moved that Bill C-28, An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, be now read a second time and referred to the Standing Committee on Industry, Science and Technology.
Mr. Speaker, I am pleased to rise today to begin the second reading of Bill C-28, Fighting Internet and Wireless Spam Act.
Hon. members will no doubt recall that this bill was debated extensively in this House and the other place in the last session as Bill C-27. Now it is Bill C-28, so we have moved up at least one notch in the world, anyway.
I should inform members that this bill has not changed substantially since the last session and remains as it was following its review by the House industry committee at that time.
At the outset I would like members to consider the bill in a larger context, as part of an overall plan to help put Canada at the forefront of the digital economy, in part through modernizing our framework of laws for the digital age.
Soon we expect to bring up to date other important legislation, including the Personal Information Protection and Electronic Documents Act, and of course, the Copyright Act. Together these bills will contribute to improving cyber security practices by consumers and industry, to promote trust and confidence in online commerce.
As we know, the Internet has become the central nervous system for the digital economy. It provides a common global platform for communication and commerce. Its use by businesses and consumers has led to the emergence of a borderless international marketplace.
Since 2000, online sales for Canadian companies have increased nearly tenfold. Ten years ago, online sales in our country were less than $7.2 billion. In 2007, sales reached almost $63 billion.
Businesses and consumers have grown to depend on the Internet. They count on it to be safe and reliable. Online security threats can erode the degree of trust and confidence in the Internet as a safe and reliable environment for electronic commerce.
Our government is committed to building the necessary confidence. We understand what a harmful economic impact spam and other online threats can have on the online economy. We know that the government has an important role to play through legislative measures.
Threats to the online economy include more than just spam. They include spyware, malware, computer viruses, phishing, viral attachments, false or misleading emails, the use of fraudulent websites, and the harvesting of electronic addresses.
These threats are not just nuisances. Some are fraudulent, some invade privacy, and some are used to infect and gain control over computers. It is estimated that spam costs the worldwide economy $130 billion a year.
The bill before us contains important provisions that will protect Canadian businesses and consumers from the most harmful and misleading forms of online threats. It improves the privacy and economic security of Canadians in the electronic environment. It offers a host of clear rules that all Canadians will benefit from. It will promote confidence in online communication and electronic commerce.
The bill before us stakes out new ground in Canada. Currently we are the only G8 country and one of only four OECD countries without legislation dealing with spam. This bill will rectify that situation.
In developing the bill, we have been able to incorporate the best practices of other countries that have launched similar efforts.
We have seen, for example, how effective the private right of action has been in combatting spam in the United States. Under the bill before us, businesses will be able to sue spammers who use their brand to lure unsuspecting customers to divulge private information online as a result of unsolicited email. The bill enables class action suits by individuals who have been spammed or whose computers have been subjected to spyware or botnets.
We have learned from approaches taken elsewhere that a civil administrative regime is more responsive and therefore more effective than using the criminal law to combat spam. Other countries such as Australia, the United States and Japan use regulatory authorities rather than law enforcement to enforce anti-spam legislation. With this bill, Canada will have a comprehensive enforcement regime enforced by existing specialized agencies rather than the police.
What enforcement agencies will be involved? The new law will be enforced by the CRTC as Canada's communications authority, by the Competition Bureau as the federal agency that deals with false or misleading commercial messages, and by the Office of the Privacy Commissioner, the agency tasked with the administration of PIPEDA. The bill specifically enables these agencies to work and share information with each other, as well as work with and share information with their international counterparts.
The CRTC will enforce the provisions against sending unsolicited commercial messages. It will also have responsibility for the provisions that prohibit the altering of transmission data without authorization and the unauthorized installation of computer programs.
The Competition Bureau will address false or misleading representations online and deceptive marketplace practices such as false headers and website content.
The Office of the Privacy Commissioner will address the collection of personal information without consent through unauthorized access to computer systems and the unauthorized compiling or supplying of lists of electronic addresses, commonly referred to as address harvesting.
The bill provides that both the CRTC and the Competition Bureau can seek what we call “administrative monetary penalties”, AMPs, against violators. The maximum AMP for the CRTC is up to $1 million per violation for individuals, and up to $10 million for businesses.
The Competition Bureau, through application of the Competition Tribunal, may seek AMPs under the current AMPs regime in the Competition Act. That regime specifies AMPs of up to $750,000 for the first violation and up to $1 million per subsequent violation in the case of individuals, up to $10 million for an initial violation by a business and up to $15 million per subsequent violation.
These AMP regimes demonstrate that we are serious about driving spammers out of Canada.
Industry Canada will have oversight responsibilities and will ensure that the work of the three agencies is coordinated. A spam reporting centre will be established to help the three enforcement agencies in their investigations and to give businesses and consumers a one-stop shop where they can report spam and other online threats.
I would remind hon. members that after wide-ranging discussions in this place and in the Standing Committee on Industry, Science and Technology we were able to pass the predecessor, Bill C-27, as amended, with unanimous consent at third reading during the last session.
The amendments that have been incorporated into this bill, based on the thorough review done at committee for the previous bill, fine-tune this legislation so it strikes the right balance between protecting consumers and giving them control over their inboxes, while effectively enabling online commerce.
Hon. members may recall that we took a careful look at how to ensure that companies that use email to keep in touch with customers do not inadvertently find themselves in violation of the law. The purpose of the bill, after all, is not to limit legitimate online business. It is to promote electronic commerce by increasing confidence in the use of the Internet to carry out business transactions.
The implied consent provisions were expanded to include the conspicuous publication of an electronic address such as a website or a print advertisement, provided that the sender's message relates to the business or office held by the recipient. This is consistent with provisions under PIPEDA and accepted in the current code of ethics of the Canadian Marketing Association.
Under the bill, no commercial electronic message can be sent without some form of expressed or implied consent. Implied consent is also extended to existing business and non-business relationships. We have, I believe, preserved the ability to extend by regulation the situations in which it is reasonable to believe that consent to receive commercial emails is to be implied.
Hon. members will also remember that after the committee hearings, the bill was amended by the committee to ensure that legitimate businesses can periodically install updates to their software and that businesses and consumers can continue to use navigation features on the web.
The effect of these amendments was to make a good bill even better. Each of these provisions has been brought forward in the bill before us.
Nonetheless, I want to point out that in addition to these changes made at third reading during the last session, we also incorporated a number of technical changes and clarifications to the bill before us today. Two changes in particular are worth going over in greater detail because they are more important.
The first deals with the order of precedence of two laws that affect privacy: the bill before us; and the Personal Information Protection and Electronic Documents Act, PIPEDA. Hon. members may be aware that PIPEDA contains a primacy clause that otherwise ensures its provisions take precedence over subsequently enacted bills when dealing with personal information or consent. This primacy provision ensures that the efficacy of PIPEDA is not undermined by other legislation with weaker consent requirements.
Compared with PIPEDA, the bill before us has stricter rules regarding consent when dealing with personal information respecting email addresses. Its rules are also more strict when dealing with consent to the receipt of commercial messages. This bill must take precedence.
Accordingly, a new clause 3 clarifies that in the event of a conflict between the provision of this bill and a provision of Part 1 of PIPEDA, the provision of this bill, the Fighting Internet and Wireless Spam Act, would take precedence. Hon. members, I should add that the Office of the Privacy Commissioner supports this amendment.
The second amendment I wish to discuss responds to an issue raised concerning the former Bill C-27. An amendment was added before the bill went to the committee in the other place, but Parliament was prorogued before it could be discussed there. It involves provisions of PIPEDA that prohibit the collection and use of personal information through unauthorized access to a computer system.
Our goal is to increase the protection of personal information stored on personal computers or private business networks. The bill requires private sector firms and investigators to obtain consent to collect that information. It includes a provision that private enterprises do not have the right to collect personal information through access to a computer system “without authorization”. The main focus of the amendment is the term “without authorization”.
In drafting the bill, it was never our intent to limit the ability of private investigators and search engines to access and collect personal information that is already available to the public on the World Wide Web or other similar networks.
We have consulted with privacy advocates, telecommunications carriers, search engine companies, copyright-dependent industries, and other stakeholders. They agree that an amendment is necessary. As a result, we have changed the wording so that instead of “without authorization”, the bill now reads, “in contravention of an Act of Parliament”. That is, there will be no exception to PIPEDA's consent requirements for: “the collection of personal information, through any means of telecommunication, if the collection is made by accessing a computer system or causing a computer system to be accessed in contravention of an Act of Parliament”.
I believe hon. members will agree that this amendment respects the spirit of the bill as originally passed in this House in the last session, and improves upon it.
Finally, we have travelled a long journey toward bringing anti-spam legislation to Canada. From the work of Senators Oliver and Goldstein to the recommendations of the Task Force on Spam, there have been many different sources of inspiration for this bill. It was very close to receiving royal assent in the last session, and I hope we can move it through this session quickly.
This is a bill that will benefit all Canadians who use the Internet, but it is also a major piece of a much bigger agenda to put Canada in the forefront of the digital economy. If we get this right, we will do more than simplify participation in the digital economy; Canada will be a leader.
I urge hon. members to join me in supporting this bill.