Canadian Government Re-Intros Anti-Spam Legislation, Intros Privacy Amendments

By Brendan B. Read
Senior Contributing Editor

In a long-awaited set of moves, the Canadian government has introduced previous but updated legislation and changes to existing regulations aimed at curbing and mitigating an array of offenses occurring over electronic channels including spam, ID theft and at protecting children and other vulnerable individuals. The measures, whose passage is likely certain and could be in force by the end of 2010, will also enable increased cooperation from U.S. authorities and may help limit the spread of these crimes in both countries.

The Fighting Internet and Wireless Spam Act (FISA),which had passed the House of Commons as the Electronic Commerce Protection Act in November 2009 but died on the order paper when Prime Minister Stephen Harper prorogued Parliament, will prohibit sending commercial e-mails including text messages unless there is express or implied consent from the recipients. It is also aimed at stopping phishing and the spread of spyware.

Messages sent must identify the senders and the persons (and firm) on whose behalf they are sent, provide accurate contact information for these parties and have an unsubscribe mechanism. There are exemptions for commercial inquiries, applications, quotes, transactions and confirmations and between those who have personal or family relationships. Also free from the act are e-mails that provide notification of factual information and that which directly relates to an employment relationship or benefit plan or that deliver a product, good or service that the recipient is entitled to receive under the terms of a previous transaction. Charities, political parties, pollsters and businesses with an established relationship with recipient would be also exempt from the controls.

The penalties for FISA violators will be stiff. The proposed law would enable the Canadian Radio-television and Telecommunications Commission (CRTC)to impose administrative monetary penalties (AMPs) of up to $1 million per violation for individuals and $10 million for businesses. The Competition Bureau Canada, through application to the Competition Tribunal, may seek AMPs under the current AMPs regime in the Competition Act. That regime allows for penalties of up to $750,000 for individuals and $1 million per subsequent violation, and up to $10 million for businesses and $15 million per subsequent offense. This bill proposes a private right of action, modeled on U.S. legislation, which would allow consumers and businesses to take civil action against anyone who violates the FISA.

The Canadian government also plans to create a spam reporting center that will work with the three enforcement agencies: the CRTC, Competition Bureau Canada and the Office of the Privacy Commissioner to identify and analyze trends in online threats and engage in public awareness. They will also be empowered to share information and evidence with their counterparts that enforce similar laws (e.g. the Federal Trade Commission and the U.S. CAN-SPAM Act) internationally in order to pursue violators beyond Canada's borders.

 Industry Minister Tony Clement says Canada is an outlier among advanced nations for the lack of effective laws against spam, unwanted solicitations or even threats over computers and other wireless devices. That has allowed he said spammers to set up shop in Canada and victimize individuals both locally and globally.

 The Canadian government also introduced amendments to Personal Information Protection and Electronic Documents Act, or PIPEDA. Among them is a new requirement for organizations to report material data breaches to the Privacy Commissioner of Canada and to notify individuals where there is a risk of harm. It will complement the government's recently enacted identity theft legislation and encourage better information security practices on the part of organizations. Another key provision will provide further protection for children online by requiring organizations to consider the ability of their target audience to comprehend the consequences of sharing their personal information.

 There will be additional exceptions to PIPEDA, which became law in 2001, that will allow for the release of personal information to help protect victims of financial abuse, to help locate missing persons and to identify injured, ill or deceased individuals.

 "Canadian shoppers should feel just as confident in the electronic marketplace as they do at the corner store," said Minister Clement. "With today's two pieces of legislation, we are working toward a safer and more secure online environment for both consumers and businesses - essential in positioning Canada as a leader in the digital economy."

 FISA has received praise from at least one prominent e-commerce and privacy expert, Prof. Michael Geist, who teaches law at University of Ottawa.

 "The new bill contains some modest changes involving privacy, but most of the core provisions remain unchanged," said Geist. "It deserves broad support and should be placed on the fast track."