Canadians have been afflicted by the spam scourge and some Canadians have been responsible for the spreading it. In response, the Canadian government is taking steps to crack down on spam by introduction of the Electronic Commerce Protection Act (ECPA) in the House of Commons.
The ECPA, known as Bill C-27, will, it says, deter the most dangerous forms of spam, such as identity theft, phishing and spyware, from occurring there and will help drive spammers out of the country.
Yet the bill also contains provisions that would permit the federal Cabinet to abolish the country’s Do Not Call List (DNCL) without action by the Commons. The DNCL as been criticized by some consumer advocates for being ineffective.
The ECPA would, if passed:
* Address spam by prohibiting the sending of commercial electronic messages without consent. The regime requires that businesses must have express or implied consent prior to sending commercial e-mail or have a pre-existing business relationship with the persons
* Prohibit detrimental practices to electronic commerce, protect the integrity of transmission data and prohibit unwanted installation of computer programs
* Prohibit false and misleading commercial representations online
* Prohibit the collection of personal information via access to computer systems without consent and the unauthorized compiling or supplying of lists of electronic addresses
* Provide for a private right of action for businesses and consumers and for third-party liability i.e. follow the money
* Allow the Canadian Radio-television and Telecommunications Commission (CRTC) and the Competition Bureau to impose administrative monetary penalties on those who violate the act
* Allow for international sharing of information and evidence to pursue spammers outside of Canada in countries who enforce similar laws internationally.
That will prevent violators outside of Canada from using Canada as a spam safe haven.
The legislation, if it is approved, would then move to the Senate for its action; the minority federal Conservative government would require support of at least one of the Opposition parties for passage in the Commons. Once passed there, the bill would be presented to the Governor General for Royal Assent, which by convention in the Canadian parliamentary system is a formality.
The new act will be enforced by three organizations: the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner. The CRTC will investigate and take action, using significant monetary penalties if needed, against spam, altering of Internet addresses, and interfering with computer systems and networks. The Competition Bureau will address misleading and deceptive practices and representations online, including false headers and website content. The Office of the Privacy Commissioner will take measures against collecting personal information via computers and the unauthorized compiling or supplying of lists of electronic addresses.
The ECPA would allow the CRTC and the Competition Bureau to charge offenders with administrative monetary penalties of up to $1 million for individuals, and $10 million for all other offenders. At the same time Industry Canada will act as a national coordinating body to increase consumer and business awareness and education, to coordinate work with the private sector in support of voluntary guidelines, and to conduct research and intelligence gathering.
“Our government knows how damaging spam can be to Canadians and Canadian businesses and that is why we are cracking down on Internet fraud and other forms of malicious activities,” says Industry Minister Tony Clement. “With this landmark legislation, our government will help protect consumers from Internet spam and related threats and boost confidence in the electronic marketplace.”
The ECPA has some similarities but is markedly different than the CAN-SPAM Act in the U.S, according to a ministry spokesperson. The biggest difference is the opt-in requirement to receive commercial e-mail whereas CAN-SPAM is opt-out. The Canadian legislation allows for lawsuits to be undertaken by individuals or businesses whereas the U.S. private right of action is only for Internet service providers. C-27 also has a greater number of prohibitions to address new and emerging threats to online commerce. These include the prohibitions for false and misleading representations online, and further protections of personal information online.
“The government studied successful legislative models in other countries and, based on their experiences, has developed a focused plan to address spam and related threats” said a press release announcing the ECPA.
The ECPA has the backing of the Canadian Marketing Association. The CMA has had since 1997 in its Code of Ethics a requirement that its members have the consent of consumers before sending unsolicited commercial e-mail.
“This is important news for legitimate marketers and good news for consumers,” noted CMA’s President and CEO John Gustavson. “Through rigorous enforcement and the backing of the federal government, we will now have a law that will help combat what has been an ongoing problem for legitimate companies that use the Internet to grow their business."
Yet there have been questions raised about ECPA enforcement. And buried in the bill is a provision enabling the federal government to set aside the Do Not Call List (DNCL), which came into effect in September 30.
Though popular with many consumers, consumer advocates such as Michael Geist, who wrote in The Toronto Star last week about a lack of follow-up on DNCL complaints by the CRTC. Bell Canada (News - Alert) administers the list but the CRTC is responsible for enforcement. Out of tens of thousands of complaints, very few he said have been categorized by Bell as DNCL violations, even fewer have led to warnings from the CRTC and to date no firm has been fined by the regulator; it could impose penalties of up to $15,000 per violation for corporations. The firms and organizations that had complaints lodged against them include leading retailers, financial institutions, charities, newspapers, and telcos.
Geist expressed concern that given the CRTC’s track record with the DNCL, the agency may not be effective at enforcing the ECPA.
“The Electronic Commerce Protection Act would give the CRTC the power to levy fines of up to $10 million for spamming activities, yet the experience with the do-not-call list raises questions about the commission's effectiveness as an enforcement body,’” he wrote.
Geist also said there are plans to review the do-not-call list in a report to minister Clement later this year.
When asked, a ministry spokesperson explained that provision at the end of the Bill section 86 simply allow for the repeal of Do Not Call should the government ever need to do so. For greater certainty, s.86 will remain ‘dormant’ until the government chooses to enact it by order in Council Cabinet decision.
The CRTC has also recently tweaked the DNCL regulations. It lengthened the period of time numbers can stay on the DNCL to five years from three at present; this applies automatically to all those already registered.
In related moves, the agency expanded the political exemption in the DNCL to electoral candidates who are not affiliated with a registered political party. Also, organizations that use auto dialers for non-telemarketing purposes, such as debt collection, must follow the CRTC’s calling hours rules only if calling hour restrictions are not specifically set out in provincial legislation.
“The DNCL is working well to meet the needs of Canadians right now,” said the spokesperson. “Our Government is pleased and encouraged by the interest in the program.”
Brendan B. Read is TMCnet’s Senior Contributing Editor. To read more of Brendan’s articles, please visit his columnist page.
Edited by Stefania Viscusi