Evidence of meeting #27 for Industry, Science and Technology in the 40th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was consent.
A recording is available from Parliament.
4:15 p.m.
Secretary Treasurer, CAUCE North America, Inc.
That was my understanding as well, sir, that there's an exception in there. I'd have to go back and check, unfortunately.
4:15 p.m.
Director-at-large, CAUCE North America, Inc.
I think the idea behind address harvesting, as well, is more for the purpose of building a list to send e-mail to. It's a case of going to websites and looking for people who have published addresses and then subscribing them to a list and, in theory, just spamming to them.
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
Exactly. That would definitely be the purpose, yes.
Let me ask you about some examples of what might be considered spam under the bill as currently written.
A business that sends an electronic message that provides warranty, product recall, safety or security information about goods purchased more than 18 months previously, is that an example of spam, in your opinion?
4:15 p.m.
Prof. Michael Geist
It's not, and it's not a problem under this bill. If I purchase a car seat for my daughter and send in the warranty card and give them consent to send me regular updates, as I no doubt would, because I'm going to be concerned about the prospect of safety recalls, then they can continue—and I would hope that they would—to send me any of that information. All they have to do is to obtain the necessary consent. It's open to the consumer in every instance to ensure they get that warranty information.
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
So you're saying that if the consent has not been given, it would constitute spam.
4:15 p.m.
Prof. Michael Geist
I'm saying that if it is outside the 18 months and the consumer didn't give consent for that warranty information to be sent to them, then I suppose, yes, it might be.
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
If that process of filling out forms, or whatever, at the front end was not undertaken, then it would constitute spam.
4:15 p.m.
Prof. Michael Geist
Well, if they didn't fill it out, I'm not sure how the business would contact the individual.
4:15 p.m.
Liberal
4:15 p.m.
Prof. Michael Geist
Right. At the time the person has made that purchase.... We all fill out these cards all the time for production information and the like. But all they have to do, any time they're obtaining that information in the first place, is to obtain consent. If they've never obtained my personal information, then they're not going to be able to send me any of that product or warranty information in the first place. So all we're doing is asking a business at the time they collect that information in the first place to get the consent.
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
So what we're saying is that the business must now make sure they get that consent at the front-end.
For a business that sends out an electronic message that provides information about product updates or upgrades that a person is entitled to receive for a product purchased more than 18 months previously, I guess you would say the same applies.
What about sending newsletters, business publications, or company information from anyone who has made an inquiry about a company's products or services more than six months before?
4:15 p.m.
Prof. Michael Geist
If we're talking about business-to-business, it's excluded.
4:15 p.m.
Liberal
4:15 p.m.
Prof. Michael Geist
If you're talking about business-to-consumer, then, yes, exclude it.
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
What about sending university alumni information in a newsletter, if that alumni letter has some advertising in it?
4:15 p.m.
Prof. Michael Geist
As I mentioned to one of your colleagues, there is an exception for charities. So if you're registered, I think it's section--
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
No, I'm talking about an advertisement for you to buy something, but it's in the newsletter.
4:15 p.m.
Prof. Michael Geist
Right. I think if the gist of the overall message is that it's coming from a university, let's say, which is a registered charity, and within it there's an opportunity to get a university-branded credit card, or something like that—which we often see—I think it would still be permitted within this particular exception.
4:15 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
What if it's not that kind of an ad, but something more commercial?
4:20 p.m.
Prof. Michael Geist
If it's strictly a commercial message and it falls outside of this exception, so we're dealing with something that's clearly commercial, then you have to obtain consent.
4:20 p.m.
Liberal
Marc Garneau Liberal Westmount—Ville-Marie, QC
Something I've asked a number of people about, but haven't had a clear answer on, is the issue of cookies. How do you view cookies? Are they spam, in your opinion, or not?
4:20 p.m.
Secretary Treasurer, CAUCE North America, Inc.
Our company, Eloqua, is a company that helps other companies generate lists and prospects. We do that by enticing or giving technology to our customers to entice other people to come and register and actually take an action—to put in their name, e-mail address, and a phone number. They basically opt into a newsletter, and sometimes even opt into being tracked. What we try to do from a product standpoint is to tell companies who is visiting their website, and who is interested in what's going on. In most ways, I don't really consider cookies spam, especially from the standpoint that we are very clear about what the information is going to be used for, especially in our privacy policy at our company Eloqua, or even within our own customers' privacy policies. So I do not consider cookies spam.
4:20 p.m.
Conservative
4:20 p.m.
Prof. Michael Geist
I'll take 15 seconds just to supplement that. The issue of cookies has come up in discussion, not so much as to whether it's spam but as to whether it's a computer program that's being inserted on someone's personal computer. I think the consensus is that it is not.
If you take a look at standard definitions for what a cookie is, it is simply a text file that is inserted onto a personal computer, at the user's request; they have the ability not to have it there. It doesn't run anything, and if you take a look at the definition of software programs referred to here, they require something more than just being a text file itself.
