Thank you, Mr. Chair, for inviting us to appear before your committee.
My name is Steven Harroun, and I'm the CRTC's chief compliance and enforcement officer. With me today is my colleague Daniel Roussy, general counsel and deputy executive director of the CRTC's legal sector.
We appreciate the valuable work that your members do to protect Canadians' privacy, a significant concern in today's digital age, and we recognize that the focus of your current work is on the Personal Information Protection and Electronic Documents Act. The CRTC follows the privacy legislation, as do all federal government departments and agencies, but has no direct experience as a regulatory body with this act.
However, we understand that the committee is interested in hearing about our experiences in enforcing Canada's anti-spam legislation. We believe there are aspects of our experience that may be useful to consider as part of your study, in particular, our ability to impose administrative monetary penalties.
Mr. Chair, let me begin with a brief overview of the legislation to provide context for our observations about the effectiveness of such penalties. In a nutshell, Canada's anti-spam legislation, known as CASL, is meant to provide Canadians with a secure online environment while ensuring that businesses can compete in the global marketplace. CASL gives the commission the authority to regulate certain forms of electronic contact, consisting of the sending of commercial electronic messages, the alteration of transmission data in electronic messages, and the installation of computer programs on another person's computer system in the course of commercial activity.
The fundamental underlying principle is that such activities can only be carried out with consent. The CRTC is responsible for CASL's administrative monetary penalty framework, which includes the imposition of penalties for violations. CASL is an opt-in regime, which means that consent must be obtained prior to the sending of commercial electronic messages to Canadians. CASL applies to the commercial electronic messages sent via email and through social media accounts, as well as text messages sent to cellphones.
Consent to receive these messages can either be express or implied, as stipulated in the act. Express consent means that the person has clearly and proactively agreed to receive the message, for example, someone voluntarily opts in by signing up at a website. Once express consent is obtained, commercial electronic messages can be sent, until the recipient notifies the sender that he or she no longer wants to receive them.
Consent can be implied, for example, through an existing business relationship with the consumer based on a previous commercial transaction. It also pertains to personal or family relationships, or in an existing non-business relationship, such as a membership in a club, association, or volunteer organization. In every case, CASL sets out that the burden of proof regarding consent rests with the person alleging consent.
In addition to consent, senders of commercial electronic messages must clearly identify themselves, and each message must also contain an unsubscribe mechanism, which is clearly and prominently set out, that allows consumers to readily unsubscribe if they no longer wish to receive messages.