With Canada’s anti-spam law now in effect, many are starting to ask about enforcement of the law. While no one should expect the law to eliminate spam, the goal much more modest: target the bad actors based in Canada and change the privacy culture by making opt-in consent the expected standard for consumer consents. The CRTC, the lead regulatory agency, has made it clear that the fear-mongering of million dollar penalties for inadvertent violations is not going to happen. Chair Jean-Pierre Blais recently stated:
punishment is not our goal. We are not going to go after every indie rock band that’s trying to sell a new release to its fans. We have much bigger fish to fry. The CRTC will focus on the most severe types of violations. This means you may still receive the occasional spam message after July 1st. Our principal targets are abusive spammers and interlopers involved in botnets and, come January, malware and malicious URLs. Our responses to complaints will range from written warnings up to financial penalties or court actions. Our objective is to secure compliance and prevent recidivism. I believe the best enforcement approach should be determined by the facts surrounding each particular case.
How will the CRTC identify abusive spammers? The government has established a Spam Reporting Centre that is currently accepting reports of commercial electronic messages sent without consent or with false or misleading content. Initial reports indicate that hundreds of complaints have been filed daily. The Centre clearly states that it will not investigate all submissions, but rather use the information to identify enforcement targets. The information will be retained for at least three years (or up to ten years if the subject of an investigation). Canadians can use a web-based form to file their report or simply forward their spam email directly to email@example.com.
Commercial email did not grind to a halt the day after Canada’s anti-spam legislation took effect and neither did the coverage about the law’s impact (I appeared on CBC’s The Current to debate the issue). Coverage included Microsoft backtracking from its earlier decision to stop security update emails, apparently taking the time to actually read the legislation and find the exception for security notification. There was also a CBC story about the Canadian Avalanche Centre, which stopped an email service after hundred of customization options became “too much of a hassle to maintain”, but the CBC used the timing to link the decision to CASL.
BoldRadius is one of those SMEs that is supposed to be having problems with CASL, despite legal obligations to obtain consents and meet other requirements that have been in effect since 2004. Yet Faber’s initial experience is precisely what one might expect: as companies shift to opt-in lists with customers who explicitly consent to receive messages, they are more likely to open the emails and to click on the links. I asked Faber about the experience to date and he indicated that the company’s list has unsurprisingly slimmed down, but that it is much more qualified, will grow back over time, and offers a more engaged audience, which he prefers. A useful reminder that successful email marketing and opt-in consent are not incompatible. Indeed, opt-in is the standard in most countries around the world and was the unanimous recommendation of the Canadian National Task Force on Spam that included representatives from the marketing community.