ISOC Canada called for early parliamentary hearings on the delay of bringing into force of the private right of action, found in the Canadian Anti-Spam Law (CASL). This allowed people, rather than governments, to sue for damages occasioned by the acts of others in electronic commerce, and not just spam. The Minister of Industry elected to delay its implementation. The Society does not think this is a good idea.
August 27, 2017
The Honourable Navdeep Bains
C.D. Howe Building
235 Queen Street
Subject: Private Right of Action under Canada’s Anti-Spam Legislation
The Canada Chapter of the Internet Society (ISCC) is writing to express its concerns with respect to the Government’s decision to delay the implementation of the private right of action (PRA) provided for under Canada’s Anti-Spam Legislation (CASL) and further to encourage you to hold hearings on the matter as soon as feasible, preferably this autumn.
Briefly, the Act provides that any person harmed by one or more of the following acts can sue the responsible person where the harmed person has:
- Received commercial electronic messages without consent;
- Had spyware or malware installed without consent on their computer (hacking);
- Had their messages diverted as a result of router hacking,
- Had their personal information collected, stolen or used as a result of a cyberattack or webscraping; or
- Been harmed by false or misleading commercial electronic messages or their header information.
CASL is meant to protect all players who engage in electronic commerce. This includes businesses and individuals, educational and public institutions, and anyone who may be subject to cyber harms. While individual consumers are beneficiaries of CASL’s provisions, they are by no means its sole or even primary beneficiaries. The most serious cyber-attacks to date have been aimed at businesses, both large and small. CASL provides them with a means to seek redress from those who have caused business and reputational loss.
The weight of public statement focuses on compliance with the spam provisions. We observe that spam does not constitute the entirety of harms in electronic communications. Malware, DDOS attacks, spyware, address harvesting and misleading electronic communications are as damaging, if not more so.
It is these latter harms that are likely to most erode confidence in electronic commerce and damage the development of electronic commerce in Canada. In this context, it is unfortunate that the late government did not continue to short title the Act the Electronic Commerce Protection Act. The unofficial retitling of the Act as CASL placed undue weight and emphasis on the anti-spam provisions of the Act, while downplaying the economically much more significant protections, especially as they apply to cyber-attacks in their myriad forms.
The Government has promised to launch a parliamentary review of CASL. We would urge the Government to commence the review upon the reconvening of Parliament this fall. The issues that have motivated a delay in the coming into force of the PRA are ones of public policy, and deserve a public airing in the shortest possible timeline.
We thank you for your consideration of this matter, and look forward to participating in the parliamentary review which we hope will take place in 2017.
Internet Society, Canada Chapter
John Knubley, Deputy Minister, email@example.com
Cameron Mitchell, MINO firstname.lastname@example.org
Pamela Miller. DG Telecoms email@example.com