Canada’s Anti-Spam Bill
by Andrew OHalloran : May 26, 2009
Canadian Anti-spam bill: C-27 Electronic Commerce Protection Act
I made a prediction in an earlier blog post that Canada would soon have its own anti-spam law. The reality of such a law is gaining momentum.. Bill C-27 “Electronic Commerce Protection Act” had its first reading in Parliament April 24th and its second reading on May 9th after which it was referred for review to the Standing Committee on Industry, Science and Technology. No Committee date has been set yet.
The text of Bill C-27 is quite long (about 72 pages) and fairly complex, especially for legal laymen. While I think the overall direction of the bill is positive, there are parts of the bill that would benefit from improving the definitions of terms. Realistically speaking, it may take more time for clarification to come. In the case of the U.S.CAN-SPAM Act of 2003, the Federal Trade Commission only last year clarified a number of definitions and interpretations through “new rules”, including the definition of “person.”
There are too many details in the bill to analyze in this space. Those knowledgeable with the language of the CAN-SPAM Act (e.g. definitions of “sender”, “initiator”, and “routine conveyor”) will likely have some difficulty understanding the meaning of some terms and definitions in Bill C-27.
Here is a description of some of the main clauses of BillC-27 contrasted to the CAN-SPAM Act:
1 – Consent Required
“No person shall send or cause or permit to be sent to an electronic address a commercial electronic message unless (a) the person to whom the message is sent has consented to receiving it, whether the consent is expressed or implied; and…”
Affirmative consent should always be part of any email marketing program. Compared to the CAN-SPAM Act, Bill C-27 takes this view a step further by making it a legal requirement. As well, the burden of consent proof falls on the marketer.
The bill also has a section requiring that consent be obtained before installing a program on a recipient’s computer system:
“No person shall, in the course of a commercial activity, install or cause to be installed a computer program on any other person’s computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless the person has obtained the express consent of the owner or an authorized user of a computer system or is acting in accordance with a court order.”
The above directly addresses a common spam tactic – in that software is surreptitiously installed on home computers and then controlled by the spammer to send out spam (referred to as “botnets”).
2 – Communications Scope
“Electronic message” means a message sent by any means of telecommunication, including a text, sound, voice or image message.”
The key point with the above is that the scope of the bill—unlike the CAN-SPAM Act– is not restricted to electronic communications sent to an SMTP mailbox (firstname.lastname@example.org) . Keep in mind that CAN-SPAM was enacted almost six years ago – an eternity in the pace of technological change.
3 – Broader Meaning of “Commercial Message”
“For the purposes of this Act, a commercial electronic message is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude it? has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including …”
The key in understanding the above is “…or one of its purposes, to encourage participation in a commercial activity”. Compare this to CAN-SPAM where there is a distinction between commercial and transactional messages, where some of the legal requirements are relaxed for transactional messages (it should always be a best practice, though, to include an unsubscribe mechanism for transactional messages). While with CAN-SPAM certain organizations are exempt (e.g. religious, political) from the legal requirements, the case is different with bill C-27 where the nature of the message has to be closely scrutinized to determine the required legal compliance.
4 – Unsubscribe Mechanism and Sender’s Contact Information (Bill C-27)
“The message must be in a form that conforms to the prescribed requirements and must (a) set out prescribed information that identifies the person who sent the message and the person — if different —on whose behalf it is sent; (b) set out information enabling the person to whom the message is sent to readily contact one of the persons referred to in paragraph (a); and (c) set out an unsubscribe mechanism in accordance with subsection 11(1). (3) The person who sends the commercial electronic message and the person —if different— on whose behalf the commercial electronic message is sent shall ensure that the contact information referred to in paragraph (2)(b) is valid for a minimum of 60 days after the message has been sent.”
Both Bill C-27 and the CAN-SPAM Act require that an unsubscribe mechanism be made available to the subscriber and that the sender’s contact information be included in the message. The important difference, however, is that with CAN-SPAM the unsubscribe mechanism must work for 30 days after the message was sent; while with C-27 this time frame has been increased to 60 days. Both C-27 and CAN-SPAM call on senders to honor opt-out requests within 10 days (a best practice, of course, is to honor opt-out requests immediately or before your next mailing goes out).
5 – Private Right of Action
The CAN-SPAM Act restricts civil action to the Federal Trade Commission and Internet Service Providers. Bill C-27, by contrast, extends this to individuals and allows for private right of action where individuals are permitted to sue senders who allegedly have violated the law.
Hosted article here courtesy of MediaTrust®.