by Shaya Silber
Dec, 20, 2011.
Changes to Canadian spam law are expected in the near future. The changes are expected to come into force in early 2012. The new law, otherwise known as Bill C-28, is aimed at preventing the sending of unsolicited messages. Bill C-28 is a significant revamp of spam law in Canada. It also contains hefty enforcement measures for violations of the Act.
Application
The Bill contains a broad definition of what is considered “Commercial Activity.” The current version of the Bill states that commercial activity is:
any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit.
The language seems very broad. Because messages may be considered “commercial” even though there is no expectation of profit, it is hard to say exactly how this will be applied. For example, if a business or organization sends out an unsolicited message, it may be in violation of the act even though the message was not advertising or selling any goods or services.
Another interesting part of Bill C-28 is the broad definition of what is considered a “message”. For example, in addition to email messages, the Bill also includes instant messaging, telephone (which presumably includes text messages), and any “similar” account. Furthermore, the act applies to “text, sound, voice or image” messages.
The regulations to the Act may provide some clarification to the above terms once they are released.
Enforcement
Enforcement of the Act is covered by three organizations. The Canadian Radio and Television Commission (CRTC), Competition Bureau, and the Office of the Privacy Commissioner of Canada (OPC) will enforce different elements of the Act. These are in addition to a private right action for losses, damages, and expenses.
The CRTC will issue administrative monetary penalties for violations of the Act. The Competition Bureau will issue penalties for false or misleading messages. The OPC will oversee the improper collection of private data such as email addresses and other personal information.
Individual violators can be fined as much as $1 million. The penalty for corporate violators can run as high as $10 million.