may vary, depending on demand and other factors. Under CASL, however, cloud computing activities that are undertaken in Canada must comply with the CASL requirements, even where the recipients of the messages are located outside Canada. Faced with this regulatory imposition, companies will be discouraged from operating in Canada.  As such, those computer activities, and the jobs and other economic spin-offs that result, will be lost to Canada.

The Information Technology Association of Canada (ITAC) is the voice of the Canadian information and communications technologies (ICT) industry. Its member companies account for more than 70 per cent of the 572,000 jobs, $140.5 billion in revenue, $6.0 billion in R&D investment, $31.4 billion in exports and $11.4 billion in capital expenditures that the ICT industry contributes annually to the Canadian economy.  ITAC is a prominent advocate for the expansion of Canada’s innovative capacity and for stronger productivity across all sectors through the strategic use of technology. ITAC had the following to say about this problem.

“Given that section 6 of CASL will apply when a computer system located in Canada is used to send or access a CEM, CASL will impact a range of business decisions that could have unintended negative effects on the competitiveness of a wide range of Canadian technology companies.  At least three scenarios can be contemplated.

First, Canadian multi-national companies sending messages to non-Canadian customers are incented to use vendors located outside Canada to send those messages, because otherwise the messages will have to comply with CASL.  This would result in service jobs leaving the country.  ITAC understands that some Canadian organisations that are already contemplating moving their foreign market-related messaging operations outside Canada.

Second, foreign companies deciding where to locate server farms and other facilities related to cloud computing that could be used to send messages or provide services on behalf of vendors located anywhere in the world, to customers located anywhere in the world, may choose against Canada because of the extra cost of complying with CASL.  That would have significant unintended negative consequences for the growth of cloud computing in Canada.

Third, Canadian providers of outsourced services to non-Canadian businesses will be at a major disadvantage compared to competitors in other countries.  By selecting foreign service providers, the foreign entities can avoid the costs and complications of complying with CASL.”

8. The proposed regulations fail to properly clarify what is included under the definition of a CEM, thereby subjecting non-CEMs to CASL’s unsubscribe and formality requirements.

Many organizations expressed concerns that CASL deems service, transactional, informational and other messages to be CEMs, even when they do not by any reasonable interpretation encourage participation in a commercial activity.  This expansion of CASL is due to paragraph 6(6) of CASL which describes a range of messages which it exempts from the consent requirements without also exempting them from CASL’s unsubscribe and formality requirements. The problem is that these messaging types would, in many cases, not be considered CEMS in the first place, but the wording of section 6(6) appears to deem them to be so. Not only does this confuse what is or is not a CEM, but message recipients will be enabled to unsubscribe from receiving non-CEMs, a requirement that would create considerable operational problems for organizations wanting to do business electronically including those that have contracted with their customers to do business that way. Organizations will need to develop and operate, at additional cost and expense, non-electronic ways of communicating with third parties.  In some cases, it could even make it illegal for organizations to deliver messages electronically, even though they are required to do so under other legislation.

The CMA stated the following in this regard:

“A fundamental issue with CASL is that of its scope.  The definition of commercial electronic message (CEM) is sufficiently wide that it is conceivable to argue that any and all electronic communication is commercial in nature.  This thereby imposes strict, and costly if not followed correctly, rules on the delivery of all electronic messages. CASL further confuses the issue by clearly defining CEM In Section 1(2), exempting certain messaging from consent requirements In Section 6(6), but still requiring that they meet the unsubscribe requirements laid out in Section 11(1).”

The Canadian Bankers Association addressed this point as follows:

“We note that, while the categories of messages listed in subsections 6 (6) (a) through (f) are exempt from the consent requirements in subsection 6 (1) (a), it seems that some non-marketing messages may still be subject to the form and content requirements listed in subsection 6 (2) of the Anti-SPAM Act and further detailed in the CRTC Draft Regulations.”

“We believe that this is a serious problem with the Anti-SPAM Act, and one which we had hoped would be addressed through the Regulations.  We are concerned, in particular, that subsection 6(6) of the Anti-SPAM Act implies that customers have the ability to opt-out of receiving essential service messages (e.g. messages that confirm transactions, or that provide warranty, product recall, safety or security information). We do not believe this was the intent of the legislation”.

“Under a variety of legislation, including the Bank Act, and provincial securities legislation, financial institutions are largely required to send specific information to their customers and these types of messages, if sent electronically, should not be regarded as CEMs covered by the Act”.

Telus, which along with the Canadian Bankers Association dealt with this issue in depth, added a further concern as follows:

“There may be circumstances in which a business might be mandated by law to send certain information or a certain type of message to its customers and/or the public.  This might have to do with public safety, consumer protection, or some other form of regulation.  As it stands now, given that section 6(6) deems a wide range of messages to be CEMs, there is a risk that compliance with a legal regime that mandates the sending of certain messages which the CRTC might consider to be CEMs would put the sender in violation of CASL.”

9. The proposed regulations fail to recognize the value of other, reasonable, approaches to obtaining consent to send CEMs, such as under existing PIPEDA rules.

Many companies have previously determined that they had consent to send commercial electronic messages, either because express consent had been given or because it was a reasonable expectation of the recipients. Indeed, making such determinations would have been part of their compliance with PIPEDA.^[7] These companies now face the need to check that the names on their list of consenting recipients all either comply with the express consent requirements of CASL, or fit under one of the few implied consent categories. This can be a daunting and expensive task, given that these lists were assembled over time and they may be quite extensive. Many commentators questioned the obligation to comply on an ongoing basis with two overlapping regulatory regimes with the attendant expense of doing so.

The CMA made the following submission on this point:

“As a result of potential contradictions with existing privacy law, the new regime may disqualify entire databases of personal contact data obtained using responsible consent processes which meet, and in some cases exceed, the requirements of the Personal Information and Protection of Electronic Documents Act (PIPEDA).  The failure to grandfather existing databases that meet the requirements of PIPEDA will not reduce the amount of SPAM messages Canadians receive, but will in turn create a massive financial burden on Canadian organizations.”

The ESAC stated the following:

“The exception for implied consent in the Act is quite narrow and specific, and in light of the diversity and rapidly changing nature of business communications there is a very significant risk that a CEM could violate the provision and subject the sender to considerable liability even if consent could reasonably be inferred from the circumstances simply because it did not happen to fall within the narrow definition of “existing business relationship”.  Furthermore, this inflexible approach is not only inconsistent with the approach adopted in other jurisdictions, where implied consent can generally be inferred from the conduct, the nature of the business, and the other relationships of the intended recipients without limiting it to prescribed circumstances/ but also with the Personal Information Protection and Electronic Documents Act (PIPEDA), which deems that consent can be implied where consent may reasonably be inferred from the action or inaction of the individual.”  This creates a significant inconsistency between federal legal regimes intended to govern relationships with end users.  Recognizing implied consents that would be valid under PIPED would resolve this issue and further render the implied consent regime under the Act consistent with PIPEDA and other jurisdictions.”

Some commentators are concerned that the closed categories of implied consents are too narrow and would impede legitimate, recognized and desirable ways of doing business. For example, Re:Sound, a copyright collective that represents performers and makers of sound recordings, noted that the definition of the term “existing business relationship” does not include organizations that collectively license copyright materials under tariffs certified by the Copyright Board. Canada’s copyright collectives which administer rights on behalf of hundreds of thousands of Canadian artists, composers, performers or other rights holders would not be able to use many of the publically available materials PIPEDA excludes from its consent requirements because these exclusions are not carried forward into CASL.

Other commentators noted the failure by the proposed regulations to exempt referral relationships which are the life blood of many business and professional opportunities.

CREA noted this omission saying the following:

“Canada’s anti SPAM legislation already places an onerous burden on a person making a referral to act as an intermediary beyond the initial referral, requiring them to obtain consent on behalf of the professional.  However, when combined the requirement for consent to be in writing, as set out in the draft CRTC regulations, the regime places an “unreasonable and impractical responsibility on the intermediary and adds insurmountable barriers to the referral process”.

“In practice, it is highly unlikely that a client would be willing to seek consent from the person they are referring once they become aware of their obligations to provide the information proposed in the CRTC Regulations, including: the need for the intermediary to identify in writing the professional’s name, business name, mailing address, telephone number, web address and all electronic addresses belonging to the professional”.

The CFIB made a similar criticism of the lack of an exception for referrals:

“The requirement to have any referral in writing could cause a small business to choose between non-compliance and a much more difficult, and time-consuming process, thereby putting small-and medium-sized enterprises in a difficult position and making them less competitive.”

“The process as described in the proposed regulations is not realistic for today’s rapidly changing business.”

10.The proposed regulations fail to clear the confusion in CASL between holders of message accounts and recipients of messages.

CASL prohibits sending CEMs unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.[8] CASL states that “a reference to the person to whom an electronic message is sent means the holder of the account associated with the electronic address to which the message is sent, as well as any person who it is reasonable to believe is or might be authorized by the account holder to use the electronic address.”[9]

CASL imposes an unworkable burden in determining who must consent to receiving a CEM in circumstances in which the holder of an account is different from the person to whom the message is sent.  For example, in business to business communications in which organizations operate, or outsource the operation of, accounts, consents could conceivably be required both from someone in authority in a business as well as the intended recipient.

This double requirement poses additional challenges in considering whether a person has an implied consent to send a CEM. The existing and non-business relationship exception, for example, requires the person who sends the message to have an existing business relationship or an existing non-business relationship with the person to whom it is sent.[10] This could potentially require existing relationships with both the organization and employees of the organization. This double standard is unlikely to be made out in most cases, unless an inference can be made that a transaction such as a sale to an organization is sale to its employees.

A similar problem exists with respect to the “conspicuously published” exemption.[11] It cannot necessarily be assumed that a conspicuously published electronic address has been published by both the account holder and the person whose electronic address is published.

11.The proposed regulations stipulate that requests for consent be in writing, a requirement that is both limiting and, in some cases, impractical.

Section 4 of the CRTC proposed regulations requires that a request for consent be in writing, a requirement that many commentators considered to be unworkable for many organizations and frustrating for consumers.

The CWTA stated the following:

“The requirement that all requests for consent must be in writing is an onerous obligation for legitimate marketers with questionable additional benefit to consumers.  The requirement is also inconsistent with requirements for express consent in other contexts.”

“In Telecom Decision CRTC 2003-33, the Commission found it appropriate to permit Canadian carriers to use other forms of express consent as alternatives to written consent.  The Privacy Commissioner of Canada does not prescribe a method of obtaining express consent required under the Personal Information Protection and Electronic Documents Act (PIPEDA).  In fact, guidance documents from the Office of the Privacy Commission clearly state that consent can be obtained in person, by phone, by mail, via the Internet, etc, provided the person seeking consent considers the reasonable expectations of the individual and the circumstances surrounding the consent”.

CREA stated the following:

“The regulations, when combined with the general prohibition from the Act against obtaining consent by email in situations where the sender does not have implied consent, results in a prohibition against obtaining consent orally.  This result, combined with the reality that professionals often use electronic messages to follow up with consumers on earlier telephone or in-person discussions, create restrictions that do not reflect the realities of business communication.”

These restrictions would require professionals to write a letter or have consumers sign a document in person to obtain consent.  “This will slow the speed of business and result in lost opportunities while the professional waits for a response in order to send an electronic message”.

HB Global Advisors Corp explained the impracticality of the “in writing” standard for consents as follows:

“In our view, the writing requirement will effectively preclude organizations from obtaining express consent for the sending of Commercial Electronic Messages (“CEMs”) in person or over the phone.  By way of example, it is a common practice in the retail sector for express consents to be obtained verbally at points of sale, at customer service desks or on the phone through customer service agents.  Once the regulations come into force, retailers and other organizations will practically no longer be able to use these entirely legitimate means of obtaining express consent of consumers, thus adversely impacting both business and consumers.  Valid express consent can be obtained orally under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and provincial private sector privacy legislation, under the CRTC Unsolicited Telecommunications Rules and at common law.  In our view, there is no policy rationale for imposing the burden of a writing requirement on organizations in the course of obtaining express consent.  Such a requirement, in and of itself, will not serve to advance the purposes of the Act in any re In our view, the requirements of Section 4 of the Draft Regulations are unnecessarily onerous and restrictive and will pose significant challenges for organizations seeking to obtain express consent in compliance with the Act.”

12.Most commentators criticized as unworkable the CRTC’s proposed regulation which requires that each CEM and each request for consent to send a CEM include the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the sender and any other electronic address used by the sender.

Numerous commentators objected to the CRTC’s proposed regulation that requires each request for consent and each CEM to include “the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person seeking consent and, if different, the person on whose behalf consent is sought and any other electronic address used by those persons”.[12] Businesses considered that this inflexible approach requiring detailed contact information would be inconsistent with CASL, would impose additional costs for Canadian businesses and would cause confusion and frustration among consumers.

According to ITAC

“Meeting all of these requirements will be challenging for organisations, particularly when the message is being sent on behalf of multiple third parties (such as dealers, resellers, franchisees or affiliates).”

“Including each category of contact information is unnecessary, as section 6(2) of CASL already requires the disclosure of information that would enable the recipient of a message to “readily contact” the sender.”

“Including each category of contact information will discourage the use of electronic means to conduct business, as many internet companies do not maintain a mailing address and telephone number to receive written and oral communications from consumers, relying instead on electronic communications.

The ESAC said the following:

“The wide range of contact information that must be provided under subsection 2(1)(d) is impractical and excessive, and may not be applicable in some cases.  The subsection assumes that all businesses sending CEMs have both physical and mailing addresses, and telephone numbers with voice messaging, and email addresses, and web addresses where they may be contacted. While this will generally be true of large companies, many internet start-ups and independent game developers operate entirely online and do not have physical addresses or telephone numbers with voicemail. In order to comply with the Regulations, such legitimate e-commerce businesses will be required to establish all these forms of contact, including a formal address, which represents an unnecessary and burdensome cost to small early stage technology companies and game development studios.”

PIAC was one of the few commentators to approve of requiring several modes of contact, although it too questioned the need for the “any other electronic address” stipulation in Section 2(1)(d).

Numerous commentators were also critical of the requirement to provide “any other electronic address used by those persons. This requirement was viewed as excessive. ESAC noted that the “requirement to include all electronic addresses is excessive and will present a massive burden for all but the smallest companies.” CREA made a similar comment stating: “strictly interpreted, a sender could be required to list dozens of electronic addresses, which is clearly burdensome, unnecessary, and confusing to consumers.”

13.The CRTC’s proposed regulation requiring that each request for consent include a statement that a consent can be withdrawn using any of the mandatory contact information is contrary to CASL and is unworkable. It would require organizations to monitor physical and mailing addresses, a telephone number, an email address and a web address and any other electronic address used by those persons.

The Canadian Bankers Association described the problems with the proposed regulation as follows:

“Requiring the sender to include a list of “other electronic address[es]” is onerous and, in any case, will be of limited use to recipients of CEMs since most Canadian financial institutions operate thousands of electronic addresses, as the term is defined in the Act (e.g., individual e-mail and telephone accounts assigned to employees), and these addresses change frequently.

“Requiring the sender to continuously monitor every one of these electronic addresses and other Channels (e.g. mail. telephone, physical address) for withdrawals of consent for an extensive time period, would be extremely difficult, if not impossible, to implement operationally”.

RIM summarized the problems as follows:

“Subsection 4(e) requires the sender to include a statement telling recipients that they can withdraw consents using any of this contact information.  This regulation is also beyond the power of the Commission. As noted above, the unsubscribe mechanism is set out in subsection 11(1) of CASL.  The Commission does not have the power under that subsection to prescribe the particular way in which businesses must permit individuals to unsubscribe to receiving CEMs.  But, requiring a statement telling recipients that they can withdraw consents using any of this contact information would be an attempt to do indirectly what the Commission cannot do directly…   Lastly, this requirement will mandate that companies and their agents maintain multiple mechanisms to collect these indications, making it inefficient and costly.

14.The CRTC’s proposed regulation is unworkable where it requires that request for consent must be sought separately for each act described in sections 6 to 8 of CASL.

Section 4 of the proposed regulation requires that consent “must be sought separately for each act described in sections 6 to 8 of the Act.”[13] Organizations such as the CLHIA pointed out that it is not clear what is intended by “sought separately for each act.”  Further, it points out that “It does not seem unreasonable that a single request for consent could expressly identify more than one activity for which the consent is being sought”.

The ESAC noted that the draft language suggests that consent must be obtained separately for each and every occasion a message is sent or re-directed or software is installed.  “This would effectively negate the ability to obtain consent for future actions, and create an overwhelming burden for businesses (due to the vast number of consents) and consumers (who would have to consent before receiving each and every message).”

15.The CRTC’s proposed regulation permitting prescribed information to be made available on the web is not a practical or technologically neutral solution to the disclosure requirement problems created by CASL and the proposed regulations.

The draft CRTC regulations recognize the impracticality for many message types to comply with the form and disclosure requirements of CASL. The short nature of many message types, such as instant or SMS messages and those used over social networks could not accommodate the legal formalities mandated by CASL.

The draft CRTC regulations purport to make it easier for short message types to comply with CASL’s message form requirements by enabling users to provide prescribed information by using a link to a web page on the World Wide Web that is clearly and prominently set out and that can be accessed by a single click or another method of equivalent efficiency at no cost to the person to whom the message is sent.[14]

There are significant limitations with the approach taken. For example, there is no equivalent mechanism in Section 4 of the draft CRTC regulations to enable users of instant messaging, SMS, or social networks or similar networks to use a link to a web page to make the necessary disclosures to obtain consents under Section 10(1) or 10(3) of CASL.  Accordingly, given the limitations of those networks, it would be problematic to seek consent to send a CEM using many modern messaging systems.  Further, it requires anyone seeking to use modern messaging systems to have and maintain a website.  This will be especially burdensome on individuals and small businesses. The solution will often not be practically implementable because the character limitations on short messages cannot even accommodate even the solution proposed. Nor can the link always be accessed in just “one click”. Moreover, the “one click” proposal is not technologically neutral.  As well, users of mobile devices would often have to pay data charges and thus cannot be provided at no charge, thereby making the solution unworkable for one of the fastest growing sectors of the communications marketplace. In any event, there are questions as to whether it is realistic to impose the disclosure requirements on users of social networks.

The CFIB had the following to say about this solution to the disclosure problems created by CASL

“The assumption is that every single business in Canada has a website, however only about half of small businesses have a website yet two-thirds use the web as part of their business.”

“Newer businesses trying to increase their customer base and garner revenue might not be able to initially spend money on a new website, but this requirement will force them to take time and money away from their priorities to comply with the rules”.

“The reference to a “single Click” in Subsection 2(2) implies that the “link to a web page on the World Wide Web” is accessed using an Internet connection, but this is unclear, as is the meaning of “another method of equivalent efficiency.”

“For example, is the provision of a toll-free telephone number which the text message recipient may use to access the information a ‘method of equivalent efficiency’?”

ITAC said the following:

“Including all of the mandatory information on a single web page is impractical and unnecessarily restrictive, particularly where a message is being sent on behalf of multiple third parties (such as dealers, franchisees or affiliates) or using short messaging platforms. Links to additional information should be permitted.”

The Canadian Bankers Association made the following comments on this point:

“We assume that the underlying purpose of the inclusion of the phrase “at no cost to the person to whom the message is sent”, is to ensure that consumers are not charged by the sender to access contact information of the sender or unsubscribe from a CEM.”

“However…there are data costs associated with many forms of digital communication (e.g. as levied by ISP and mobile telephony service providers) over which a sender of a CEM has limited knowledge and no control.  The recipient of a CEM may subscribe to a ‘pay as you go’ mobile plan that offers a bundle of minutes for a set fee, so every use of the mobile device results in a cost to the user, even to dial a toll-free telephone number.  Many data plans with Internet services for mobile devices have a limit over which the user is charged fees to send additional messages or for additional Internet access.”

ESAC made the following statement:

“Subsection (2) specifically requires that the information must be on a “web page” on the “World Wide Web” that can be accessed by a “single click”.  This is not a technologically neutral solution, and effectively precludes the use of any non-web-based interfaces.  The section essentially dictates the form of communications technology companies are permitted to use. While subsection (2) does permit information to be accessed by “another method of equivalent efficiency”, the scope of this provision is unclear.  It immediately follows the requirement that the information be accessed in a “single click”, suggesting that the” method of equivalent efficiency” only applies to the equivalent of a “click”.  If it is intended to be applied more broadly, this must be clarified.”

“The imposition of a “single click” limit is also problematic.  There may be situations where it would take 2 or more “clicks” to access the complete range of information that the Regulations require.  The fact that all of the prescribed information must be accessible at a “single click” is very restrictive and inflexible, especially as a single extra “click” may result in significant punitive measures against the sender.”

16.The proposed regulations fail to accommodate a business that does not maintain a web site from receiving unsubscribe requests. Further, the CRTC’s proposed regulation requiring the unsubscribe mechanism be performed in no more than two clicks is not technologically neutral or workable in many circumstances.

Individuals and organizations cannot send CEMs or request a consent to send a CEM unless they have a website to disclose the prescribed information and receive unsubscribe requests.[15] This will be onerous for individuals and small businesses as well as users of social networks.

The requirements also cannot be met for all messaging systems including for messaging systems in which the subscribe and unsubscribe mechanisms are under the control of a third party. It is also not a technologically neutral solution.

The ESAC made the following comments on this draft regulation.

“While the Act and proposed Regulations appear to assume that only the sender controls the transmission of a message, there are many circumstances in which the subscribe and unsubscribe are actually under the control of a third party (often a messaging platform), and where it is the user who determines the messages he or she wishes to receive.  For instance, in the case of CEMs sent via social networking sites such as FaceBook or Twitter, it is the social networking site that establishes the unsubscribe process, and recipients themselves may unsubscribe without any action required by the sender by simply “un-friending” or “un-following” or adjusting their settings.  Similarly, most mobile “apps” including mobile games include a setting that permits users to switch notifications that could be construed as CEMs off.”

“The requirement that the recipient be able to unsubscribe in “two clicks” is not a technologically neutral requirement and appears designed for email messages.  Moreover, requiring that the recipient be able to unsubscribe in “two clicks” is arbitrary.  There may be situations where it would take 3 or more “clicks” to complete the unsubscribe process.  Given the potential penalties associated with the Act, such a limit is punitive.”

“Not every communication device or medium to which messages are sent will be web-enabled. Given the broad application of CASL to all digital technologies, this exception needs greater flexibility to ensure technologically neutral application.”

The CMA stated the following:

“The restrictive form of the unsubscribe mechanism will effectively prevent the practice of allowing recipients to select within a preference centre the types of messages to which recipients wish to unsubscribe, as multiple clicks are typically necessary to allow for the narrowing of a subscription.  This valid practice should not be discouraged as it provides recipients with greater control over the type of information they receive.”

“The use of the term “click” itself creates problems as it is not technologically neutral. The term does not allow for the use of platforms such as mobile and tablet.”

“The number of permitted clicks is arbitrary and will result in existing senders of commercial electronic messages that have otherwise legitimate unsubscribe mechanisms (i.e. that do not require the recipient to provide a reason, or other types of information, to unsubscribe) having to alter, at a cost, these mechanisms unnecessarily.”

The Canadian Bankers Association stated:

“The requirement that the unsubscribe mechanism be performed in no more than two “clicks” does not reflect current industry standard.

At minimum, one click is needed to click on the link to move from the GEM to access the web page which houses the unsubscribe mechanism, A second click is then needed to select unsubscribe.  A third click is often needed to “confirm” or “submit” the unsubscribe request”.

“A two click requirement may impact current industry practice where the recipient of a CEM is directed to a web page to select his or her electronic communication preferences…”

The requirement “also appears to directly conflict with the requirement in subsection 11(1) (a) of the Anti-SPAM Act to enable the recipient of a CEM to indicate his or her wish to no longer receive “any specified class” of such messages.  Depending on the scope of specified classes offered by the sender of the CEM in the unsubscribe mechanism, it is likely that more than two clicks would often be required in order to properly perform an unsubscribe mechanism”.

The comments also had considerable criticisms of CASL and the draft regulatory approaches to regulating “spyware” and other malware.  These include the following problems.

17.The heightened consent requirements in Section 5 of the draft CRTC regulations for computer programs that perform one of the functions listed in Section 10(5) is unworkable. It is impractical to require that such consents be in writing or to require the user provide an acknowledgement. Further, there are many circumstances in which meeting these requirements would be either technically or commercially unfeasible.

The ESAC provided extensive comments on this point.

“The requirement that any description of the specified functions listed in subsection 10(5) of the Act be brought to the attention of the person from whom consent is being sought “separately from any other information” is unclear.  It suggests that this information must be included in a separate notice. Section 10(4) of the Act already requires that consent for the installation of a computer program that performs a specified function be separate and apart from the licence agreement, so requiring an additional, separate notice is excessive, confusing and creates unnecessary records.”

“The requirement that the consent be obtained, in writing, and include a specific acknowledgement from the user that they understand and agree that the computer program will perform the specified functions is deeply problematic.  The only way to obtain the acknowledgement of consent to a specific function will be to generate an electronic message to be sent to the company.  However, this would constitute installing a computer program that causes an electronic message to be sent, which is also prohibited and for which a separate consent will be required.  This will multiply the number of consents that must be obtained, which will be extremely onerous for business and overwhelming to the consumer.  Further, in the event that a consumer declines to consent to the transmission of the acknowledgement, the company will be unable to comply with the requirement and thus be penalized for not obtaining the required acknowledgement in writing, when the reason for doing so was outside their control.”

“There are many circumstances beyond the permitted exceptions where express consent cannot be obtained, and attempting to obtain consent (including the prescribed information) would not only be not technically feasible but disruptive to the end user’s experience.  For instance, many software, mobile “app” and game developers provide frequent updates and upgrades for their programs, but do so as a courtesy rather than pursuant to formal terms and consequently would not benefit from the “updates and upgrades” exception.  Under these circumstances, consent will need to be obtained for each separate update, and will need to include all the required information.  This applies even if the user has requested automatic updates, or the developer has no control over the information that can be provided with an update.  This will similarly occur if an update or upgrade could alter settings or data on a device, as these “functions” trigger enhanced disclosure obligations and requiring obtaining separate consent regardless of the circumstances or actual impact on the end user.”

“Many electronic devices are not designed in a manner that would enable them to display a request for consent or accompanying prescribed information (e.g. some MP3 players, printers, scanners, appliances, etc.), and are incapable of satisfying the consent requirements (especially in circumstances where enhanced disclosure would be required).”

Telus also had very extensive comments on this issue:

“However, due to the way section 10(5) is drafted, this provision has the potential to interfere with common, accepted business practices that are adequately governed by contracts.  The concern arises from the definition of the types of functionalities that trigger the heightened disclosure and consent requirements.  Section 10(10) refers to “any of the following functions that the person who seeks express consent knows and intends will cause the computer system to operate in a manner that is contrary to the reasonable expectations of the owner or an authorized user of the computer system.”  One of those functions – the only one that causes TELUS concern at present – is (c), “changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the owner or an authorized user of the computer system.”

The reality is that within many kinds of client/service provider relationships, there are times when functionalities and settings are changed in a way that may cause a device to operate in a manner that the user does not expect.  These changes typically take the form of updates, upgrades, or program installations which, while they might make a device work differently, are technical in nature and fall within the scope of contractual consents.

Programs may also be installed from time to time for the purposes of network management, security, diagnostics, technical support or repair, or the detection or prevention of unauthorized or fraudulent use of a service or system.  Installations for these purposes are also typically within the scope of applicable contracts.”

“…the “alteration of transmission data” provisions include an exception for network management. Section 7(2) specifies that that rule “does not apply if the alteration is made by a telecommunications service provider for the purposes of network management.”  A telecommunications service provider may need to install programs from time to time for the purposes of network management, security, diagnostics, technical support or repair, or the detection or prevention of unauthorized or fraudulent use of a service or system.  In some cases, particularly anti-fraud measures, it would defeat the purpose to disclose the action to the user and seek his or her consent.”

18.Certain of the CRTC’s proposed regulations may be beyond the CRTC’s authority under CASL.

Several commentators argue that the CRTC does not have the authority to promulgate the regulations in the form proposed. Comments filed by the CBA, The Chamber, ITAC and RIM, among others, deal with these points. Conversely, PIAC maintains that the CRTC indeed has the requisite jurisdiction.

Conclusion

Canadian businesses have identified a number of important concerns with the proposed regulations under CASL. Unless the proposed regulations are reformulated, many worry that CASL will impede rather than facilitate e-commerce. It will hurt small and large businesses, cause significant economic harm and stifle innovation in the use of electronic messaging systems. It will hinder investment and job creation and drive new and emerging businesses to locate outside of Canada. Its red tape will be costly and inefficient to comply with.

As a last point, many commentators made suggestions related to the go forward process. For example, several organizations, such as the Chamber, endorsed the need for a second round of consultations once revised draft regulations are issued.  Many organizations also asked for sufficient lead time from when the regulations are finalized until the date that CASL comes into legal force. Finally, many comments contained thoughtful solutions to the problems summarized above. These might well form the basis for reformulating the existing regulations and for drafting additional regulations.

[2] bsookman@mccarthy.ca

[3] See http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00521.html

[4] See section 3 of CASL.

[5] For additional information on the history, goals and objectives of CASL, see Government of Canada, Backgrounder, Questions and Answers, and Online Threats, http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/h_gv00567.html),  Government of Canada Moves to Enhance Safety and Security in the Online Marketplace http://www.ic.gc.ca/eic/site/ic1.nsf/eng/05596.html

[6] CRTC draft regulation Section 2(1), 2(2), 4.

[7] Personal Information Protection and Electronic Documents Act

[8] CASL Section 6(1)

[9] CASL Section 1(1)(5)

[10] CASL Section 10(10)(a)

[11] CASL Section 10(10)(b)

[12] CRTC draft regulation, Sections 2(d) and 4(d)

[13] CRTC draft regulation, Section 4.

[14] CRTC draft regulation, Section 2(2)

[15] CRTC draft regulation Section 2(1), 2(2), 4.

* Updated Sept 21.

The CRTC draft regulations are as follows:

1. In these Regulations, “Act” means An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

INFORMATION TO BE INCLUDED IN COMMERCIAL ELECTRONIC MESSAGES

2. (1)   For the purposes of subsection 6(2) of the Act, the following information must be set out in any commercial electronic message:

(a)   the name of the person sending the message and the person, if different, on whose behalf it is sent;

(b)   if the message is sent on behalf of another person, a statement indicating which person is sending the message and which person on whose behalf the message is sent;

(c)   if the person who sends the message and the person, if different, on behalf of whom it is sent carry on business by different names, the name by which those persons carry on business; and

(d)   the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person sending the message and, if different, the person on whose behalf the message is sent and any other electronic address used by those persons.

(2)   If it is not practicable to include the information referred to in subsection (1) and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act in a commercial electronic message, that information may be provided by a link to a web page on the World Wide Web that is clearly and prominently set out and that can be accessed by a single click or another method of equivalent efficiency at no cost to the person to whom the message is sent.

FORM OF COMMERCIAL ELECTRONIC MESSAGES

3. (1)   The information referred to in section 2 and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be set out clearly and prominently.

(2)   The unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be able to be performed in no more than two clicks or another method of equivalent efficiency.

INFORMATION TO BE INCLUDED IN A REQUEST FOR CONSENT

4. For the purposes of subsections 10(1) and (3) of the Act, a request for consent must be in writing and must be sought separately for each act described in sections 6 to 8 of the Act and must include

(a)   the name of the person seeking consent and the person, if different, on whose behalf consent is sought;

(b)   if the consent is sought on behalf of another person, a statement indicating which person is seeking consent and which person on whose behalf consent is sought;

(c)   if the person seeking consent and the person, if different, on whose behalf consent is sought carry on business by different names, the name by which those persons carry on business;

(d)   the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person seeking consent and, if different, the person on whose behalf consent is sought and any other electronic address used by those persons; and

(e)   a statement indicating that the person whose consent is sought can withdraw their consent by using any contact information referred to in paragraph (d).

SPECIFIED FUNCTIONS OF COMPUTER PROGRAMS

5. A computer program’s material elements that perform one or more of the functions listed in subsection 10(5) of the Act must be brought to the attention of the person from whom consent is being sought separately from any other information provided in a request for consent and the person seeking consent must obtain an acknowledgement in writing from the person from whom consent is being sought that they understand and agree that the program performs the specified functions.

Industry Canada published additional draft regulations on July 8, 2011. There is also a 60 day period for commenting on these regulations. These draft regulatons read as follows:

PERSONAL RELATIONSHIP AND FAMILY RELATIONSHIP

2. For the purposes of paragraph 6(5)(a) of the Act

1. (a) “family relationship” means the relationship between individuals who are connected by
   1. (i) a blood relationship, if one individual is the child or other descendant of the other individual, the parent or grandparent of the other individual, the brother or sister of the other individual or of collateral descent from the other individual’s grandparent,
   2. (ii) marriage, if one individual is married to the other individual or to an individual connected by a blood relationship to that other individual,
   3. (iii) a common-law partnership, if one individual is in a common-law partnership with the other individual or with an individual who is connected by a blood relationship to that other individual; and
   4. (iv) adoption, if one individual has been adopted, either legally or in fact, as the child of the other individual or as the child of an individual who is connected by a blood relationship to that other individual; and
2. (b) “personal relationship” means the relationship, other than in relation to a commercial activity, between an individual who sends the message and the individual to whom the message is sent, if they have had an in-person meeting and, within the previous two years, a two-way communication.

CONDITIONS FOR USE OF CONSENT

3. (1) For the purposes of paragraph 10(2)(b) of the Act, a person who obtained express consent on behalf of a person whose identity was unknown may authorize any person to use the consent on the condition that the person who obtained consent ensures that, in any commercial electronic message sent to the person from whom consent was obtained,

1. (a) the person who obtained consent is identified; and

1. (b) the authorized person provides an unsubscribe mechanism that, in addition to meeting the requirements set out in section 11 of the Act, allows the person from whom consent was obtained to withdraw their consent from the person who obtained consent or any other person who is authorized to use the consent.

(2) The person who obtained consent must ensure that, on receipt of an indication of withdrawal of consent by the authorized person who sent the commercial electronic message, that authorized person notifies the person who obtained consent that consent has been withdrawn from, as the case may be,

1. (a) the person who obtained consent;
2. (b) the authorized person who sent the commercial electronic message; or
3. (c) any other person who is authorized to use the consent.

(3) The person who obtained consent must inform, without delay, a person referred to in paragraph 2(c) of the withdrawal of consent on receipt of notification of withdrawal of consent from that person.

(4) The person who obtained consent must give effect to a withdrawal of consent and, if applicable, ensure that a person referred to in paragraph 2(c) gives effect to the withdrawal of consent, in accordance with subsection 11(3) of the Act.

MEMBERSHIP, CLUB, ASSOCIATION AND VOLUNTARY ORGANIZATION

4. (1) For the purposes of paragraph 10(13)(c) of the Act, membership is the status of having been accepted as a member of a club, association or voluntary organization in accordance with the membership requirements of the club, association or organization.

(2) For the purposes of paragraph 10(13)(c) of the Act, a club, association or voluntary organization is a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than profit, if no part of its income is payable to, or otherwise available for the personal benefit of any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is an organization the primary purpose of which is the promotion of amateur athletics in Canada.

*Updated after the Industry Canada draft regulations were published.

You clearly had fun trying to come up with a name. Some of you suggested a few names. Some suggestions were serious (more or less). Others were hysterical, many reflecting your thoughts about the Bill, or about SPAM. Here are your proposals to name the Bill.

Please read them and let me know which ones you like or would choose. You can email me (bsookman@mccarthy.ca) or post comments on my blog with your recommended name and short name, if applicable. My partner Lorne Salzman and I will select the winning name (and the winner of the McCarthy’s gift) after getting your input.

Eyjafjallajökull – the name of the volcano in Iceland that disrupted so much flight travel in Europe last year. No one (outside of Iceland) could pronounce the name and like this Bill, no one will be able to remember the full name so let’s give it a label we will at least remember – to see, if not say. (John Leblanc)

Canada Risible Anti-spam Propoundment or CRAP for short. (Richard Owens)

Spam²⁴ Act. Surely relying on the Wisdom of The Hitchhikers Guide to the Universe, the name then should be:  Spam⁴² Act. BUT since spam is transmitted over the Internet and Google is a very important term in relation to the Internet and the number Googol sounds very close to Google, we could call it: Spam^googol Act (David Bilinsky)

One is reminded of that Python bit profiling an otherwise forgotten composer, Johann Gambolputty de von Ausfern- schplenden- schlitter- crasscrenbon- fried- digger- dingle- dangle- dongle- dungle- burstein- von- knacker- thrasher- apple- banger- horowitz- ticolensic- grander- knotty- spelltinkle- grandlich- grumblemeyer- spelterwasser- kurstlich- himbleeisen- bahnwagen- gutenabend- bitte- ein- nürnburger- bratwustle- gerspurten- mitz- weimache- luber- hundsfut- gumberaber- shönedanker- kalbsfleisch- mittler- aucher von Hautkopft of Ulm.Given the Pythonic origin of the term “Spam”, the best short name for the new Act would have to be similarly surreal, irrelevant and disrespectful. Hence my vote for the “Fish-Slapping Dance Act, 2011“. (David Basskin)

Given some of the potential concerns Barry identifies due to overbreadth or sloppy drafting, how about the Law of Unintended Consequences? (Richard Pfohl)

How about:  “An Act to Amend other Acts and do some other things.” The government could use the same name for all future legislation. And they could advertise it as the A++ Act. Very efficient and no less informative… (Michael Erdle)

I’m fond of the Spam Spam Spam Spam Spam Spam Spam Spam Spam Spam Spam Spam  Spam Spam Spam Spam Spam Spam Spam Spam Spam Spam Spam Spam Act.(It’s even shorter the current name.) (Eric Boehm)

P.P.P.S. At least no one has (yet) suggested naming the Act for someone, especially a child, who has died in painful circumstances. (Wallace Mclean)

The eCommerce Holy Grail Act. (Get it? Spam – Monty Python- Holy Grail)  (Peter Ruby)

Green Eggs and Spam? (Bernice Karn)

I call dibs on the “Canada Spam-a-Lot Act”. (Bernice Karn)

ASS Law (Anti Spam and Spyware Law)? (Bradley Freedman)

Oh heck let’s mix French and English. Sans-Spam Act (David Bilinsky)

Spam-a-Little (Mary Hemmings)

Internet Wish Act – as in I wish that the anti-spam provisions by the government in this act could actually be enforced without bankrupting the public service. By the way, my Visa has limited internet purchase capacity…an email from germany told me so! WISH could stand for Wise Interneters Suspect Havoc (so they read the screen to delete spam) ((Shaunna Mireau)

How about Anti-Malware Act? Short and bilingual… (Michel Racicot)

Since the statute deals with spam and spyware, and various other nasty practices, perhaps the generic “Anti-malware Act” would be appropriate. I expect that most people who do not live and breathe computers may not recognize the term, but it’s still a good one, and a title can be educational as well as convenient. I learn that the recognized Canadian French equivalent is ‘maliciel’, a formation from the very elegant ‘logiciel’ for software (in France that tends to be called ‘le soft’, but we should prefer the elegance of the Canadian formation). So: “Loi contre le maliciel”.  The ‘original’ title was, I believe, the ‘Electronic Commerce Protection Act’, which is fine except that it gives no hint as to the contents. The ‘Fight Internet Spam Act’ is OK, though a little tendentious – better than a lot of political titles. (John Gregory)

Canadian Anti-Spam Act, which can be further shortened to CASPA. (Lorne Salzman)

Can-Can Spam Act since I’ve been telling people it is sort of the Canadian version of the US Can-Spam Act! (Joel Guralnick)

Using the logic of the DaVinci’s Code (or the “USA PATRIOT ACT”), we should refer to the law as the PEACE Act (or perhaps the e-PEACE Act). “An Act to Promote the Efficiency and Adaptability of the Canadian Economy [...] (Charles Morgan)

I’d like to suggest “The CORE Discourse Act” . I am most certainly not a lawyer, but what I understand of C-28 suggests to me an attempt to describe and moderate Corporate Responsibility in Electronic Discourse.  (Scott Elcomb)

And don’t forget “Canada’s Anti-Spam Legislation” (CASL) which is how the legislation is now described (without the acronym) on the Industry Canada site. CASL gets my vote, but the ultimate decision might be made by Justice Laws.  (Bruce Tattrie)

Canadian Legislation Against Spam & Spyware Act (or CLASS Act, because it’s a CLASS Act that invites a lot of CLASS Action…)  (James Gannon)

Canadian Anti-Spam, Anti-Spyware Act (CASASA, pronounced “Que c’est ça?” in French) (James Gannon)

The Bill has no short title. As a result different terms and acronyms are being used to refer to it including the ECPA, FISA, FIWSA, the SPAM Bill, the Anti-SPAM Legislation, and the Anti-SPAM and Anti-Spyware Bill.

The Bill needs a short title we can all agree on. I am asking you to help decide what we call it.

Some Background

On April 24, 2009, the Government introduced Bill C-27. It had a short title called the Electronic Commerce Protection Act. Its acronym was the ECPA. It received second reading in the House of Commons. The ECPA died on the Order Paper, however, when it reached the stage of second reading in the Senate, due to the prorogation of Parliament on December 30, 2009.

On 25 May 2010, the Government introduced Bill C-28. This bill was based substantially on Bill C-27. At first reading in the House of Commons, the short title of the Bill was Fighting Internet and Wireless Spam Act. It was also known by the acronyms FIWSA or FISA.

Bill C-28 was reviewed by the Standing Committee on Industry, Science and Technology. On Tuesday, November 2, 2010, the Committee voted to amend the Bill to remove the short title. The amendment was initiated by NDP MP Brian Masse during the following exchange in the Committee hearings over the short title:

Mr. Brian Masse:

I have just one last quick question. I noticed that the short title of the bill has been amended. We’ve had some things around that. Who suggested that the short title be changed?

Mrs. Janet DiFrancesco:

The short title of the bill was provided to us.

I also can’t tell you why they dropped a letter out of it. I don’t what happened to the “W” to go with the initials FISA, but that was the acronym they also gave us when it was tabled.

Mr. Brian Masse:

I suspected as much.

Thank you very much for your answers. I appreciate them.

Thank you, Mr. Chair. I’m all done.

The Chair:

There are 92 clauses, so we’ll postpone the short title, as is the practice per Standing Order 75(1).

(Clauses 2 to 92 inclusive agreed to)

(On clause 1—Short title)…

The Chair:

Shall the short title carry?

Mr. Brian Masse:

No, I’m not going to agree to the short title. First of all, it wasn’t from the department. We got into these silly games of naming bills with these little titles here and there. I’m not going to give them this; it’s just ridiculous to do this type of stuff. I haven’t seen this in the years I’ve been here, so I’m not supporting this nonsense.

The Chair:

Okay.

Mr. Anthony Rota:

Mr. Chair, just for clarification, if we vote in favour of the title, then it has a title. If we vote against the short title, then it has no title. Am I correct?

The Chair:

That’s right. We’ll report it back that way. We’ll still have the long title.

Mr. Anthony Rota:

I just wanted to clarify that. Thank you.

The Chair:

Shall the short title carry? Can I see a show of hands?

(Clause 1 negatived)

The Chair: It’s defeated.

Shall the title carry?

Some hon. members: Agreed.

The Chair: Shall the bill as amended carry?

Some hon. members: Agreed.

The Chair: Shall I report the bill, as amended to the House?

Some hon. members: Agreed.

The Chair: Shall the committee order a reprint of the bill?

Some hon. members: Agreed.

The Chair: Gentlemen, that’s very good work. We have no meeting on Thursday.

The meeting’s adjourned.

The Bill eventually passed the House of Commons and the Senate before being given Royal Assent on December 15, 2010. It awaits publication of the regulations and then proclamation, which is expected to occur in the fall of this year.

You Name the Bill

Bill C-28 is going to be with us for a long time. It is legislation that is very complex and will undoubtedly result in considerable study, litigation (including class action proceedings) and enforcement proceedings before the CRTC. (The Bill is summarized here, here, here, and here.)

We need a common way of referring to it. We need a short title. What do you think it should be?

I encourage you to email me (bsookman@mccarthy.ca) or post comments on my blog with your recommended short name (and/or acronym) and the reasons for choosing it. I will list the top few suggested names along with some of the main reasons for suggesting it and ask people to let me know their preferences.*

What do you recommend we call the Bill and why?

One of the people to recommend the winning name will be given a McCarthy Tétrault branded gift as a reward for his/her skill.

* By participating, you confirm you are okay with me attributing (or not attributing) suggestions to you, unless you let me know otherwise.

The legislation creates significant vicarious and accessorial liability for companies and for their officers and directors with the potential for administrative penalties of up to $10 million and damages awards which can reach $1 million per day or per breach.

Accordingly, you will want to learn about this new legislation and how to comply with its many provisions. To help you do so, I am posting slides prepared by Lorne Salzman and I for the  IT Can Roundtable presentation we gave earlier today on the impacts of Bill C-28.

Sookman Salzman ITCAN Spam Slides

The Act prohibits organizations from sending commercial electronic messages unless the recipient has given express or implied consent. A “commercial” electronic message is an electronic message where one of its purposes is to encourage participation in commercial activity. An “electronic message” is defined broadly to include any “message sent by any means of telecommunication, including a text, sound, voice or image message.” This covers e-mails, text messages, instant messages, “tweets” or Facebook® postings, but excludes two-way voice communication, faxing to a telephone account or accessing a voice mailbox.

When requesting express consent to send a commercial electronic message, an organization must “clearly and simply” set out the purpose(s) for which consent is being sought and identify the organization seeking the consent. However, consent is not required to send a commercial electronic message where the purpose is to:

• provide a quote or estimate in response to a request;
• facilitate, complete or confirm a pre-agreed commercial transaction;
• provide warranty, product recall or safety information to a purchaser of goods;
• provide information related to an ongoing subscription, membership, account or loan;
• provide information related to an employment relationship; or
• deliver a pre-authorized product, goods or service, including product updates and upgrades.

Consent to receive messages can also be implied, most notably where:

• the sender and the recipient have an existing business relationship or non-business relationship (e.g., membership in a club), where the relationship arose within the past two years or is pursuant to a contract in effect in the past two years;
• the recipient has “conspicuously published” its electronic address and has not indicated a desire to not receive unsolicited commercial electronic messages, and the message is relevant to the recipient’s business role; or
• the recipient has provided its electronic address to the sender without indicating a wish not to receive unsolicited commercial electronic messages, and the message is relevant to the recipient’s business role.

The Act also requires that all commercial electronic messages must identify the sender, include the sender’s contact information, and provide an “unsubscribe” mechanism so that recipient can opt out of receiving future communications.

In addition, if a program performs certain potentially undesirable functions, it must bring its “foreseeable impacts” to the attention of the user. The prescribed list of undesirable functions includes:

• collecting personal information stored on the computer system;
• interfering with the user’s control of the computer system;
• changing or interfering with settings or preferences on the computer system without the user’s knowledge;
• interfering with access to or use of that data on the computer system;
• causing the computer system to communicate with another computer system without the authorization of the user; or
• installing a computer program that may be activated by a third party without the knowledge of the user.

These requirements apply not only to personal computers and computer servers, but also to any electronic device that allows for the installation of third-party programs — such as smartphones and tablets. Programs are exempted from these requirements only if it is reasonable to conclude from the recipient’s conduct that the recipient consented to the installation of the programs (e.g., HTML code, Web cookies, javascript code, operating systems, patches and add-ons). Program upgrades and updates are also exempt if the recipient consented to the initial installation and is entitled to receive upgrades or updates.

Amendments to the Competition Act and PIPEDA²

The Act amends the Competition Act to prohibit false or misleading representations in the sender description, subject matter field or message field of an electronic message, or in the URL or other locater on a webpage. Senders will have to be particularly wary of making overly boastful statements in subject matter lines in an attempt to catch readers’ attention.

The Act also amends PIPEDA, to prohibit the collection of personal information by means of unauthorized access to computer systems, and the unauthorized compiling of lists of electronic addresses (sometimes called “address harvesting”).

The Act also creates a private right of action that allows any business or consumer to take civil action directly against anyone who violates the Act, or the new false or misleading representations provisions of the Competition Act. The Act contemplates that a litigant will be able to recover its actual damages and additional amounts that could amount to as much as $1 million per day. These latter provisions will undoubtedly excite the plaintiff class action bar.

• review and update website privacy policies and terms and conditions to ensure proper consents for the collection of personal information and/or the installation of computer programs on dynamic websites;
• review and update their forms for obtaining express consent to send commercial electronic messages (including e-mail or newsletters), or install software programs to ensure that the forms satisfy the prescribed requirements;
• re-examine their procedures for documenting the receipt of consent, as the onus will rest on senders and software developers to prove they obtained consent;
• ensure that any commercial electronic message contains the prescribed information and an unsubscribe mechanism that is operational for the specified period;
• deal with unsubscribe requests within the requisite time frame;
• ensure that any process that involves online collection of e-mail addresses or other personal information complies with the amendments to the PIPEDA;
• generally review and revise marketing, advertising and external communication practices to comply with the requirements of the Act and the new provision of the Competition Act; and
• in the case of software developers:
  • examine their program-installation procedures to ensure that information about the function and purpose of the program is provided prior to installation;
  • if the program performs one of the prescribed undesirable functions, the disclosure mechanism will also need to describe the foreseeable impacts of these functions; and
  • revise end-user licence agreements (EULAs) to ensure that consent to install patches and upgrades is expressly obtained before installation of computer programs.

² Personal Information Protection and Electronic Documents Act, which is the primary federal statute that addresses privacy matters.

The slides include a summary of the following cases and statutory references:

Tercon Contractors Ltd. v. British Columbia, 2010 SCC 4

Internet Broadcasting Corporation Ltd. v Mar LLC [2009] EWHC 844 (Ch)

Gammasonics Institute for Medical Research Pty Ltd v Comrad Medical Sysytems Pty Ltd [2010] NSWSC 267 (9 April 2010)

Kingsway Hall Hotel Ltd. v Red Sky IT (Hounslow) Ltd. [2010] EWHC 965

BSkyb Ltd v HP Enterprise Services UK Ltd [2010] EWHC 86 (TCC) (26 January 2010)

Griffin v. Dell Canada Inc., 2010 ONCA 29

Tracfone Wireless, Inc. v Anadisk LLC 2010 WL 565392 (S.D.Fla. Feb 18, 2010)

Defrontes v Dell Inc. 984 A.2d 1061 (Sup.Ct.RH.Isld.2009)

Major v McCallister (Miss.CT.App. Dec 23, 2009)

DC Laboratories, Inc. v. Hach Co., 2009 WL 2605270 (C.D.Ill.,Aug 25, 2009)

Hines v. Overstock.com, Inc. 668 F.Supp.2d 362 (E.D.N.Y. 2009)

Tradecomet.com LLC v Google, Inc. 2010 WL 779325 (S.D.N.Y. Mar. 5, 2010)

Scherillo v. Dun & Bradstreet, Inc. 684 F.Supp.2d 313 (E.D.N.Y.2010.)

LTVN Holdings LLC v. Odeh 2009 WL 3736526 (D.Md.2009)

Brodsky v. Match.com LLC  2009 WL 3490277 (S.D.N.Y. Oct. 28, 2009)

Miller v. Facebook, Inc., No. 09-02810 (N.D. Ga. Jan. 15, 2010)

National Auto Lenders, Inc. v. SysLOCATE, Inc. 2010 WL 527866 (S.D.Fla.Feb. 10, 2010)

Carimate v. Ginsglobal Index Funds 2009 WL 3233538 (C.D.Cal.Sept.30, 2009)

Thomas & Anor v BPE Solicitors (A Firm) [2010] EWHC 306 (Ch) (19 February 2010)

Grant v. Torstar Corp., 2009 SCC 61

Crookes v. Newton, 2009 BCCA 392, (leave to SCC granted)

Metropolitan International Schools Ltd. v Designtechnica Corp [2009] EWHC 1765 (QB) (16 July 2009)

R. v. Morelli, 2010 SCC 8

Review of the Internet traffic management practices of Internet service providers, Telecom Regulatory Policy CRTC 2009-657, Oct. 21, 2009)

Bill C-22 An Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service

Notice Paper, May 25, 2010 – INTRODUCTION OF GOVERNMENT BILLS http://ow.ly/1OatI

Lucasfilm Ltd & Ors v Ainsworth & Anor [2009] EWCA Civ 1328 (16 December 2009)

Editions du Seuil v Google Inc, Tribunal de Grande Instance de Paris 3ème chambre, 2ème section Ruling of December 18, 2009

Columbia Pictures Industries Inc v Fung  2:06-cv-05578-SVW-JC (C.D. Cal. May 20, 2010)

Banyan Tree Holding (P) Limited v Reddy CS (OS) No. 894/2008 (H.C.Delhi. Nov. 23, 2009)

Sheppard & Anor, R v [2010] EWCA Crim 65 (29 January 2010)

PIPEDA Case Summary #2009-010 Report of Findings – Assistant Commissioner recommends Bell Canada inform customers about Deep Packet Inspection

Johnson et al. v. Microsoft Corp. (W.D. Wash., June 2009)

EMI Records & Ors -v- Eircom Ltd,  [2010] IEHC 108

PIPEDA Case Summary #2009-013 Publisher collected and used e-mail addresses for marketing without consent

R. v. Cuttell, 2009 ONCJ 471

Carter v. Connors, 2009 NBQB 317

Warman v. Fournier et al, 2010 ONSC 2126

Boring v Google Inc. 2010 WL 318281 (3rd.Cir.Jan 28, 2010)

PIPEDA Case Summary #2009-008 Report of Findings into the Complaint Filed by CIPPIC against Facebook Inc (July 22, 2009)

Poliquin v. Devon Canada Corporation, 2009 ABCA 216 (Alta.C.A.)

Bill S-4: An Act to amend the Criminal Code (identity theft and related misconduct) (in force Jan 8, 2010)

Bill C-28 Fighting Internet and Wireless Spam Act

BILL C-29 An Act to amend PIPEDA

SOCAN v. Bell Canada, 2010 FCA 123

Telstra Corporation Limited v. Phone Directories Company Pty Ltd. [2010] FCA 44 (8 February 2010)

RecordTV Pte Ltd v MediaCorp TV Singapore Pte Ltd [2009] SGHC 287

Roadshow Films Pty Ltd v  iiNet  Limited (No. 3) [2010] FCA 24 (4 February 2010)

Twentieth Century Fox Film Corporation v. Newzbin Ltd., [2010] EWHC 601 (Ch) (29 March 2010)

Arista Records LLC v Usenet.com Inc. 91 USPQ2d 1744 (S.D.N.Y.2009)

EMI Records & Ors -v- Eircom Ltd, [2010] IEHC 108

Columbia Pictures Industries Inc v Fung  2:06-cv-05578-SVW-JC (C.D. Cal. Dec. 21, 2009)

Arista Records, LLC v Lime Wire Group  2010 WL 1914816 (S.D.N.Y.2010)

Sony BMG  Music Entertainment v Tenenbaum, 2009 WL 4547019 (D.Mass. Dec 7, 2009).

Brein v Mininova. B.V., District Court of Utrecht, 26 August 2009

Louis Vuitton Malletier, S.A. v. Akanoc Solutions, Inc. (N.D. Cal. March 19, 2010)

Autodesk, Inc v Dassault Systems Solidworks Corp. 2009 WL 5218009 (N.D.Cal. Dec. 31, 2009)

Tiffany (NJ) Inc. v eBay Inc. 600 F.3d 93 (2nd.Cir.2010)

Google France v Louis Vuitton Malletier, Official Journal of the European Union 22.5.2010

Silvaco Data Systems v. Intel Corp. 2010 WL 1713241 (Cal.App. 6 Dist.2010)

DOCS-#1270489-V10-Sookman TCLG 2010 Year in Review

Bill C-28, Fighting Internet and Wireless Spam Act, is the re-introduction of the Electronic Commerce Protection Act (ECPA). It is essentially the Bill as passed by the House of Commons just before the olympics with a few changes. Most of the changes are to harmonize the language to drafting conventions or to clarify the legislative intent.

The Bill is a major improvement over the initial version of the ECPA which was significantly improved during the Industry Committee review.

The Bill would do the following:

• Prohibit the sending of commercial electronic messages without prior consent.

• Prohibit alteration of transmission data to route the message to an unintended destination.

• Prohibit installation or use of spyware in the course of commercial activities (there are exceptions for cookies, html code, java scripts and operating systems).

• Amend the Competition Act to prohibit false or misleading commercial representations made electronically.

• Amend PIPEDA to prohibit the collection of personal information by means of unauthorized access to computer systems in violation of federal laws, and the unauthorized automated compiling of lists of electronic addresses.

Bill C-29 is a new piece of legislation that will amend PIPEDA. It would do the following:

• Exclude business contact information from being personal information.

.• Specify the elements of valid consent (“the consent of an individual is only valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of personal information to which they are consenting”).

• Require organizations to report material data breaches of personal information to the Privacy Commissioner of Canada, and to notify affected individuals when the breach poses a real risk of significant harm, such as identity theft or fraud, or damage to reputation.

• Create exceptions for prospective and completed business transactions such as the purchase of an organization or assets, M&A transactions, financings and loans, taking security, lease or license transactions, other arrangements to conduct a business activity.

• Permit organizations to collaborate with government institutions, such as law enforcement and security agencies that have requested personal information, in the absence of a warrant, subpoena, or order.