In June, Canada’s Minister of Industry and Commerce tabled Bill C-28, the Fighting Internet and Wireless Spam Act, which will introduce measures to address problems of unsolicited commercial emails (spam), phishing, spyware and malware. In all important respects, this Bill mirrors Bill C-27, which died on the order table when Parliament was prorogued last year.
The measures regulating commercial emails, if passed, will significantly affect Internet marketing efforts of Canadian companies. Here are some of the highlights of these measures.
Bill C-28 would prohibit sending commercial electronic messages to an electronic address by means of a computer system located in Canada without the recipient’s prior consent. The prohibition would cover all forms of telecommunication, including email, instant messaging and telephone, and all forms of messages, including text, sound, voice or image. A “commercial electronic message” is one designed to encourage participation in a “commercial activity”. An electronic message that contains a request for consent to send a commercial electronic message would itself be a commercial electronic message.
Consent may be express or implied. Express consent must be obtained in clear and simple language that describes the purposes for which the consent is sought, identifies the person seeking the consent and, where applicable, the person on whose behalf consent is sought.
The Bill would deem implied consent to have been given where there is an “existing business relationship” between the recipient and the sender. The Bill provides that an existing business relationship arises, among other things, from the recipient’s purchase or lease from the sender of a product, good or service within two years preceding the message. It would also arise where a contract is entered into between the recipient and the sender or the recipient accepts a business, investment or gaming offer within two years preceding the commercial electronic message, or where the recipient had made an inquiry or application to the sender within the six-month period preceding the commercial electronic message. Implied consent would also exist where a person discloses his email address to the sender or conspicuously publishes it without specifying that he does not wish to receive spam and where the message relates to his business or employment activities.
There are a few, limited circumstances where consent would not be required.
^Back to top
Mandatory unsubscribe mechanism
Commercial electronic messages would have to contain an unsubscribe mechanism.
The mechanism would have to allow the recipient to unsubscribe using the same electronic means by which the message was sent or, if that is impracticable, another electronic means by which an unsubscribe directive can be given. As well, a link to a website or an electronic address accessible with a browser would have to be provided where the recipient could unsubscribe. A commercial electronic message that failed to comply with this and other specified requirements would violate the law as soon as its transmission was initiated, whether or not the message was actually received.
^Back to top
Private right of action
A private right of action would be created for persons affected by contraventions of Bill C-28. Applications exercising a private right of action could be made to the Federal Court of Canada or the superior court of a province. Upon demonstrating a violation of Bill C-28, an applicant would be entitled to compensation for damages suffered as a result of the violation and, depending on the specific violation, a maximum of $200 for each contravention, not exceeding $1,000,000 for each day on which one or more contraventions occurred.
^Back to top
Bill C-28 and protection of personal information
Bill C-28 would also amend the Personal Information Protection and Electronic Documents Act (“PIPEDA”) by adding to it provisions which would prohibit collecting an individual's electronic address using a computer program designed for that purpose, collecting personal information through unauthorized access to a computer system, and using such illegally collected information. The private right of action created by Bill C-28 would apply to these new prohibitions, thus adding teeth to PIPEDA which, since its enactment, has provided for only one remedy-a complaint to the Privacy Commissioner’s office. These new prohibitions stand to have consequences for merchants who use the Internet as a tool to mine data on consumer habits and interests in order to target direct advertising.
^Back to top
How to prepare
Canadian companies need to begin a review of their email and Internet marketing strategies with a view to combining governance and technical measures to ensure that only clients or potential clients with whom there is either a pre-existing relationship, as defined in Bill C-28, or from whom there is specific consent, are targeted in email communications. They also need to ensure that clients receiving these messages are provided with opt-out mechanisms that comply with the proposed legislation.
^Back to top
The purpose of this publication is to provide information as to developments in the law. It does not contain a full analysis of the law nor does it constitute an opinion of Norton Rose OR LLP on the points of law discussed.
No individual who is a member, partner, shareholder, director, employee or consultant of, in or to any constituent part of Norton Rose Group (whether or not such individual is described as a “partner”) accepts or assumes responsibility, or has any liability, to any person in respect of this publication. Any reference to a partner means a member of, as the case may be, Norton Rose LLP or Norton Rose Australia or Norton Rose OR LLP or Norton Rose South Africa (incorporated as Deneys Reitz Inc) or a consultant or employee of Norton Rose LLP or Norton Rose Australia or Norton Rose OR LLP or Norton Rose South Africa (incorporated as Deneys Reitz Inc) or one of their respective affiliates with equivalent standing and qualifications.