Speech delivered by Philippe Le Roux, President of Certimail, during his testimony before the House of Commons Standing Committee on Industry, Science and Technology as part of the revision of the Canadian Anti-Spam Law.
Introduction
I want to thank the Committee for inviting me to testify today. Although not well covered by the media, the work of this committee is very important to the Canadian economy and its people.
I have of course followed the work of your Committee with great interest, and I have published a regular report on our blog. Unaccustomed to lobbying activities, I confess that I was particularly surprised by the number of approximations, exaggerations and alternative facts that you were served as scientific truths.
I will return to these statements later. As an Internet pioneer in Quebec, I founded in 1994 the first digital marketing agency through which I, for nearly 20 years, helped many organizations like VIA Rail, RDS, and Club Med USA to use the web to transform their marketing strategies, sales and sometimes even their business models.
I have always considered email as the heart of any digital marketing strategy and started to implement email marketing strategies for our customers in 1996. In 2013, I left the agency to establish Certimail whose mission is to help Canadian SMBs improve the effectiveness of their email marketing all the while complying with CASL. We are in fact the only company dedicated to CASL compliance.
Far from any dogmatism, the findings and recommendation that I present to you rely on my 20 years of email marketing experience, and 4 years devoted to analyzing CASL and its 13 regulatory documents to help tens of SMBs of all sizes to implement their compliance program based on the CRTC’s requirements.
The cost of conformity
Before going into the analysis of CASL and its application, I would like to answer a simple question that you asked at each of your sessions without ever getting an answer: to know what it costs a company to comply with CASL. The answer is simple; our certified compliance packages cost $ 699 for a sole proprietorship, $ 1,249 for a small business with less than 10 employees, and $ 3,000 to $ 15,000 for businesses with 11 to 300 employees. If my colleagues from Newport Thomson, Deloitte or KPMG who offer similar services to the largest companies were invited, they would tell you that their rates are between $ 25,000 and $ 100,000.
Surprisingly, neither the CRTC nor the industry associations have been able to provide you with this much needed and easily accessible information.
That being said, my intervention will focus on three points:
- The importance and effectiveness of CASL
- The inadequacy of the approach of the CRTC
- Some recommendations to enhance the effectiveness of CASL all the while reducing its negative impacts
CASL’s relevance and effectiveness
It is as a marketing expert and socially motivated consumer that I wish to demonstrate to you that not only is CASL necessary but it is wanted.
Contrary to what was said by the many lobbyists who came before you, CASL is not a law on cybersecurity or IT risk, but a law that aims to develop consumer confidence in e-businesses.
In fact, as suggested in the report by the Task Force on Spam, CASL and its regulations are more like an Electronic Communications Highway Code than a Cyber-Threats Act.
When I crossed the Champlain Bridge this morning to attend this session, I noticed that the complex and stringent regulations put in place a century ago to supervise the few motorists at the time did not affect the development of this mode of transport.
And this Electronic Communications Highway Code, Canadians want it. They have demonstrated this by filing more than 1 million complaints in three years without having seen a single advertisement urging them to do so. And this support of CASL continues through the thousands of complaints filed every day.
This volume of complaints is enough to contradict the assertions delivered to you by the Canadian Chamber of Commerce in the last session. Receiving unsolicited commercial electronic messages is still a major problem for the vast majority of Canadians. Anti-spam technologies are becoming more efficient, but they have not solved the problem and are beginning to show their limitations.
The importance and effectiveness of CASL
In one year, CASL already reduced the volume of spam received in Canadian inboxes by 37%. This demonstrates the effectiveness of CASL for consumers.
But it is also effective for businesses, at least for those who want to do email marketing properly and not use it like traditional marketing à la Mad Men.
Since CASL came into effect, Canada has emerged from the pack to become one of the two countries where email marketing is by far the most effective. The second country is Australia, the only country that has broad and severe legislation similar to CASL.
For example, the reach rate (the proportion of outgoing messages that are visible to recipients in their email) is about 80% in most countries. In Canada, that rate rose from 79% in 2014 [1] to 90% today [2] . The only other country in the world that reaches a similar score is Australia.
Similarly, the open rate (the proportion of marketing emails opened by recipients) is from 12% [3] on the African continent to 24% [4] in the UK. With an open rate of 32% [5] Canada is second to Australia with 33%. Yet the open rate in Canada was only 26.2% in 2014 [6]
I have heard several witnesses claim that CASL affected the competitiveness of Canadian companies. Yet this is false. CASL is an excellent incentive to adopt best practices in the field and therefore to achieve better results. For almost 15 years Australia’s Spam Act is in force, and yet their economy does not seem to suffer particularly.
Reducing the scope of CASL would encourage Canadian companies to maintain an often outdated marketing approach rather than capitalize on innovation to be more competitive.
Especially since CETA enters into force just as Europe implements GDPR, a new legislation on data protection that seems to be modeled on CASL regarding electronic communications. Encouraging Canadian companies to comply with CASL gives them a leg up on the European market.
The inadequacy of the approach of the CRTC
That brings me to the second point I want to share with you, the inadequate approach of the CRTC. I could spend hours citing to you why the CRTC is failing in its implementation of CASL, but we do not have time, so I’ll just point out the main grievances.
Failure to properly educate Canadian companies
The first relates to communications, a gap that is denounced by Canadian companies according to various surveys done on CASL.
- Aside from a small advertising campaign on the web and a few very limited presentations in 2014, the CRTC did nothing to educate businesses about CASL’s many rules. Mr. Harroun boasted that they sensitized 1200 companies in its different presentations in Toronto last spring. We should remind him that Canada is a little bigger and that at this rate, it will take a century to educate the millions of Canadian businesses that are still unaware of CASL and its details.
- The Journal de l’assurance in May invited the CRTC to send a lecturer to Montreal this month to raise awareness amongst 400 companies in the sector during a one-day seminar on the subject. The CRTC declined the invitation in September, and the conference had to be canceled. These companies continue to ignore the rules of CASL and the importance of setting up a compliance program.
- In May 2014, the CRTC issued a bulletin defining the criteria that a compliance program must adhere to for a company to demonstrate good diligence under Article 33 (1) of the Act should they need to defend themselves. The problem is that this newsletter is lost in the bowels of the CRTC’s website and is known only by a few specialists. There is no reference to the compliance program on fightspam.ca or in CALS’s FAQ. Yet the CRTC says in each of its private conferences that its main objective is to encourage companies to implement such program.
Yet three recent polls have estimated that 80 to 95% of Canadian businesses have no compliance program!
The website dedicated to informing consumers and businesses about anything related to CASL is not only poorly done and incomplete, but it is not even updated. The last notice dated more than a year ago!
The second major flaw of the CRTC relates to the interpretation of CASL and its regulations
In three years, the CRTC’s investigation and enforcement team issued just three interpretive materials while there are still dozens of unclear issues affecting most businesses. And do not try to call them for advice, they will refer you to an agent at the call center that prompts you to make your interpretation in the hopes that the CRTC will have the same interpretation should they investigate you.
Since I founded Certimail 4 years ago, I have been trying to establish contact with the CRTC’s investigation and compliance team: I sent out invitations via LinkedIn, emailed, phoned and left messages for Mr. Harroun’s assistant. I have never had any news until my name was confirmed as a guest witness by the committee this week. And this despite the fact that Mr. Harroun and his team constantly invite companies to contact them for advice on compliance.
And this is not the only double talk from the CRTC on CASL. It’s the same for investigations and fines. While the public discourse is that the CRTC does not want to lure companies to act in good faith and focuses on the offenders who are the most harmful, it is clear that in private conferences, the speech is totally different as demonstrated by the many fines given to companies acting in good faith Rogers, Porter, and even Kellogg’s Canada.
How does the CRTC explain the fact that it reduced to $ 200,000 from $ 1.1 million a fine imposed on Compu-Finder in 2015, an amount identical to that paid by Rogers who made minor errors next to the violations of Compu-Finder?
Recall that Compu-Finder is a company criticized in the media for years for its abusive email practices that illegally collected more than 400,000 email addresses of Canadian companies, which generated a quarter of complaints received by the CRTC to and who refused to collaborate during the investigation.
The third weakness of the CRTC is the volume of investigations
Mr. Harroun unveiled to you that the CRTC had opened 500 files (over 1.1 million complaints!) And completed 30 surveys including eight penalties that were made public in three years. How can we hope that companies feel concerned by CASL at this rate? In fact, companies feel they have more chance of winning the jackpot in the lottery than being investigated for their email practices.
I could go on for hours to present you with such aberrations that are detrimental to CASL’s objectives, but I’m out of time allotted to your questions, but I will be sending you our various recommendations shortly. These suggestions will help to improve the effectiveness of CASL all the while simplifying compliance for businesses.
[1] https://marketingland.com/study-email-deliverability-getting-easier-100074
[2] https://digital.returnpath.com/wp-content/uploads/main/2017/08/08104850/2017-Deliverability-Benchmark.pdf
[3] file: /// C: /Users/plr/Downloads/UVL12406USEN.PDF
[4] file: /// C: /Users/plr/Downloads/UVL12406USEN.PDF
[5] file: /// C: /Users/plr/Downloads/UVL12406USEN.PDF
[6] http://blog.inboxmarketer.com/the-state-of-email-marketing-in-canada-2016