Anti-spam law will be difficult to police, CRTC says
Michael Oliveira, The Canadian Press
Published Wednesday, May 28, 2014 9:47AM EDT
TORONTO -- A new law designed to help unclog Canadians' email inboxes takes effect July 1, but the CRTC is warning that it won't be able to respond to every complaint it receives.
The new federal anti-spam legislation requires that businesses get written or oral consent before they send emails or other digital messages to consumers.
Companies must also clearly identify themselves in each message and allow consumers to unsubscribe from digital mailings.
"We were pleased (with the drafted legislation) because we thought (the government) had, after many years, grasped that the fundamental problem with all unsolicited marketing -- and email is no exception -- is that unless you ask for it, you probably don't want it," says John Lawford, executive director of the Public Interest Advocacy Centre.
But Internet users may actually receive an influx of commercial emails in the lead-up to July 1.
While companies have a three-year grace period to confirm consent with consumers they had previously signed up for mailing lists, many are racing to do so by the end of June.
Some businesses are concerned that the methods they had used to populate their existing mailing lists may not be fully compliant with the new rules.
Businesses that violate the new law could face financial penalties of up to $10 million per violation, while individuals could be fined up to $1 million per infraction.
But the rules are not completely cut and dry and even some legal experts are struggling to interpret them, according to David Fraser, a privacy lawyer who has been advising businesses on how to abide by the law.
"It has a whole bunch of exceptions and a whole bunch of not well-understood or well-defined conditions," says Fraser.
"It's not user-friendly for business people, not by any means."
Fraser argues that commercial emails are no longer a major issue for most consumers thanks to the effectiveness of spam filters and unsubscribe tools.
"Spam has mostly been fixed -- by and large by technology -- it no longer is the problem it used to be. The stuff that's a problem is fraud or phishing to scam you into providing your personal information," he says.
"(The law) lumps together into one category a legitimate email message from a local real estate agent with a fraudulent email from a Nigerian prince offering to repatriate his inheritance, and I think those two are very different and should be treated in a different way."
But Michael Geist, a professor at the University of Ottawa and the Canada Research Chair in Internet and E-commerce Law, says he doesn't think it's too onerous for businesses to comply with the new rules, especially since concessions were made to get it enacted.
"Just about everyone in the process had to put a little bit of water in their wine, there was certainly a fair amount of compromise," says Geist.
"It seems to me they've carved out quite a lot of space for correspondence that I think most people feel is legitimate, and have also given enough of a phase-in period for most businesses."
While Fraser says he's heard rumblings that enforcement will be fierce, the CRTC says it simply doesn't have the manpower to aggressively respond to every complaint.
Manon Bombardier, the CRTC's chief compliance and enforcement officer, says she expects there will be hundreds of complaints pouring in each and every day.
"We don't have the capacity to look at them all, it would not be efficient to look at them all, so we need to be strategic," she says.
Bombardier says the CRTC will focus on the most severe types of violations, and responses to complaints will range from written warnings up to financial penalties or court actions.
"Our objective is to secure compliance in the most efficient way possible and prevent recidivism," she says.
"If a warning letter can achieve that, that's what will be selected. If it's deemed insufficient to achieve that objective, then we may need to go with a more stringent tool."
In addition to emails, the new law also prohibits businesses from sending unsolicited messages to social media inboxes.