Posts

Parliamentary Report: The Canadian Anti-Spam Law Is Here to Stay

/0 Comments/in , /by

The government must maintain and reinforce the application of the Canadian Anti-Spam Law (CASL), but it must also clarify vague notions of the Act and its regulations, as ascertained by the thirteen recommendations in the CANADA’S ANTI-SPAM LEGISLATION: CLARIFICATIONS ARE IN ORDER.

The report, recently published by the House of Commons Standing Committee on Industry, Science, and Technology cites forty-one expert testimonies with analyses from approximately thirty memoirs over the course of ten weeks.

CASL is effective

Despite highly polarized interventions between lobbyists and business lawyers, who described CASL as a catastrophic situation, and consumer representatives, who believe that the fines are insufficient, parliamentary members relied on information provided by Certimail to conclude that, despite the constraints, CASL offers a good balance between consumer protection and business competitiveness, but that aspects of the law require clarification.

CASL must change its name

The first and last recommendations of the Committee are to change the short name “Canadian Anti-Spam Law (CASL)” to “Electronic Commerce Protection Act (ECPA)”. Members noticed that many companies do not feel concerned by the Law because they are not aware that CASL governs all commercial electronic communications, and not just spam or email marketing.

CASL must be clarified

Recommendations 2 to 8 call on the government to clarify and detail certain elements of CASL and its regulations to ensure that non-profit businesses and organisations better understand what is allowed or not.

The elements that the Committee recommends to clarify are:

  • the definition of “commercial electronic messages
  • the status of administrative and transactional messages
  • the status of messages between companies
  • notions of implied and express consent
  • the definition “email address”
  • messages that are exempt to section 6.6 of the Act
  • management of referral messages
  • the application of the Law as it applies to charities and non-profits organisations

These clarifications of the Law and its regulations will address some of the vague regulations, but it does not or will not change the CRTC’s compliance requirements.

The CRTC must take care of small businesses

In its ninth recommendation, the Committee wants the CRTC to make a significant effort to raise awareness, particularly among small businesses. This recommendation is based on a thorough evaluation of the CRTC’s work. The Committee emphasized in the report that all stakeholders were unanimous in saying that the CRTC must review its awareness activities and guidance documents to ensure that they are sufficient and effective—(very happy to see that part of my intervention was even quoted directly in the report, page 14) —indicating that the compliance requirements are hidden on the CRTC’s website and are not even listed on the fightspam.gc.ca website. The CRTC is therefore invited to redouble its awareness-raising efforts, particularly with small businesses.

Postponement of Civil and Class Actions

The Committee considers that the Private Right of Action (PRA), which allows civil or class actions to be launched after receiving a non-compliant message, must be maintained but suspended pending clarification and awareness-raising efforts. The Committee’s tenth recommendation also suggests that the Government assess whether the damages that may be claimed in this regard should be demonstrated.

The CRTC’s cooperation with the RCMP

During their testimony before the Committee, the CRTC indicated that it is currently less limited in its dealings with authorities in other countries than with the RCMP and other Canadian security agencies. The Committee heard the message and dedicates its eleventh recommendation to fostering cooperation between the CRTC and police authorities across the country.

Transparency in complaints, investigations, and fines

The CRTC and government are encouraged to find ways to make the investigation and fine-setting process more transparent while promoting access to data on complaints received and trends in problems.

I was happy to read that Certimail’s contribution was quoted a dozen times in the report. This not only made me proud of my first lobbying experience but glad to have helped our MPs to understand SMBs’ reality in regard to email marketing and CASL compliance. Upon reading the recommendations, it’s clear that Certimail’s pragmatic approach has served the interests of our clients much better than the dogmatism of the official lobbies like CFIB and Canadian Chamber of Commerce, that don’t really seem to know and understand the undertakings of being compliant or even email marketing at all.

 

15 Recommendations to Strengthen and Simplify CASL

/0 Comments/in , /by

Following our testimony before the Standing Committee on Industry, Science and Technology of the House of Commons, and the rich and numerous exchanges we had with members of Parliament during the question period, we published a brief containing a series of recommendations to be taken into account in their review process of the Canadian Anti-Spam Law.

Here are the 15  recommendations that you can also download in its original PDF format:

—–

This brief presents a series of recommendations to supplement the presentation given by our president, Philippe Le Roux, at the Committee’s 79th meeting. The following recommendations support two main objectives:

  • Enhance the benefits of Canada’s anti-spam legislation (CASL) for consumers and businesses
  • Facilitate CASL compliance for businesses

1) Educate consumers about CASL

Consumers are aware of CASL’s existence, but they are not aware of the primary rules regarding consent. As a result, many complaints are being filed about messages that are fully compliant with the regulatory requirements but perceived by certain recipients as unsolicited. This places an unnecessary burden on enforcement agencies and creates needless friction between businesses and consumers.

R1: We recommend that a CASL education and outreach campaign be launched across the country to educate consumers about the kinds of messages and situations that are regulated as well as the defence mechanisms available, such as the Spam Reporting Centre (SRC) and the private right of action.

2) Educate businesses about CASL compliance

The main obstacle to CASL compliance is total or partial ignorance of the regulatory requirements. The latest studies show that less than 20% of Canadian businesses know that a compliance program is needed to make use of the due diligence defence. For small and medium enterprises, which account for 97% of Canadian businesses, this falls to less than 5%.

R2: We recommend that a campaign be launched to educate small businesses about the many regulatory requirements and the importance of compliance programs. This campaign should be carried out in cooperation with agencies that deal with small businesses, such as chambers of commerce, industry associations, and advocacy organizations such as the Canadian Federation of Independent Business (CFIB).

R3: We also recommend that the CRTC produce CASL awareness webinars based on the conferences given by the investigations and compliance team during the awareness campaign last spring in Toronto, and that these webinars be posted on its fightspam.gc.ca site.

3) Improve the fightspam.gc.ca website

The authoritative website for information about CASL is only updated a few times a year, leaving the perception that it is not really a topic of concern for businesses. As well, the site does not provide an objective-based user experience, but instead presents categories of information, making it very difficult for an inexperienced user to find what they are looking for. Lastly, the site hides the regulatory requirements for recordkeeping, the basis for most fines.

R4: We recommend that the fightspam.gc.ca website be redesigned based on a dual architecture: one section educating consumers about how CASL protects them, how to determine whether or not a message is compliant, and the various courses of action available if they receive a non-compliant message; and another section educating businesses about the requirements and the CRTC’s interpretations with respect to compliance.

4) Remove uncertainty surrounding the most common issues

During its two appearances before the Committee, the CRTC referred to some of the directives it has released over the past three years. We have identified about 100 common compliance issues affecting small businesses. The CRTC is clearly too slow to release information, adding stress and a needless burden on companies that wish to comply.

As well, the CRTC’s published decisions show that in each case, it has taken a narrow interpretation of CASL, each time creating an unreasonable requirement for small businesses that wish to comply. This way of dealing with businesses that make honest mistakes discourages small businesses from investing in compliance.

R5: We recommend that the CRTC establish an advisory committee made up of key stakeholders (consumer advocates, legal experts, email marketing experts, compliance experts) to identify and analyze the most common compliance issues and quickly release its compliance requirements and guides on these issues, in line with the advisory committee’s recommendations.

5) Oversee compliance services

CASL compliance service providers such as Certimail, Newport Thomson, AAM, Deloitte and KPMG are strategic allies for the CRTC in encouraging Canadian businesses to develop documented compliance programs. Despite our very limited resources, this year Certimail has educated more small businesses in Quebec than the CRTC has across Canada.

Companies would be more motivated to invest in a compliance program if they were assured that these programs are effective, which is not currently the case.

R6: We recommend that the CRTC publish codes of conduct that oversee, recognize and endorse industry-developed compliance programs, as is the case with the GDPR in Europe.

6) Range of fines

It is surprising that Canada’s biggest spammer, Compu-Finder, which generated up to 25% of the complaints filed with the CRTC at the time of investigation and consistently refused to cooperate throughout the process, was fined the same amount as Rogers Media, which acted in good faith and fully cooperated during the investigation.

As well, threatening a small business of 10–30 employees with $10 million in fines appears to be so disconnected from the reality of these businesses that they do not take CASL and its enforcement seriously and are not motivated to comply.

Although the $10 million cap needs to stay in place so that fines continue to serve as a deterrent and prevent multinationals from seeing fines as simply a cost of doing business, a graduated range of fines depending on the business, the offence and the context would make the threat more real and therefore more effective.

R7: We recommend that the CRTC set a range of fines taking into account the size of the business, its annual revenues, the number of complaints received, the seriousness of the offence, the intent and past history of the business. A minimum and maximum fine for each offence category could be set.

7) Private right of action (PRA)

As long as the number of fines remains negligible compared to the number of complaints (6 vs. 1.1 million), consumers and businesses need another avenue to protect their rights.

The PRA has a deterrence power that the CRTC has not been able to obtain in three years. We received 10 times the number of requests for information on compliance in spring 2017 than in spring 2014. This number plunged immediately following the government’s June 7 announcement that the measure was being postponed.

R8: We recommend that implementation of the private right of action be announced quickly with a deadline of July 1, 2018, so that businesses can be educated about the above recommended compliance requirements.

8) Limit withdrawals to the reference entity

The CRTC is currently interpreting “withdrawal of consent” more broadly than the consent itself. The following is an example given by the CRTC during a recent presentation in Toronto. If a consumer signs up for newsletters from Dove (a Johnson & Johnson brand), Johnson & Johnson cannot send that consumer commercial email messages (CEMs) about its other brands. However, if the consumer withdraws consent, by default this withdrawal must be applied to all CEMs sent by Johnson & Johnson, including those pertaining to brands for which there may be implicit or explicit consent, even though the consumer may not be aware that both brands belong to the same company.

R9: We recommend that withdrawal be limited to the brand in question, not the parent company’s entire line of brands, whose existence and breadth may be unknown to consumers

9) Transactional and service messages

Under section 6.6, transactional and service messages that do not require consent must now include withdrawal mechanisms, which imposes a burden on companies and creates confusion and frustration for consumers who receive them.

R10: We recommend that section 6.6 be simply repealed so that only identification information is required in such messages.

10) Differentiating the various types of commercial electronic messages

Currently, virtually all CEMs fit into three categories:

  • batch messages
  • automated marketing messages sent individually, but without human intervention
  • individual messages written and sent explicitly by someone for each mail out

However, CASL provides that, by default, withdrawal of consent in response to any of these messages must be interpreted as a withdrawal of consent for all commercial electronic messages of all types.

R11: We recommend that CASL be amended to reflect these different message categories and that the regulatory requirements take them into account, such as by limiting the scope of withdrawals to the category of message that initiated the withdrawal request by default.

11) Expand complaint forms and make them public

The current complaint form does not allow complainants to provide additional context when filing a complaint. This is extremely frustrating for some consumers, and it deprives investigators of information that could help validate and process complaints.

Furthermore, the SRC is a black box, and this lack of transparency is very frustrating to consumers who want to know if they are the only ones complaining about a company, and to companies interested in finding out how many complaints have been filed against them.

R12: We recommend that the complaint form be expanded to include fields that allow complainants to provide context about the offending messages, and that the complaints index be made accessible through an open data file as well as a web interface allowing searches on multiple criteria, including company names and brands. Of course, this information would be accompanied by a notice indicating the basis of the complaint has not been validated.

12) Speed up investigations to keep up with complaints

With just under 500 investigations and six fines issued in three years over more than 1.1 million complaints, the CRTC is leaving the impression that there is practically zero chance of getting caught. In fact, small businesses see CASL as little more than a game of Russian roulette with six bullets in a revolver with 1 million blanks, rather than a set of regulations that apply to everyone.

R13: We recommend that the CRTC develop mechanisms to automate complaint analysis and processing combined with a graduated range of fines to reduce the investigation workload required for each case.

R 14: We also recommend that companies subject to a first validated complaint receive a warning letter to raise awareness and to inform them that they could face investigations or fines.

13) Promote the benefits of CASL

Not only has CASL resulted in a sharp drop in spam in Canada, but it has also had a positive impact on the effectiveness of email marketing. The email marketing performance of Canadian companies has increased over 20% since CASL came into force. Promoting the competitive advantage of CASL compliance will help the government motivate businesses.

R15: We recommend that the government launch an education campaign about the effectiveness of email marketing when it complies with CASL best practices. This will allow companies to see the cost of compliance as an investment in marketing.

Those are our main recommendations based on four years working with dozens of small businesses of all sizes and in all fields to ensure they are compliant, as well as on over 20 years of expertise in effective email marketing. We are available to the Committee and its members to discuss these recommendations in greater detail.