The Anti-Spam Act, Part 5 of 5: Challenges Going Forward

This last of 5 articles on the Anti-Spam Act will set out some of the questions and challenges going forward.

This is the last of a series of 5 articles that will introduce the Act, describe what spam is and is not, talk about collateral provisions, what we can do now, and some of the challenges going forward.

As I said in the first article, if you think the Act won’t affect you because you don’t send mass emails trying to sell random products, and don’t infest other people’s computers with spyware, you would be wrong. It creates tools to fight spam, but unfortunately defines spam so broadly that it will affect how most of us conduct business. The definition of spam is so broad that goes far beyond what the average person would consider to be spam.

My personal view is that this Act is fundamentally flawed. Creating tools to combat spam such as emails sent out by the thousands to try to sell drugs would be welcome by most people. But this Act defines as spam things that most of us would consider innocuous, and indeed perhaps desirable. For example, if you and I meet at an event, it may be spam if afterwards one of us sends an email to the other suggesting that we should talk further about our respective services.

The Act’s biggest impact will be the compliance headache it will cause to the average business or charity that is caught by the Act.

For many, obtaining and tracking explicit consent will be the best approach. That is easier said than done, because opt-out (“toggling” in CRTC parlance) is not allowed, and response rates requiring a positive step are usually low. And after the Act is in force, even sending an email requesting consent is considered spam and must be done under an exception.

We can expect to see a deluge of emails before the Act comes into force asking for permission.

Concern has been expressed that its negative effects and compliance burden on typical businesses and charities are far too onerous. It has the potential to impede e-commerce and leave Canada behind in the use of electronic messaging going forward. Organizations cannot afford to ignore the Act. Just one email sent to one person can be spam. Even though a business or charity may not be sending spam as that term is generally understood, the potential penalties are too severe to take chances.

As we have seen, the Act is long and complex, and is open to interpretation in many aspects. The fact that the CRTC bulletins interpret some things in ways that go beyond what many of us think the Act provides for is testament to that. Indeed, some comments by CRTC staff seem contrary to written Industry Canada provisions.

The practical ramifications of the Act do not always seem logical or simple to determine.

Consider for example buying a car, where no express consent for future communications is obtained. Does the 2 year rule (the definition of existing business relationship says it lasts 2 years from the latest transaction) start running when I buy the car if I buy it, but not until the lease is over if I lease it? Does the fact that the lease is with a financial institution rather than the dealer mean the finance company’s 2 years starts when the lease expires, but the car dealers starts when I acquire the car? Does the 2 year period of the dealer start to run again every time I bring the car in for service? Or does that just apply to communications regarding service, and not communications relating to a new car?

Another example to ponder is a press release. Those sending a press release will need to think about the purpose of the release, and who is on the recipient list. Is it being sent beyond traditional news services? Does the fact that a recipient has published their email address on their firm’s website mean that they can or cannot get the release depending on the content of the release? Does the fact, for example, that my email address is listed on my newspaper column mean I can be sent emails that could not be sent if my address was only on our firm web site? Does it make a difference that I may be listed somewhere on a list of journalists because I write a newspaper column? Does it make a difference if my address is disclosed on various social media platforms, such as facebook, linkedIn, twitter, or .tel? Is the sender going to have to analyze each recipient to see how they fit under the exemptions, or how their email address has been published?

Some of the issues to ponder going forward include the following.

  • One of the keys will be to figure out the boundaries of “commercial activity”. The inclusion of specific provisions relating to volunteers and donors for charities suggest that commercial activity may have a broader definition than one might contemplate.
  • Consider what the ramifications of the Act are in an era of convergence where messaging platforms are merging and in an era where mobile access to content and location based content is becoming more prevalent.
  • The definition of “electronic address” talks about “to an account”. It would be a reasonable interpretation that things like a direct message on twitter could fall into the definition of spam – but messages sent on social media that are not directed by the sender to specific accounts or individuals would not be considered spam. CRTC staff have commented that they are not considering social media, but the definitions in the Act are broad enough to impact it.
  • One of the exemptions is for sending warranty, safety or recall information. But the recipient can opt out from receiving such electronic messages – unless recall messages are required by law. If the buyer opts out – what is the vendor’s obligation if the buyer suffers because they were not aware?
  • How strictly will the Competition Act misleading advertising provisions be interpreted? For example, will email subject lines be judged on their own, or will they be judged in conjunction with the broader details within the message body?

Another issue is whether the Act is actually within the powers of Parliament to enact. Just over a year ago the Supreme Court of Canada ruled that the proposed federal Canadian Securities Act was ultra vires the federal government. In other words, they did not have the power to enact it as drafted, essentially because it attempted to regulate matters that are within provincial powers. Commentary has been written that draws parallels between the decision in that case and the Anti-Spam Act. It would not be a surprise to see someone take that position and try to have the entire Act declared invalid when faced with sanctions under the Act.

[1. Introduction] [2. The Definition and Treatment of Spam] [3. Other Things in the Act]
[4. Things We Can Do Now to Prepare] [5. Challenges Going Forward]


  1. David Collier-Brown

    The business community has concerns, some quite valid, about the new act limiting what they can do.

    The technical community, on the other hand, has the mirror-image concerns, about how *very* weak the act is, and how little can be done about intrusive advertisers.

    For example, if you are a salesperson at an event, and I talk to you, you should not be able to look me up in the attendees list and send me ads. If I did note explicitly give you my email address, you should have a licence to send me email for two years with impunity.

    If, on the other hand, you send me one email, specifically asking for permission to discuss business, then I’ll reply if I think you have something to offer, and you’re welcome to talk to me for the proverbial two years. Or more if I like your product.