I guess it gets to the point of the legislation, which is how one would define what is malicious and what is not malicious. Basically, the idea behind this piece of legislation is that it is a compliant regime, designed to encourage compliance with the rules set out in the legislation. The application, both in terms of the way it's drafted here and in principle, is on all commercial activities. Non-commercial activity is ultimately not falling under the application of the act.
The idea there was that spammers don't necessarily choose which line of business they're focusing on, and if we didn't have something that applied to everybody equally, any gaps would be taken advantage of by those who have the intent to spam or defraud Canadians.