The Canadian government introduced two important new bills yesterday. Bill C-29 amends PIPEDA – I’ll leave commentary on that to David Fraser.
Bill C-28 is the “Fighting Internet and Wireless Spam Act” or FISA. It is essentially the same as the “Electronic Commerce Protection Act” that was proposed previously. Here is Industry Canada’s news release, and the bill itself.
It targets the sending of what we would typically call spam, or unwanted commercial email, as well as spyware and phishing.
From the news release:
The proposed FISA is intended to deter the most damaging and deceptive forms of spam, such as identity theft, phishing and spyware, from occurring in Canada and to help drive spammers out of Canada.
The proposed FISA legislation provides a comprehensive regulatory regime that uses economic disincentives to protect electronic commerce and is modelled on international best practices. To enforce the legislation, the bill would use the expertise, and expand the mandates, of the three enforcement agencies: the Canadian Radio-television and Telecommunications Commission, Competition Bureau Canada and the Office of the Privacy Commissioner of Canada.
Industry Canada will act as a national coordinating body to increase consumer and business awareness and education, to further coordinate work with the private sector and to conduct research and intelligence gathering.
The bill is quite long and detailed. Monetary penalties are significant ($1 million for individuals, $10 million for businesses). A private right of action will allow anyone to take civil action against violators.
The bill essentially defines spam as a commercial message sent via email, IM, phone, or similar method. Sending spam is prohibited unless the recipient has consented, and the message contains certain prescribed information identifying the sender and how to unsubscribe.
That definition is extremely broad, and would capture things no one would consider spam – so it goes on to describe several exceptions, such as providing requested information, or warranty or product recall information, or where there is a specifically defined “existing business relationship”.
One thing I find interesting is that the volume of the messages does not seem to be important. In other words, 1 email or text message to 1 recipient can be considered spam.
One of the exceptions is a message “that is sent by or on behalf of an individual to another individual with whom they have a personal or family relationship, as defined in the regulations."
The bill clearly applies to what we all call spam. Hopefully it will be an effective tool to help reduce spam that comes from Canada.
We can't, though, simply think that the bill only applies to spamers, and that we don't have to pay attention to it.
We will have to consider carefully how it applies to what we as lawyers and our clients do that will be caught by this. To some extent, the regulations will be important. For example, will a “personal relationship” include a situation where I meet someone at a social or networking event or meeting who might be a potential client, and then follow up later with an email to that person?
When the bill gets passed (from what I’ve seen there is a good chance it will be), and the regulations get drafted, we will have to take some time to figure out in more detail how this affects things that well intentioned businesses (and lawyers) do that they don’t consider to be spam.