On December 15, 2010 Canada’s new anti-spam legislation received Royal Assent, which will, when it comes into force, be one of the strictest anti-spam regimes in the world:
An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (the “Anti-spam Act”).
Earlier this Fall, consultations on two sets of draft Regulations concluded and so the new law may come into effect later this Fall or in the Spring of 2012 (see coming into force information below).
In passing the Anti-spam Act Industry Canada said:
“On December 15, 2010, the Government of Canada passed the Fighting Internet and Wireless Spam bill, Bill C-28. In doing so, the government delivered on a key commitment made by Prime Minister Harper to Canadians and Canadian businesses in September 2008.
The intent of the legislation is to deter the most damaging and deceptive forms of spam, such as identity theft, phishing and spyware, from occurring in Canada and to help to drive out spammers.
This law addresses the legislative recommendations of the Task Force on Spam, which brought together industry, consumers and academic experts to design a comprehensive package of measures to combat threats to the digital economy. As well the government studied successful legislative models in other countries and, based on their experiences, has developed a focused plan to address spam and related online threats.”
In his online videocast, Canada’s Industry Minister said that the passage of the Anti-spam Act was intended to “help … enhance safety and security in the online world”, “deter the most damaging and deceptive forms of spam from occurring in Canada” and “drive spammers out of Canada”. The Minister also said that “Canadians need to feel just as confident in the electronic marketplace as they do at the corner store” and that “spam is at best a nuisance but it can also discourage electronic commerce, undermine privacy and introduce a host of online threats” (see: Minister of Industry – videocast – Government of Canada Moves to Enhance Safety and Security in the Online Marketplace).
The Anti-spam Act, which was first introduced in April, 2009 and reintroduced on May 25, 2010, addresses legislative recommendations made by the Task Force on Spam (see links below), which assembled consumers, academic experts and industry to design comprehensive legislation to fight spam in the digital economy.
In 2005, the Task Force on Spam completed its one-year mandate and issued its final report (Task Force on Spam Report: Stopping Spam: Creating a Stronger, Safer Internet). The Government also studied successful anti-spam measures in other countries.
During third reading, the amended Bill C-28 received unanimous support in the House of Commons and received Royal Assent on December 15, 2010.
ANTI-SPAM ACT – OVERVIEW
Canada’s new Anti-spam Act, which, unlike similar U.S. legislation, creates an “opt-in” regime for commercial electronic communications, amends the following federal statutes: the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, Personal Information Protection and Electronic Documents Act and the Telecommunications Act.
Some of the key aspects of the new Anti-spam Act, the Regulations for which are not yet finalized, are discussed below.
Commercial Electronic Messages (CEMs)
The Anti-spam Act prohibits sending commercial electronic messages (“CEMs”) without the recipient’s express or implied consent (i.e. permission), including messages sent to e-mail addresses and social media accounts and text messages sent to cell phones.
“CEMs” are broadly defined as any electronic message that encourages participation in a commercial activity regardless of whether there is any expectation of profit. “Electronic messages” are defined as messages sent by any means of telecommunication, including a text, sound, voice or image message (with an exception for interactive two-way voice communications – i.e., telemarketing).
CEMs must also be in a prescribed form that, among other things, identifies the person who sent the message, includes information enabling the recipient to contact the sender and includes an unsubscribe mechanism (that meets the statutory requirements).
Electronic messages that request consent to receive CEMs are also defined as CEMs and, therefore, cannot be sent unless consent is received.
When requesting consent, the following is required: (i) stating the purpose for which consent is being sought and (ii) information identifying the person seeking consent (and any other information that may be prescribed by Regulation).
Consent for section 6 of the Anti-spam Act may also be implied, including in the following cases: (i) an existing “business” or “non-business” relationship (both as defined in the Anti-spam Act), (ii) a “business card” exception (a person has published their electronic address without a statement that they do not wish to receive unsolicited CEMs) or (iii) a recipient has disclosed their electronic message to a sender without indicating that they do not wish to receive unsolicted CEMs (and the message is relevant to the recipient’s business).
There are a number of exceptions, that the Regulations when finalized will clarify, including exceptions for: (i) personal or family relationships, (ii) inquiries for commercial goods and services, (iii) providing a requested quote or estimate for goods or services, (iv) messages to complete or confirm a commercial transaction, (v) the provision of warranty, product recall or safety information, (vi) information relating to an employment relationship and (vii) two-way interactive voice communications (i.e., telemarketing).
Altering Transmission Data
The Anti-spam Act prohibits the alteration of transmission data in an electronic message, which results in the message being delivered to a different destination without express consent (e.g., causing an electronic message to be sent to a destination that is different than what the sender intended).
Misleading Representations in Electronic and Online Content
The Anti-spam Act amends the Competition Act to prohibit false or misleading commercial representations made electronically (e.g., in website headers, web links or website content).
In this regard, the criminal and civil misleading advertising provisions of the Act, as well as the related misleading advertising penalty provisions, have been broadened to expressly include misleading representations in the electronic and online environment (e.g., representations made in the sender information or subject matter information of an electronic message).
Unauthorized Installation of Computer Programs
The Anti-spam Act prohibits the installation of computer programs without the express consent of the computer system’s owner or an authorized user of the computer system (e.g., an authorized employee).
Unauthorized Collection of Personal Information
The Anti-spam Act amends the Personal Information Protection and Electronic Documents Act to prohibit the collection of personal information by means of unauthorized access to computer systems.
Collection of Electronic Addresses
Finally, the collection of electronic addresses using computer programs or using such addresses without permission (“harvesting”) is prohibited.
This may include the collection of e-mail addresses through the use of, for example, “web crawlers” (computer programs that scan websites, usenet groups and social media websites, trolling for electronic addresses) or “dictionary attacks” (where a computer program guesses real/live e-mail addresses by methodically trying various name variations within a particular group of common e-mail domains – e.g., Gmail, Hotmail, etc.).
The three government agencies responsible for the enforcement of the new Anti-spam Act are as follows:
The Competition Bureau (the “Bureau”) – the Bureau’s mandate will be to focus on misleading and deceptive practices and representations online, including false or misleading headers, web links and website content. The Anti-spam Act extends the Competition Bureau’s existing jurisdiction over misleading advertising and deceptive marketing practices in Canada, which already included online advertising and marketing (under the criminal and civil misleading advertising sections of the Competition Act – sections 52 and 74.01).
The Canadian Radio-television and Telecommunications Commission (“CRTC”) – The CRTC will have the power to investigate and take action, including imposing significant administrative monetary penalties (“AMPs”), against unsolicited electronic messages (i.e., without consent), the alteration of transmission data or the installation of computer programs without consent (e.g., malware, spyware or viruses).
Office of the Privacy Commissioner of Canada (“Privacy Commissioner”) – The Privacy Commissioner will have the power to take measures against the collection of personal information through unlawful access to computer systems (i.e., contrary to federal law, such as the Criminal Code) or electronic address “harvesting” where bulk e-mail lists are compiled through mechanisms, including the use of computer programs that automatically mine the Internet for e-mail addresses.
Persons contravening the Anti-Spam Act will be subject to AMPs of up to $1 million per violation for individuals and $10 million per violation for corporations.
Private individuals or organizations affected by a violation of the Anti-spam Act will also have a right to commence private actions. In this regard, in addition to allowing awards of damages for actual loss or damage suffered a court may also order persons that contravene the Anti-spam Act to pay damages for each day on which a contravention of the new law continued – for example, for violation of section 6 (unauthorized commercial electronic messages) $200 for each contravention up to $1 million per day the contravention occurred.
The Anti-spam Act also contains broad director and officer liability provisions which provide that directors and officers of a company that commits a violation are liable for that violation if they directed, authorized, assented to, acquiesced or participated in the commission of a violation (subject to a due diligence defence).
COMING INTO FORCE
Two sets of draft Regulations have been published (CRTC Regulations on June 30, 2011 and Industry Canada Regulations on July 9, 2011), the public comment periods for the two sets of Regulations were completed on September 6 and 7, 2011 and final Regulations may come into force in late Fall 2011 or Spring 2012.
In terms of a likely timetable for implementation of the new Anti-spam Act, there has been some debate as to whether, based on comments received during the consultation periods, revised draft Regulations will be issued and whether additional public consultations may be held.
For the draft CRTC Regulations see:
For the draft Industry Canada Regulations see:
For the Canadian Bar Association’s comments on the draft Regulations see:
For more information about our regulatory law services contact us: contact
For more regulatory law updates follow us on Twitter: @CanadaAttorney