Evidence of meeting #36 for Industry, Science and Technology in the 40th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was spam.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

  • Janet DiFrancesco  Director General, Electronic Commerce Branch, Department of Industry
  • André Leduc  Policy Analyst, E-Commerce Policy, Department of Industry
  • Philip Palmer  Senior General Counsel, Legal Services, Department of Industry

3:35 p.m.

Conservative

The Chair Michael Chong

Order.

Good afternoon, everyone.

We're here to conduct meeting 36 of the Standing Committee on Industry, Science and Technology. The meeting is pursuant to the order of reference of Friday, May 8, 2009, concerning Bill C-27, the anti-spam bill, otherwise known, in its short form, as the Electronic Commerce Protection Act.

Welcome to all of you, members of the committee and our three witnesses today.

From the Department of Industry, we have Madam Janet DiFrancesco, director general of the electronic commerce branch.

Welcome.

We also have Mr. Philip Palmer, senior general counsel of legal services at Industry Canada, and

Mr. André Leduc, Policy Analyst, E-Commerce Policy.

Welcome, everyone.

Before we begin with an opening statement from officials, I want to wish Mr. Van Kesteren a happy 54th birthday today.

3:35 p.m.

Voices

Hear, hear!

3:35 p.m.

Conservative

The Chair Michael Chong

In our mother tongue, we say, hartelijk gefeliciteerc.

So happy birthday to you. I just heard about it; I wish you a good day today.

Without further ado, we'll begin with a 10-minute opening statement from officials.

3:35 p.m.

Janet DiFrancesco Director General, Electronic Commerce Branch, Department of Industry

Thank you, Mr. Chairman.

I'm pleased to be here today as the new director general of the electronic commerce branch at Industry Canada, having recently replaced Richard Simpson, who appeared alongside Minister Clement and Assistant Deputy Minister Helen McDonald in June.

As you indicated, I'm joined here today by our legal counsel, Philip Palmer, and from my staff, André Leduc.

Industry Canada has made a commitment to increasing confidence in the digital economy, to clarifying the rules of the domestic and international markets, promoting the adoption and use of e-business and eliminating barriers to the use of e-business. The electronic commerce protection bill represents an importing step in achieving these objectives. Our department is pleased with the support this initiative has received in the testimony and briefs that have been submitted to the committee.

It is no surprise that there has been such interest in this legislation, as the Internet is now the communications platform of the emerging economy. ECPA is about more than just the nuisance of spam; it is about malicious and detrimental activities that dissuade Canadians and Canadian businesses from taking part in the online marketplace.

I should note that ECPA could not have been drafted without the important work of the task force on spam and their recommendations, as well as the experience shared with us by global partners, specifically New Zealand, Australia, and the United States. By working closely with these counterparts, Canada has drafted world-leading legislation based on the best and most effective aspects from legislative initiatives from around the world.

Spam and on-line threats come from both inside and outside Canada. The current bill contains important provisions designed to protect Canadian consumers and businesses from the most dangerous and harmful types of spam and will introduce a regulatory system that will protect the privacy and personal safety of Canadians in the on-line environment. The bill will include a set of clear rules that will benefit all Canadians and that will increase their trust in on-line communications and electronic business.

I would like to take this opportunity to address a couple of the common misperceptions about the legislation.

The committee has heard a number of witnesses express concern about the consent regime. It should be noted that there is no time limit to express consent. Once an individual has provided express consent to a person, the consent can only end when the individual opts out or unsubscribes. The 18-month period with respect to existing business relationships allows companies to imply consent in order to give them time to obtain the individual's express consent.

Secondly, with regard to the private right of action, some witnesses have indicated that they do not see a need for it. We believe this provision provides an important mechanism that will allow individuals and groups of individuals to pursue violators and enable telecommunications service providers and Internet service providers to pursue those who threaten their networks. It would, for example, enable a bank or financial institution to take civil action against phishers who falsely impersonate their organizations in an attempt to defraud their customers.

Mr. Chairman, we have examined the concerns expressed before your committee and have prepared motions respecting a number of them. At Mr. Lake's request, we have distributed to all members an annotated version of the bill indicating the amendments proposed by the government. More than 40 amendments are planned, a number of which are of a technical nature.

Our purpose is to strengthen confidence in online commerce, and the opportunity for public comment presented by the committee's study of Bill C-27 has been most helpful. Of all the areas discussed, those that provoked the most comments were those relating to the perceived breadth of the legislation and the requirements respecting express and implied consent. We considered these concerns carefully, and amendments are being proposed to better focus those provisions that were considered too broad.

In brief, the amendments deal with the definition of commercial electronic messages, existing business relationships, business-to-business relationships, third party referrals, and the installation and update of programs and applets.

First, with regard to commercial electronic messages, we recommend expanding the range of situations in which the sending of e-mails is excepted from the requirements of express consent. For instance, correspondence in reply to an inquiry is clearly exempt, as would be ongoing correspondence relating to insurance policies, warranties, subscriptions, and other longer-term relationships.

Secondly, amendments have been drafted concerning existing business relationships. For example, for those relationships that are in effect prior to the act coming into force, a transitional or grandfather clause will extend the implied consent regime for a period of 36 months to allow commercial entities time to contact existing clients and obtain their express consent for future communications. Similarly, we have clarified by way of proposed amendment that the 18-month period concerning an “existing business relationship” referred to in subclause 10(4) commences on the date that the subscription, membership, account, or loan has been terminated, as opposed to the beginning of that relationship.

You will also find an amendment that clarifies that in the instance of the sale of a business, the purchaser is deemed to have an existing business relationship with the seller's clientele.

In the context of business-to-business relationships, we have suggested expanding implied consent to encompass the conspicuous publication of an electronic address, such as on a website or in a print advertisement. In these circumstances, the sender's message must relate to the business or office held by the recipients. Implied consent would also be extended to cover situations where it is reasonable to believe that consent has been given—for instance, in giving out a business card or providing an e-mail address in a letter.

We have recognized the importance in certain industries of being able to contact referrals through e-mail and have drafted an amendment to this effect. In the document before you, you will find a provision permitting under certain conditions unsolicited commercial messages that are follow-ups to third party referrals.

In terms of consent to installation of computer programs, you will find proposed amendments to clarify that automatic updates—for example, daily or weekly updates to anti-virus software—will not require consent for each update as long as this is set out as part of the original contract under which the software was installed.

Similarly, you will find that there are proposals to ensure that running applets such as JavaScript or Flash programs will not require express consent each time they are run.

Last, during witness testimony, a suggestion was made to have the administrative monetary penalties, or AMPs, provision amended to provide further assurance that companies that make an honest mistake will not be subject to heavy fines. It has been suggested that the CRTC be given the capability to suspend AMPs for a specified period of time, and that if the business does not violate the act again during that time period, the AMP could be lifted. As a result, we propose that clause 25 be amended to indicate that the CRTC has the ability to reduce, suspend, or waive an administrative monetary penalty.

I want to thank you for your review of the Electronic Business Protection Act. We are convinced that this work will result in healthy regulation and that the bill will take into account the interests of businesses and consumers in an equitable manner.

We welcome the committee's questions. Thank you.

3:40 p.m.

Conservative

The Chair Michael Chong

Thank you, Ms. DiFrancesco.

We'll have about one hour and 40 minutes to listen to questions and comments from members of this committee, beginning with Madame Coady.

3:40 p.m.

Liberal

Siobhan Coady St. John's South—Mount Pearl, NL

Thank you very much.

Thank you for appearing before us again today, and for sending out the information yesterday, and for giving a good discourse of what your proposed changes are. So thank you for listening.

I have a couple of comments and questions based on some of the testimony that we have heard over the last number of months with regard to this legislation.

The first question gives us an opportunity for you to discuss when you were reviewing the scope of the bill. We heard a lot of discussion over the last number of months that the scope of the bill was a bit too broad, that we needed to narrow the scope further. There were some suggestions brought forward on how to do that. Could you perhaps give us your rationale on how you actually looked at narrowing that scope and what exactly you've done? That's my first question.

3:40 p.m.

Director General, Electronic Commerce Branch, Department of Industry

Janet DiFrancesco

By way of clarification, are you referring to the scope of the opt-in--

3:40 p.m.

Liberal

Siobhan Coady St. John's South—Mount Pearl, NL

The definition.

3:40 p.m.

Director General, Electronic Commerce Branch, Department of Industry

Janet DiFrancesco

Oh, to the definition of an electronic commercial message. Maybe I'll respond and then I'll turn to André to fill in any blanks.

I would say that in terms of the definition of electronic message, I'm not sure that we've narrowed the scope, but what we've tried to do is refine very carefully what is an electronic message and what isn't. For greater certainty, we've added a number of provisions to indicate that, for instance, an electronic message that provides a quote that was requested by the client would not be covered. We've clarified that warranty information or product recall information as a follow-up would also not be covered. Those kinds of clarifications have been added to the legislation.

3:40 p.m.

Liberal

Siobhan Coady St. John's South—Mount Pearl, NL

Some have come before us who have suggested that the scope of the definition should actually look at fraudulent activity or malware.

3:45 p.m.

Director General, Electronic Commerce Branch, Department of Industry

Janet DiFrancesco

Oh, okay. My apologies.

3:45 p.m.

André Leduc Policy Analyst, E-Commerce Policy, Department of Industry

I guess it gets to the point of the legislation, which is how one would define what is malicious and what is not malicious. Basically, the idea behind this piece of legislation is that it is a compliant regime, designed to encourage compliance with the rules set out in the legislation. The application, both in terms of the way it's drafted here and in principle, is on all commercial activities. Non-commercial activity is ultimately not falling under the application of the act.

The idea there was that spammers don't necessarily choose which line of business they're focusing on, and if we didn't have something that applied to everybody equally, any gaps would be taken advantage of by those who have the intent to spam or defraud Canadians.

3:45 p.m.

Liberal

Siobhan Coady St. John's South—Mount Pearl, NL

One of the criticisms we heard was that because the scope was so broad, you're capturing a wide net; you're not only looking at malware, you're looking everywhere. Now, if you look at some of the others, such as the New Zealand spam act or the Australia spam act, the legislation applies to a defined list of commercial electronic messages that relate to direct marketing, for example. Could you comment on why you chose to do it, as you said, rather narrowly versus broadening it out? I'm sure when you listened to some of the witnesses who came before us, you gave some further consideration to that.

3:45 p.m.

Policy Analyst, E-Commerce Policy, Department of Industry

André Leduc

Well, we did our homework in terms of direct marketing, and we spoke to our colleagues in New Zealand and Australia when we were developing the legislation. In fact, most of the definitional aspects of the legislation were taken directly from the Australian and New Zealand models. The scope of their legislation isn't limited to direct marketing; it applies in almost the exact same manner as this legislation would. Our definition of electronic address and commercial electronic message is almost verbatim what appears in the Australian and New Zealand models.

3:45 p.m.

Liberal

Siobhan Coady St. John's South—Mount Pearl, NL

Thank you.

I have two other questions, and one is on consent. We heard a number of people before us who thought that the consent provisions were far too narrow and went beyond what the international community did, and even went beyond how PIPEDA and the spam task force defined their implied consent, for example, where consent may reasonably be inferred from the action or the inaction of the individual.

You've mentioned that you made a few changes to consent, and I'd like you to further expand on that because we are going to have a lot of people who are concerned about implied and expressed consent.