Vol. 145, No. 28 — July 9, 2011
ARCHIVED — Electronic Commerce Protection Regulations
An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act
Department of Industry
(This statement is not part of the Regulations.)
Issue: These Regulations address the need to provide clarity and legal certainty to some key terms used in An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (the “Anti-spam Legislation”) in order to effectively combat spam and related online threats in Canada.
Description: The Regulations are administrative in nature, providing definitions for terms used in the Act. The proposed Regulations specify the meaning of personal relationship and family relationship for the purposes of the Anti-spam Legislation. With respect to obtaining consent to receive messages from unknown third parties, the Regulations define the specific conditions under which consent would be considered valid and additional requirements for the unsubscribe mechanism. These requirements are, however, no more onerous than industry best practices for email marketers. Finally, the proposed Regulations specify the meaning of membership, club, association, and voluntary organization in order to provide further clarity to those terms within the legislation.
Cost-benefit statement: While the Act is expected to generate significant net benefits to Canadians by reducing the costs that spam imposes throughout the economy, the incremental effects of the proposed Regulations, above and beyond the Act, are expected to be minimal.
Business and consumer impacts: There will be negligible impacts on businesses and consumers related specifically to these Regulations. Consumers will generally benefit, while businesses involved in Internet marketing may incur some initial and ongoing costs to comply with the definition of consent for third-party email.
Domestic and international coordination and cooperation: No specific domestic or international coordination and cooperation efforts were undertaken, given the narrow scope and simple administrative nature of these Regulations.
Unsolicited commercial electronic messages — known as “spam” — have become a significant social and economic issue, and a drain on the business and personal productivity of Canadians. Spam now makes up over 80% of global email traffic, imposing significant costs on businesses and consumers. Spam impedes the efficient use of electronic messages for personal and business communications and threatens the growth and acceptance of legitimate e-commerce.
The growing volume of spam is a well-recognized pricing factor for companies that provide facilities for Internet services. This cost is ultimately paid for by organizations and businesses that use electronic communications for the conduct of their business. It is also paid for through the service charges paid by personal users who communicate through the Internet with family, friends and others.
In addition to imposing a cost burden, spam is now undermining the reliability of electronic message networks for business users. It also threatens consumer confidence in the online marketplace. Because of this, the potential for information and communications technology to buttress productivity and the ability of e-commerce to attract investment, create jobs, and enrich our lives are now constrained by spam.
More specifically, these Regulations address the need to provide clarity and legal certainty to some key terms used in the Anti-spam Legislation in order to effectively combat spam and related threats in Canada.
The Anti-spam Legislation was enacted to encourage the growth of electronic commerce by ensuring business confidence and consumer trust in the online marketplace. To do so, the Act prohibits damaging and deceptive spam, spyware, malicious code, botnets, and other related network threats.
Subsection 64(1) of the Anti-spam Legislation identifies a list of matters to be addressed by the Governor in Council through regulations, particularly definitions of key terms. The objective of these proposed Regulations is to avoid legal uncertainty when interpreting key terms in the anti-spam provisions of the Act.
The Anti-spam Legislation provides a clear regulatory scheme with respect to both spam and related threats from unsolicited electronic contact, including identity theft, phishing, spyware, viruses, and botnets. It also grants an additional right of civil action to businesses and consumers targeted by the perpetrators of such activities. The overall purpose of the Act is to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of e-commerce by
- impairing the availability, reliability, efficiency and optimal use of e-commerce;
- imposing additional costs on businesses and consumers;
- compromising the privacy and security of confidential information; and
- undermining the confidence of Canadians in using e-commerce for commercial activities at home and abroad.
The sending of unsolicited commercial electronic messages is a violation under the Act, unless there is express or implied consent from the recipient. Exceptions include messages sent between those who have a “personal or family relationship,” and any message sent to someone engaged in a commercial activity that is solely an inquiry or application relating to that activity.
The proposed Electronic Commerce Protection Regulations include regulations under three separate regulatory powers in the Act. The first element of the Regulations stipulates that the term “personal relationship” is intended to refer only to those situations where an individual has met with the person to whom the message is sent in a non-business context, and where there is evidence of non-commercial communication between the individuals within the previous two years. In addition, the proposed Regulations define “family relationship” for the purposes of the Anti-spam Legislation to be in keeping with definitions in the Income Tax Act. It also specifies that it is intended to refer to persons descending from a common grandparent, including aunts, uncles, cousins, nieces, and nephews. Defining the meaning of “personal relationship” and “family relationship” will provide legal certainty as to which relationships will be excepted from the anti-spam provisions of the Act. The terms are clearly defined in order to establish limits and avoid legal uncertainty and ambiguity. This is necessary to prevent potential spammers from exploiting these concepts in order to send electronic messages without consent and to help legitimate businesses comply with the law.
Express consent under the Anti-spam Legislation means that commercial communication may not take place unless the person or corporation in question first consents to be contacted. Implied consent means that commercial communication may take place with persons or corporations under circumstances where it can be deemed that they might be interested, but the recipients of the communication must be able to “opt out” of such communication. The Act specifies that any commercial electronic message sent must identify the person who sent the message and the person on whose behalf it is sent, provide accurate contact information for these parties, and set out an unsubscribe mechanism.
The second element of the Regulations states that consent to receive messages from a third party is only valid if the individual providing consent will have the ability to unsubscribe to the message, and by the same means be able to alert the original requester that their consent is withdrawn. The Regulations further provide that when consent to receive messages from a third party has been withdrawn by the individual, the original requestor must notify each third party to whom the consent was provided that it was withdrawn. The purpose of the Regulations is to ensure that the person who obtains consent on behalf of an unidentified third party remains responsible for ensuring that the person who gave consent has an effective means of withdrawing consent. Specifying the conditions under which consent to receive unsolicited commercial electronic messages can be forwarded to third parties provides individuals with further control over the use of their electronic addresses. This will ultimately result in a reduction in the volume of unsolicited messages that individuals will receive.
Under the Act, implied consent is assumed in cases where there is an “existing business relationship” or an “existing non-business relationship” between the sender and the recipient. Subsections 10(10) and 10(13) provide a detailed definition of what constitutes each type of relationship. In the absence of either of these relationships, express consent must be sought for sending any unsolicited commercial electronic messages.
The third element of the proposed Regulations will provide further clarity to the meaning of “existing non-business relationship” in the Act. The proposed Regulations define “membership” as having applied for, met the formal requirements to belong to an organization, paid any fees required to belong to an organization, and having been accepted as a member in accordance with the membership requirements of the organization. The proposed Regulations define “club,” “association” or “voluntary organization” as a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any other purpose than profit, if no part of the income of which was payable to, or otherwise available for the personal benefit of any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is an organization the primary purpose of which is the promotion of amateur athletics in Canada. These terms must be clearly defined in order to establish limits and avoid legal uncertainty when interpreting the anti-spam provisions of the Act. This is necessary to prevent potential spammers from exploiting this concept in order to send electronic messages without consent and to help legitimate businesses comply with the law.
Regulatory and non-regulatory options considered
The Task Force on Spam considered a range of possible regulatory arrangements, including “co-regulatory” approaches, voluntary cooperation and industry peer pressure to fight spam. Ultimately, the Act responds to the Task Force’s recommendations that the government should play no role in dictating specific technical solutions, and that the legislative ground rules be technology-neutral.
Within this context, the proposed Regulations are essentially administrative in nature, and were developed under 64(1) of the Act to provide legal certainty in interpreting key terms in the anti-spam provisions of the Act. No non-regulatory options were considered for defining these terms for the purposes of implementing the Act.
Benefits and costs
Context: Estimating the costs of spam
In just a few years, unsolicited commercial messages, now generally known as “spam,” has gone from being a minor nuisance to becoming a significant social and economic issue, a drain on the business and personal productivity of Canadians, and a cloak for criminal activity. Spam impedes the efficient use of the Internet for personal and business communications, and threatens the growth and acceptance of legitimate electronic commerce. (see footnote 1)
This cost is ultimately paid for by organizations and businesses that use electronic communications to conduct their business. It is also paid for by personal users who communicate through the Internet with family, friends and others: The costs of spam fall on a wide range of actors, including
- internet service providers (ISPs) and other network operators (e.g. large enterprise users, universities, government departments), who must invest in the technical, financial and human resources needed to deploy anti-spam technologies, at the expense of investments in new or improved services, and who must allocate resources to respond to customer complaints;
- legitimate commercial e-mailers and other users of email services whose messages get filtered out by anti-spam technologies before they reach their intended recipients; and
- private and public sector organizations, whose employees waste time dealing with spam sent to their business email addresses.
Ultimately, all of these costs fall directly or indirectly on consumers and Internet end-users, who must cover the costs of fighting spam not only by purchasing Internet security software, but also by foregoing other kinds of service improvements and paying higher prices for online products.
While the overall volume of spam has risen considerably throughout the past decade, the nature of the spam threat continues to evolve. Improved filtering techniques and other anti-spam safeguards adopted by ISPs and consumers have helped to somewhat reduce the number of spam messages that are reaching the mailboxes of individual Internet users.
More significantly, there is evidence that even if the volume of traditional spam were to decline, the incidence of new threats posed by mutations of spam would still clearly be on the rise. These broader threats to Internet security include spyware, viruses, phishing and botnets, to name a few. The new mutations of spam undermine consumer confidence in the Internet as a platform for commerce and communications. Because of this, the potential of information and communications technology to buttress productivity, and the ability of electronic commerce to attract investment, create jobs and enrich our lives, is constrained not only by the volume of spam, but by the deceptive, fraudulent and malicious activities that sometimes accompany it.
According to the OECD, (see footnote 2) Internet users incur a direct cost resulting from the time spent consulting, identifying and deleting unwanted messages. In addition, they are concerned about the reliability of communications and the content of spam messages. For professional and business users, spam represents a loss of productivity, and imposes direct costs by increasing the need for technical support and software solutions such as filters. Spam imposes more general societal costs by reducing the reliability of email as a communication tool (legitimate messages can be blocked by filters or be lost among a large number of unsolicited emails), and threatening the security of a company’s internal network. The other major victims of spam are ISPs and other network operators, which process emails.
The actual cost of spam is difficult to calculate, as some of the damages are only indirect, and whether and how to value the time of private individuals is controversial. In addition, the fraudulent nature of spam, or the malware carried by spam messages, can result in more significant financial damages to users and companies. Unwanted messages create problems and additional costs to users not only in OECD countries, but also in developing and least developed economies. The latter have a less extensive Internet infrastructure, and often have relatively less available bandwidth. Individuals in developing economies often access Internet through dial-up connections, or from community access points, such as cybercafés, where the user pays on the basis of the time spent online. Under these conditions, it is easy to see how spam takes up a valuable part of the already limited resources, increases the cost of Internet access, and reduces the quality of service.
Incremental impacts of the proposed Regulations
It is ultimately not possible to quantify and monetize the full range of costs and benefits attributable to the proposed Regulations, and as such it is also not possible to take into account the broader socioeconomic benefits of the full range of elements of Canada’s new Anti-spam Legislation. However, it is worth noting that these Regulations are consistent with the principles and consent regime in the Act. The analysis will show how these proposed Regulations affect the Canadian online marketing environment.
The baseline or current situation used to assess the potential costs and benefits of the proposed Regulations are the requirements already established under the Anti-spam Legislation.
The incremental effects of the proposed Regulations, above and beyond the Act, are expected to be minimal. The Act and accompanying Regulations are expected to generate significant net benefits to Canadians by reducing the costs that spam imposes throughout the economy. The proposed Regulations are administrative in nature, adding clarity and certainty to specific sections of the Act. A brief qualitative description of the potential incremental costs and benefits of the proposed Regulations to various market participants is provided below.
Business marketing impacts
The Canadian Marketing Association (CMA) estimates the Internet marketing industry in Canada to be worth $3.3 billion in 2011 and, as a subset of that industry, the email marketing industry is worth $100 million. The Internet and email marketing industry will incur some costs and inherit some benefits with regard to these Regulations. While costs may be borne by some marketers to amend processes to comply with the Regulations, the benefits for the industry lie with consumers now knowing that messages they receive are legitimate and wanted commercial messaging.
The definitions of family and personal relationship may require Internet and email marketers to alter some of their “forward to a friend” campaigns to ensure that they are not inciting individuals to forward marketing messages to those persons who do not fall under these proposed definitions. Similarly, email list sellers and renters will have to ensure that they satisfy the new regulatory requirements dealing with informing those who are using the lists of the unsubscribe request of any individual on that list. The costs on the Internet and email marketing industry are expected to be minimal, as the proposed Regulations are consistent with industry best practices.
There may also be cost implications for social media marketers as these marketing methods rely on relationships among family and friends.
Overall, the proposed Regulations are not expected to result in any significant costs for the Internet and email marketing industry. Any front-end costs related to process changes would be defrayed by longer-term complementary benefits to the industry resulting from increased consumer trust in Internet and email marketing. Finally, the cost impacts should be minimal for these Internet and email marketers already subscribing to existing best practices, as these Regulations should require little to no change to their existing practices.
Consumers will benefit from these proposed Regulations. Personal relationship and family exceptions will mean there will be no restrictions on sending commercial electronic messages to friends and family. They will also benefit from the ease of withdrawal of consent when third parties use lists from other organizations.
Impacts on non-profit organizations
Non-profit entities including clubs, associations and voluntary organizations will benefit from the clarifications in the Regulations, as marketing to members will be accepted under the implied consent regime in the Act. This will be particularly beneficial for those entities that run contests or lotteries for fundraising purposes.
Costs to Government, implementation and enforcement
The regulatory proposal would not result in any additional costs to Government. Compliance with the proposed Regulations will be assured by the existing enforcement regime.
These Regulations provide clarity and legal certainty regarding key terms in the anti-spam provisions of the Act. While the incremental impacts of these Regulations in terms of benefits and costs are expected to be very modest, it is anticipated that the benefits will outweigh the costs.
These Regulations are necessary to implement Bill C-28 which was the subject of extensive consultations and debate.
Hearings were also held with interested stakeholders by the House of Commons’ Standing Committee on Industry, Science and Technology and by the Senate Standing Committee on Transport and Communications during their review of the legislation from when it was tabled in 2009 to when it was passed as Bill C-28 in December 2010.
Overall, consultations that have taken place over the past six years surrounding the legislation and the policy on which it is built have shown strong support for anti-spam regulation from consumers, Internet service providers, marketers, businesses, educators, the financial sector, legal and consumer groups, and enforcement agencies.
Implementation, enforcement and service standards
There are no specific plans for implementation, enforcement or service standards related to these particular Regulations beyond the overall plans of the Government for effective implementation of the Anti-spam Legislation. Some of these broader efforts related to implementing the Act include a “Fight Spam” Web site, a 1-800 help line for Canadians, a spam reporting centre, education and awareness campaigns, as well as training of compliance and enforcement personnel.
Electronic Commerce Policy
Electronic Commerce Branch/SITT
Notice is hereby given that the Governor in Council, pursuant to subsection 64(1) of AnAct to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (see footnote a), proposes to make the annexed Electronic Commerce Protection Regulations.
Interested persons may make representations concerning the proposed Regulations within 60 days after the date of publication of this notice. All such representations must cite the Canada Gazette, Part I, and the date of publication of this notice, and be addressed to Bruce Wallace, Director, Electronic Commerce Policy, Electronic Commerce Branch, Department of Industry, Jean Edmonds Tower North, 18th Floor, Room 1891D, 300 Slater St., Ottawa, Ontario K1A 0C8 (tel.: 613-949-4759; fax: 613-941-1164; email: Bruce.Wallace@ic.gc.ca).
Ottawa, June 23, 2011
Assistant Clerk of the Privy Council
ELECTRONIC COMMERCE PROTECTION REGULATIONS
1. In these Regulations “Act” means AnAct to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.
PERSONAL RELATIONSHIP AND FAMILY RELATIONSHIP
2. For the purposes of paragraph 6(5)(a) of the Act
- (a) “family relationship” means the relationship between individuals who are connected by
- (i) a blood relationship, if one individual is the child or other descendant of the other individual, the parent or grandparent of the other individual, the brother or sister of the other individual or of collateral descent from the other individual’s grandparent,
- (ii) marriage, if one individual is married to the other individual or to an individual connected by a blood relationship to that other individual,
- (iii) a common-law partnership, if one individual is in a common-law partnership with the other individual or with an individual who is connected by a blood relationship to that other individual; and
- (iv) adoption, if one individual has been adopted, either legally or in fact, as the child of the other individual or as the child of an individual who is connected by a blood relationship to that other individual; and
- (i) a blood relationship, if one individual is the child or other descendant of the other individual, the parent or grandparent of the other individual, the brother or sister of the other individual or of collateral descent from the other individual’s grandparent,
- (b) “personal relationship” means the relationship, other than in relation to a commercial activity, between an individual who sends the message and the individual to whom the message is sent, if they have had an in-person meeting and, within the previous two years, a two-way communication.
CONDITIONS FOR USE OF CONSENT
3. (1) For the purposes of paragraph 10(2)(b) of the Act, a person who obtained express consent on behalf of a person whose identity was unknown may authorize any person to use the consent on the condition that the person who obtained consent ensures that, in any commercial electronic message sent to the person from whom consent was obtained,
- (a) the person who obtained consent is identified; and
- (b) the authorized person provides an unsubscribe mechanism that, in addition to meeting the requirements set out in section 11 of the Act, allows the person from whom consent was obtained to withdraw their consent from the person who obtained consent or any other person who is authorized to use the consent.
(2) The person who obtained consent must ensure that, on receipt of an indication of withdrawal of consent by the authorized person who sent the commercial electronic message, that authorized person notifies the person who obtained consent that consent has been withdrawn from, as the case may be,
- (a) the person who obtained consent;
- (b) the authorized person who sent the commercial electronic message; or
- (c) any other person who is authorized to use the consent.
(3) The person who obtained consent must inform, without delay, a person referred to in paragraph 2(c) of the withdrawal of consent on receipt of notification of withdrawal of consent from that person.
(4) The person who obtained consent must give effect to a withdrawal of consent and, if applicable, ensure that a person referred to in paragraph 2(c) gives effect to the withdrawal of consent, in accordance with subsection 11(3) of the Act.
MEMBERSHIP, CLUB, ASSOCIATION AND VOLUNTARY ORGANIZATION
4. (1) For the purposes of paragraph 10(13)(c) of the Act, membership is the status of having been accepted as a member of a club, association or voluntary organization in accordance with the membership requirements of the club, association or organization.
(2) For the purposes of paragraph 10(13)(c) of the Act, a club, association or voluntary organization is a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than profit, if no part of its income is payable to, or otherwise available for the personal benefit of any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is an organization the primary purpose of which is the promotion of amateur athletics in Canada.
COMING INTO FORCE
5. These Regulations come into force on the day on which they are registered.
Task Force on Spam, Stopping Spam: Creating a Stronger, Safer Internet, IndustryCanada, May2005, pp.1–7.
Organisation for Economic Co-operation and Development, Report of the OECD Task Force On Spam: Anti-Spam Toolkit of Recommended Policies and Measures, April 19, 2006, pp. 22–23, www.oecd.org/dataoecd/63/28/36494147.pdf.
R.S. 2010, c. 23