Canadian Anti-Spam Law of 2010: Legislative Background
In May 2004, the Canadian Minister of Industry announced the establishment of a private-sector "Task Force on Spam," chaired by the Canadian Department of Industry ("Industry Canada"), to investigate solutions to the increasing problem of spam email. See Industry Canada, An Anti-Spam Action Plan for Canada (May 2004), at 2. The Anti-Spam Action Plan for Canada published by the Task Force as part of this 2004 announcement described the growing problem of spam email - focusing particularly on the costs spam imposes on internet service providers, businesses, and consumers - and offered the following six-point stakeholder consensus plan for addressing the problem:
- As much as possible, make use of existing legal frameworks possessing the capacity to address spam-related problems (identifying Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), Privacy Commissioner, Criminal Code, and Competition Act as being among such legal frameworks);
- Review current legislative, regulatory, and enforcement measures to see where these might be strengthened or altered to better address spam-related problems;
- Encourage network management practices and industry best-practice principles that can help prevent spam-related problems;
- Encourage the development of technologies with the capacity to validate legitimate commercial email;
- Encourage businesses with direct consumer involvement to expend resources and effort in consumer education and awareness about spam-related problems; and
- Support global anti-spam initiatives, such as those ongoing under the auspices of the Organization for Economic Cooperation and Development (OECD), the Asia-Pacific Economic Cooperation (APEC) forum, and the Global Business Dialog on Electronic Commerce (GBDe).
Over the course of the next year, the Task Force created an Online Public Consultation Forum, solicited public comments through announcements published in the Canada Gazette, and convened a Roundtable Meeting with Key Stakeholders.
In May 2005, the Task Force fulfilled its mandate by publishing a report, "Stopping Spam: Creating a Stronger, Safer Internet," detailing the activities of the Task Force, appending additional background information, and recommending future action to address spam-related problems. See Industry Canada, Stopping Spam: Creating a Stronger, Safer Internet (May 2005), at 2. Affirming the basic outlines of the Action Plan proposed in 2004, the Task Force described a number of lessons learned in the course of its investigation, including:
- The need for a "multifaceted, multistakeholder approach": clear laws, new laws to fill gaps in existing law, strong penalties, and vigorous enforcement, all coordinated within an overarching legal framework that also facilitates the development of sound business practices, consumer awareness, public education, and international cooperation;
- The importance of communication and coordination among different stakeholder groups involved in the fight against spam; and
- The need to treat anti-spam efforts as part of a broader, comprehensive effort to proactively address threats to internet-based communication and commerce.
See id. at 2-3. Noting the spread of spam-related threats to new technologies, such as instant messaging and wireless communications, the Task Force recommended "Legislation, Regulation, and Enforcement" along the following lines:
- A "clear set of rules to prohibit spam and other emerging threats to the safety and security of the Internet (e.g. botnets, spyware, keylogging)";
- Requirement of an "opt-in regime" for spam (i.e. a requirement that recipients must have indicated consent before spam emails may permissibly be sent);
- Prohibition of "the use of false or misleading headers or subject lines (i.e. false transmission information) designed to disguise the origins, purpose or contents of an email, whether the purpose is to mislead recipients or to evade technological filters";
- Prohibition of "the construction of false or misleading URLs and websites for the purpose of collecting personal information under false pretences or engaging in criminal conduct";
- Prohibition of email address harvesting, as well as the "supply, use or acquisition" of harvested email lists;
- Prohibition of "dictionary attacks";
- A scale of penalties, ranging from ordinary tort-based civil liability, to strict liability, and finally criminal liability for egregious or repeated offences;
- A private right of action for individuals and corporations, with "meaningful" statutory damages;
- Liability for third parties benefited by spam, particularly businesses whose products and services are being promoted through the use of spam;
- Administration of a new stand-alone law, undertaken by the Minister of Industry with support by a regulatory body charged with policy oversight and coordination, public education, and support to existing enforcement agencies;
- Priority and resources for administration and enforcement from the Canadian Federal Government;
- Coordinated enforcement with Canadian Provincial and Territorial Government enforcement agencies, as well as with other countries' enforcement agencies; and
- Examination and amendment of existing law to ensure effective capacities for "seamless international cooperative investigation and enforcement action."
See id. at 3-4. Additional recommendations included best practices guidelines for internet service providers and other network operators, best practices for email marketing, recommendations for consumer education and international cooperation, and the recommendation that a regulatory body be established with capacities to coordinate spam-related policy, administration, education, monitoring, and enforcement under the Minister of Industry. See id. at 4-5.
Following these Task Force reports and activities, a number of efforts were made to pass legislation consistent with the recommendations. See Library of Parliament Legislative Summary, Pub. No. 40-3-C28-E (Feb. 4, 2011), at 1-2. These efforts were finally met with success in December 2010, when Bill C-28 (the Canadian Anti-Spam Law) was enacted.