Site icon IT World Canada

Ottawa releases second set of antispam regulations

Industry Canada has released its second version of proposed regulations for Canada’s dormant antispam legislation, which supporters hope will lead to the law finally going into force.

But it isn’t clear if the latest draft, released late last week, will be the final word or when the law will become live.

There are those like University of Ottawa law professor Michal Geist, who says the new draft includes “several significant loopholes and exceptions that undermine the effectiveness of the law.

On the other side are those like Ottawa lawyer Shaun Brown, who acts for a number organizations and service providers, and says new changes have improved the regs for businesses that send commercial email.
Read the new proposed regulations

Officially called electronic commerce protection regulations, the definitions will be used to interpret terms in the Canada Anti-spam Legislation (CASL), which was passed by Parliament in December, 2010. That act hasn’t been proclaimed as law, however, because of wrangling over the regs.

Organizations and individuals have until Feb. 4 to send comments to the government on the proposed regulations. The government’s timetable after that depends on whether it is persuaded the regs are good enough, need minor tweaking or a major overhaul.

CASL may or may not have an effect on the spam that comes into your mailbox or the malware attempting to attack your PC. Basically, it prohibits the sending of damaging and deceptive spam, spyware and other network threats from within Canada. As far as commercial email messages, it demands businesses have permission to send a person email unless there is a prior relationship.

It will be enforced by the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Federal Privacy Commissioner.
 
RELATED CONTENT
CASL and your inbox
Canada’s antispam enforcer ready to fight
No spam permission tricks, says CRTC
 
In interviews Thursday, Brown and Geist differed sharply on two of the proposed changes:

–Defining ‘personal relationships’
The law exempts commercial email between family members and those involved in personal relationships from needing consent from the sender. The definition of a family was copied from the Income Tax Act, but “personal relationship” had to be defined.

The regs specify that covers people who have had “direct, voluntary two-way communications,” and who share interests, opinions and certain other factors — unless the recipient has indicated they don’t want to receive messages from the sender.

This, Brown says, is a flexible definition that doesn’t leave loopholes for spammers.

But Geist said it is so broad that messages such as social media alerts for Facebook ‘likes’ will be exempted.

–Third-party referrals
The new regs says CASL doesn’t apply to the first commercial email sent to a person through a referral – think of a new home buyer who wants to refer a real estate broker to a friend. Brown says this change will be a boon for consultants and small businesses, allowing, for example, the broker to email a potential customer. He called it a “very positive change.”

But Geist said the exemption is unnecessary. If the home buyer wants to give a referral, it should go to the friend and not the broker. Current law covers this, he said.

This exemption will “open the door” to unwanted email messages, he argues. “This particular exemption feels like a re-writing of the law.”

Other proposed changes include broadening the exemption for messages sent between organizations, and allowing telecommunications providers to install software without consent on consumer devices to “prevent activities that the telecommunications service provider reasonably believes are in contravention of an Act of Parliament and which present an imminent risk to the security of its network.”

Brown disagrees with Geist that the new proposed regulations are full of loopholes. “These are reasonable allowances that are based on consultations with industry,” he said, “to allow for reasonable business practices which the law would inadvertently hamper.”

But Geist says the real issue is whether businesses should be required to get express consent from each individual it sends commercial messages to.

“There is no need for an exception if you’ve obtained consent,” he argues.

But he suspects the business community wants to avoid that “because there’s a genuine fear a lot of people will say no.”

Exit mobile version