Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Antispam law draws backlash

Antispam law draws backlash

  • Comments 1

I was reading in the Canadian Lawyer Mag that businesses in Canada are now coming to grips with the Canadian Antispam law that was passed last year. 

Canada’s antispam law is much tougher than most jurisdictions.  Aside from the penalties of the law, which are steep, what differentiates it the most from the US law is that Canada’s law is an opt-in law; marketers who send commercial email must be able to demonstrate that they received consent in writing in order to market to people.  It also allows for the international sharing of information and evidence to pursue spammers outside of Canada.  You can view the summary here: Industry Canada summary of bill C-28.

As expected, people who are most affected by the law – marketers – are upset about the lack of wriggle room and how it could affect their business.  From the Canadian lawyer mag:

“This legislation has quite a broad scope and it will capture many regular business operations by legitimate operators, so in-house counsel are starting to realize that this imposes additional requirements that they’re going to need to take into account.”

“The problem is since the regulations haven’t been finalized, we can’t put in place the final processes, training, and implementation plans.”

“Unfortunately, when the draft regulations came out, frankly they didn’t do anything about the concerns that industry mentioned about the scope of the legislation itself.”

“Companies are put in a position where they have to go out and re-qualify their entire database.”

In other words, companies thought that the antispam law went too far because they are used to sending out email without getting explicit consent from the people they email.

The fact of the matter is that it’s not all that difficult to build a list by consent.  Double opt-in (where you get people to click a box saying that they want to opt-in, and then send them email to click the link to confirm) is the easiest way to do it.  Single opt-in is the second easiest.

The reason that some companies would complain about the broadness of scope of the law – which is intended to target spammers – is because a lot of companies buy email marketing lists from other parties.  When someone says “We may use your information to sell to other partners,” this is a quick-and-easy way of building a mailing list.  The CASL pretty much negates that.  It was never ethical to begin with.

Yet the most interesting quote of all is the following:

Michael Osborne, a partner at Affleck Greene McMurtry LLP, says the tumult around CASL is unlikely to end with its coming into force. He calls the legislation Canada’s “biggest restraint ever on freedom of speech” and says he expects various provisions to be challenged in court. “If I want to send a flyer to your house, I can do it. That’s part of the trade-off for living in a free economy, and I don’t see why e-mail would be any different. I don’t like getting junk at my door or in my inbox, but if I want to live in a free economy, I think I have to accept that,” Osborne says.

The comments above are puzzling because I don’t think anyone actually thinks legislation against spam infringes on freedom of speech, they have a weird view of it.  Freedom of speech guarantees that you can communicate your message but it does not mean that others have to listen to it.  People in the US have challenged antispam laws, claiming it violates their freedom of speech but courts have never supported this argument.

But the real puzzling part is the bolded text above.  It’s true, if you want to send me a flyer, you can.  But this is not the same as email because if you want to send flyers, you have to pay the postage, and you have to pay for creation of the flyer.  You only have limited resources and so you are careful about it.  With email, the cost of it is borne by the recipient.  It is almost as easy as it is for you to send 100,000 messages as it is to send 100.  It is your recipient who has to deal with the cost of network storage of bandwidth. 

We view our email inboxes as an extension of our homes.  You can deliver a message to my mailbox but you cannot come into my home and force me to listen to it.  I have a right to privacy and unsolicited email violates that.  I guess this is getting into Constitutional arguments now (and I am poorly equipped to expound upon them).

The fact is that flyers and email are not the same.  They are quite different.  That’s why computers are so great, you can do so much more with much less input.

Sometimes lawyers say the weirdest things.

Leave a Comment
  • Please add 8 and 3 and type the answer here:
  • Post
  • Consent is not really a new idea here in Canada (as I'm sure you already know) PIPEDA has been consent based for data collection of PII over a decade.  The anti-spam law allows for multiple levels of consent; Implied for existing business relationships and contractual agreements and explicit for non-expiry consent - until withdrawn by the recipient.  Many of the marketers I speak with are already compliant with the data collection portion of this legislation and only require tweaking of creative and data management practices to remain compliant with the implied consent expiry, 2 years, portion of the law.

Page 1 of 1 (1 items)