Back in 2010, Bill C-28 (Fighting Internet and Wireless Spam) was passed by Parliament and received royal assent. It was expected to come into force in 2012, but delays in drafting the regulations mean that 2012 came and went without a coming-into-force date having been announced. This delay gives Canadian businesses, and any foreign entities that do business with Canada, more time to carefully consider what the legislation will require of them. The government will also grant a period between the publication of the finalized regulations and the coming into force of the legislation so that affected organizations have time to read and comply.
The legislation lays out three specific prohibited activities. Section 6 (sending commercial electronic messages) will be of the most interest to Canadian businesses because it relates to what are currently common business practices. The other two (sections 7 and 8) refer to what are usually more nefarious undertakings, but still require vigilance by above-board businesses. For example, section 8 prohibits installing a computer program without the user’s consent, a provision which could capture some forms of automatic updating.
All three types of contravention can be avoided by obtaining the recipient or user’s consent.
There will be a three-year “phasing-in” period (beginning when the legislation comes into force) during which consent will be implied for sending commercial messages where the sender and recipient have a pre-existing relationship, as well as for installing updates to computer programs. This implied consent can be expressly withdrawn by the recipient or user.
Compliance with the legislation is to be enforced by the Canada Radio-Television and Telecommunications Commission (CRTC). The CRTC’s chief compliance tool will be monetary penalties of up to $1 million for individuals and $10 million for legal entities. The extent to which such penalties will actually be levied remains to be seen, but the high maximums send a clear warning.
The prohibited activities
Section 6: Sending, or causing or permitting to be sent, a commercial electronic message
No such message can be sent without the recipient’s consent, and the message must follow a prescribed format.
A “commercial electronic message” is nearly any message sent by telecommunication (text, sound or image, with the exclusion of faxes and phone calls) that could encourage participation in a commercial activity, even if there is no expectation of profit. This includes promoting virtually any event, offering to purchase, sell, lease or barter something, or proposing any kind of business or investment opportunity.
The legislation provides for some practical exceptions, such as where the sender and recipient have a personal relationship or the message only includes information about an ongoing transaction between the two parties.
The prohibition applies to communications sent or accessed by a computer system located in Canada. It will affect any messages made to or from Canadian-based businesses and individuals, as well as any foreign businesses that route their communications through Canadian servers. The implications for legitimate local and international business communications are obvious.
Section 7: Altering, or causing to be altered, transmission data in an electronic message in the course of commercial activity
The legislation prohibits altering transmission data so that the message is delivered to a recipient other than or in addition to that specified by the sender. The computer used to send the message or access the data must be located in Canada at the time. There are exceptions for the consent of the sender, court orders and telecommunications service providers. This is presumably meant to prevent harmful practices like phishing and identity theft.
Section 8: Installing, or causing to be installed, a program on another person’s computer system in the course of commercial activity
Such an installation will be illegal without the user’s express consent. The prohibition also extends to sending any messages from the installed program without consent. For what are surely practical reasons, consent is assumed if the program is a cookie, HTML code, Javascript or an operating system. The computer or the installer (or a person directing the installing to occur) must be located in Canada.
Implications for businesses
Because the legislation only applies to commercial activity, the email engagement efforts of charities and political parties will not be subject to these prohibitions as long as they do not involve selling or promoting a product. Furthermore, registered charities and political parties may in fact send unsolicited commercial messages where the recipient has been a member, donor or volunteer of the organization in the last 24 months.
However, any other entities or individuals engaged in commercial activity are subject to the legislation. Notice that all three prohibitions extend to anyone who causes or permits a proscribed action to occur. So, for example, small businesses that farm out their marketing to a third party are responsible for ensuring that the third party is complying with the law. This responsibility is driven home by a separate provision in section 9 which prohibits aiding, inducing, procuring or causing to be procured the doing of any act contrary to sections 6, 7 and 8.
The section 6 prohibition will probably prove the most troublesome, by making it much more difficult to reach prospective clients. They can’t be contacted without consent, but neither can they be approached to give their consent. In short, the current “opt-out” model must be replaced with one where a client-initiated interaction offers the client a chance to “opt-in” to future communications. Of course, the foreign-originating spam that fills Canadian inboxes is unlikely to be deterred by these measures, even as domestic organizations scramble to avoid heavy sanctions.
In short, any business that engages in online marketing is advised to educate themselves on the implications of the legislation, and to review their methods (and those of any third parties they’ve hired) to ensure they do not fall afoul of the new law.
Drache Aptowitzer LLP
www.drache.ca
- The Lord works in mysterious ways - February 12, 2020
- It’s a whole new ball game for charities at the FCA - January 15, 2020
- Charities in the waiting room - December 11, 2019
