Canadian Spam Legislation: Remembering the late Bill C-27

We frequently mention the CAN-SPAM act when talking about email marketing, largely because our client base tends to be American, even though we're located in Canada – home of maple syrup, moose, and lax spam laws. In fact, Canada is the only G-8 country without anti-spam legislation. For a while this was going to change, thanks to the Electronic Commerce Protection Act (ECPA), introduced through Bill C-27.

C-27 was born out of the recommendations of The Taskforce on Spam, (how's that for a name?) which gathered in 2004 to examine the issue of unsolicited commercial email. Its goal is to provide a “regulatory scheme” for spam prevention, including “administrative monetary penalties, with respect to both spam and related threats from unsolicited electronic contact, including identity theft,(9) phishing,(10) spyware,(11) viruses,(12) and botnets.(13)” (link) Further, it would provide avenues for individuals and companies who have been harmed by spam to make their own punitive claims against spammers.

Unfortunately in December of 2009 parliament ended and this bill vanished along with it.

The history of this bill does, however, provide some interesting insights into the way that the Canadian government, and more specifically Canadian industry, looks upon the topic of spam.

Details of the ECTA:

Consent:

• The ECTA would ban email sent without express or implied consent from the recipient
• The party seeking consent would be required to “clearly and simply” detail the purpose for which they are requesting consent

Identification:

• Email would equire identification of both the sender, and who the email is being sent on behalf of

What would be exempt from consent:

• Service providers (say, ExactTarget, Mailchimp, etc. who are sending on behalf of some one else)
• two-way voice communication between individuals, including telemarketing, (but, they note, this exemption may have been removed at a later date)
• quotes or estimates if said quote was requested by the recipient
• Anyone with “implied consent”,

Implied consent is a really interesting concept here, it includes:

• If you had a business transaction with them within the 2 years before the message was sent.
• If you've entered into a written contract with them, or had done so within 2 years. (so, your cellphone company, from the sound of it, would be able to contact you)
• If you have emailed them.

And the doozy: “implied consent” would include a “conspicuous publication” exception,whereby if you were to conspicuously publish your e-mail contact information (like on your companies website) without a disclaimer stating that you're not to be contacted, then it may be used to contact you on issues relevant to your business. 

So under this I would still be receiving non-stop list sales emails. *sigh*

Penalties

This is where the law gets serious:

The maximum penalty for an individual is $1,000,000 and the maximum penalty for a corporation or other organization is $10,000,000. These fines are imposed per violation, and a violation is defined as being separate for each day that it continues, so these maximum amounts can therefore be imposed for each day that the law is found to have been violated (clause 20).Yes, a maximum of $10,000,000 per DAY that they were spamming. 

Further, individuals who have been affected can sue for compensation. This also applies for flase or misleading messages. 

Conclusion

Canada's views towards privacy, as illustrated by the 40th parliaments Bill C-27, is both incredibly lax, and highly punishing. It permits a lot, but also provides quite a lot of leeway. The inclusion of a punitive option is interesting as well, though due to the nature of Canadian law, would likely be harder to abuse than it sounds.