Thank you, Mr. Chair and members of the committee. Thank you for inviting us to be here with you today to contribute to your study of Bill C-27, the proposed Electronic Commerce Protection Act, ECPA.
We welcome this opportunity to comment on this important bill.
My name is Nathalie Clark. I am the general counsel and the corporate secretary of the Canadian Bankers Association. With me today is Bill Randle, our assistant general counsel.
In the submission we have provided to the committee, we have commented on Bill C-27 in some detail. But in these opening remarks, I will briefly review our main concerns with the bill.
In recent years, criminals abused e-mail both to deliver spyware, which can steal personal information from its targets, and to send counterfeit messages that lure individuals into disclosing personal information that results in identity theft.
It is widely recognized that these types of spam are a significant threat to individuals, businesses and the Canadian economy. For several years, the CBA has encouraged the government to introduce legislation to address the most malicious forms of spam.
Canada is the only G8 country that does not currently have specific anti-spam laws and the banking industry agrees that legislation is required to protect consumers and businesses from these dangerous and damaging forms of spam.
As a result, we welcome the government's decision to proceed with draft anti-spam legislation and we support the stated goal of Bill C-27 to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means to carry out commercial activities. We note, however, that Bill C-27 is clearly more extensive and restrictive than similar legislation in other jurisdictions, including the United States.
We are concerned with the broad range of the bill and the potential negative impact that some of its provisions may have on legitimate business activities. In particular, we believe the opt-in framework proposed in the bill, combined with the need--with some limited exceptions--to obtain express consent from a person to send them a commercial electronic message, will have a negative impact on the ability of legitimate businesses to market their goods and services electronically. Most importantly, express consent cannot be obtained by sending an e-mail or other electronic communications to a person requesting consent. It can only be obtained in some other manner through some prior contact with the recipient. In other words, a business cannot send an unsolicited electronic message seeking consent to send more messages.
We recommend, therefore, that Bill C-27 be amended to allow the sending of an initial contact message without consent, while strengthening the content requirements of the initial contact message to ensure it is consistent with the principles of the do-not-call list legislation and the anti-spam legislation of other countries.
We acknowledge that consent can be implied when there is an existing business relationship--we welcome this exception--but believe some changes are needed to the definition of “existing business relationship”. We also recommend an amendment to extend the exception to affiliates of a company with which a person has a business relationship.
We note that express consent is required every time a “computer program” is installed, even when there is an existing business relationship. We would like some clarification that tools such as “cookies” are not included in the definition of “computer program” set out in the bill.
There is an extensive system of administrative monetary penalties set out in the bill as well. While we accept that there is a need for an enforcement regime, including penalties for persons who breach the provisions of the act, we believe that some aspects of the regime, and especially the penalties proposed in the bill, are excessive and would discourage businesses from engaging in legitimate marketing activities. This could have the effect of stifling the development of legitimate electronic marketing and could adversely affect the ability of businesses to reach their consumers.
The bill states that the purpose of these substantial AMPs is to encourage cooperation and compliance with the legislation and is not to punish. If that is the primary objective of the AMP provision in Bill C-27, we recommend that the CRTC be given the ability to suspend an AMP for a period of time, and if the persons subject to the AMP satisfy the CRTC that they have made changes to comply fully with the law, then the AMP could be withdrawn.
The bill also includes a private right of action that allows for statutory damages without proof of loss. We believe that the appropriate enforcement regime is government based. We do not support a private right of action, as we believe that these actions are generally motivated more by private monetary considerations than by general deterrence, and that a private right of action will have a chilling effect on businesses that wish to engage in legitimate marketing activities. While the bill provides for various factors to be considered in assessing damages under a private right of action, legitimate businesses are still put to the significant cost and task of defending themselves in this context. In particular, the private right of action that allows for statutory damages without proof of loss will encourage class actions that will lead to substantive legal costs and reputational risk for businesses.
Summing up, the CBA stands firmly behind this legislation that protects individuals, businesses and the Canadian economy from the serious threat of malicious forms of spams. We are very pleased to have had this opportunity to work closely with the government and with members of Parliament to ensure that Canada is no longer the only G8 without specific anti-spam laws on the books.
Thank you once again for providing the CBA with the opportunity to offer our views on Bill C-27. We would be pleased to answer any questions.