One thing we can typically trust a government to do, is to not understand the Internet. You may ask me, what's so wrong about stopping SPAM, Dave?  There is nothing wrong with stopping SPAM, it's a great endeavour. Sadly, this piece of legislation isn't going to do anything beyond making it more difficult to run a business in Canada.

A lot of the literature I've seen online from other companies have been touting CASL as a great new initiative that's going to make things better, and I have to admit, I feel like I'm stuck in The Emperor's New Clothes. This isn't a good piece of legislation, and makes the already difficult lives of the small to medium business even harder in Canada for no real benefit.

To demonstrate the heart of the matter here, I'm going to ask one simple question that I already know the answer to:

"Have you ever faced a disruptive / annoying spam issue from a Canadian-based company, that couldn't be easily blocked, kept coming in no matter what you did, and disrupted your day-to-day life?"

If you answered yes to that question, you're in the minority.

While the CASL may stop that email the guy in the local computer store sent you about a sale he was running that one time, the overall burden it places on business is ridiculous. Here are just a few of the problems businesses will face under the CASL:

Problem 1:  Spam is a global problem, not typically originating in Canada.

The first problem with this legislation is that Canada is not a primary source of spam. We don't in fact even make the SOPHOS "Dirty Dozen" List of countries that relay the majority of the world’s spam. 

Secondly, this shows a fundamental lack of understanding of the source, cause, and reasons behind the annoying and harmful spam that can actually disrupt your day-to-day. They are sent by malicious third parties that have typically hijacked or otherwise gained control of innocent third-party computers.

Problem 2:  CASL inhibits commerce, not spam.

We know that the vast majority of spam originates outside of Canada from people who cannot be touched by this law. So, it is reasonable to assume that this law will not reduce the volumes of spam received by the average Canadian by any measurable amount.

Under CASL, any email sent with commercial intent (which covers just about everything a business does, with scant few exemptions), requires direct consent from the recipient.

The onus to prove consent falls on the business; you can prove express consent in writing, or via an unedited audio recording.  Think about that for a second. Consider the logistics of a smaller business tracking and ensuring consent. I can only imagine running into a potential business prospect while out of the office: "Hold on a minute, I'm just going to record you asking me to send you information, so I can prove your consent...ok, could you repeat that?"

This creates other problems, as I'm sure many businesses will just have to hope and pray they don't have to prove consent, because they literally cannot afford the technology to do so. How many small businesses record calls that come from their phones? What happens if a business decides to rally some friends and family to call up their local competition asking for information and then denies giving consent to cause trouble for the business?

This also affects our competitiveness in the global economy. Foreign companies doing business into or in Canada are expected to comply with the CASL. How many of them are going to tally the cost of complying versus just not doing business in Canada, and find the latter more appealing to the pocket book?

Problem 3: Excessive financial penalties coupled with the ability for civil action.

The CASL comes with the stiffest penalties of any spam legislation in the world: Up to $1 million for an individual and $10 million for a business or organization. It also directly provides provisions for private civil action against violators of the CASL after an initial grace period.

Due to the onerous and difficult-to-navigate nature of the CASL, it is not a stretch to imagine a scenario where an individual without scruples could trick businesses without the resources to track compliance fully to send them a CEM and then threaten legal action with the end goal of an out-of-court settlement. We’ve seen this kind of thing before—patent trolls have been operating this way for years.

What do we do?

I wish I had an answer to this question. It's not all bad—in fact, there are some very good provisions in the law, such as the requirement to not send misleading information in CEMs. I'm hoping that once the CASL comes into force, it becomes quickly apparent how impractical and even damaging it will be for the business community. Ideally, it will undergo a significant overhaul, but it's really too early to tell what will happen.

This is the third email in a three part series: Part 1, Part 2

OBLIGATORY NOTICE: I am not a lawyer; the previous article discussed an upcoming Canadian law and contains only my opinion. It should not be considered legal advice. Lifeline Design inc. does not guarantee this information, and all readers should consult their own legal counsel in regards to this legislation.