First of all, I would like to thank you, Mr. Chair, and members of the committee for the invitation to appear before you this morning.
My name is Mark Schaan and I serve as director general of the marketplace framework policy branch in the strategic innovation and policy sector of Innovation, Science and Economic Development Canada.
While our sector broadly includes such policy areas as innovation, telecommunications, and trade, my branch specifically analyzes and proposes improvements for the role of marketplace frameworks in meeting the department's objectives. This includes analysis of corporate governance, bankruptcy and insolvency, competition, and intellectual property to support an efficient marketplace and innovation economy.
More recently, my branch was assigned responsibility for Canada's anti-spam legislation, CASL, and the Personal Information Protection and Electronic Documents Act, PIPEDA, which are key pieces of legislation that are part of a broader legal underpinning that provides a regulatory foundation for commerce, including electronic commerce. Both seek to promote commerce and innovation through facilitating trust and confidence in the digital marketplace.
I am here with Charles Taillefer, director of the privacy and data protection directorate within my branch. His team is responsible for providing policy advice, guidance, and support with respect to CASL.
CASL has its origins with the anti-spam action plan for Canada, which was launched in 2004 and established a private sector task force chaired by ISED. The task force was responsible for looking into the issue of unsolicited commercial email, or spam. By the end of 2004, spam accounted for 80% of all global email traffic. In that same year, the task force on spam held national consultations with stakeholders, and it issued a report in May 2005. In order to combat spam, the report recommended that specific legislation be created.
Canada's new anti-spam law was passed in December 2010. The law, as the chair has pointed out, does not have a short title. Its actual title is “An Act to Promote the Efficiency and Adaptability of the Canadian Economy by Regulating Certain Activities that Discourage Reliance on Electronic Means of Carrying Out Commercial Activities, and to Amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act”.
Given the substantive changes represented within this new framework legislation, a transition period was built into the implementation of the act and, following a Governor in Council order, it entered into force on July 1, 2014.
CASL helps protect Canadians by encouraging the use of safe and secure electronic commerce to carry out commercial activities in the online marketplace.
CASL generally protects Canadians from spam and other electronic threats, while ensuring that businesses can continue to compete in the global marketplace.
The law prohibits: sending of commercial electronic messages without the recipient's consent; altering transmission data in an electronic message without express consent; installation of computer programs without the express consent of the owner of the computer system; using false or misleading representations online in the promotion of products or services; collecting personal information through the illegal access of a computer system; and collecting and using electronic addresses through computer programs, which is also known as electronic harvesting.
Responsibilities for meeting the objectives are shared by a number of federal organizations. ISED operates the national coordinating body for CASL, which is responsible for the policy oversight and coordination of the anti-spam initiative. This also includes monitoring the implementation of the legislation and assessing whether it's meeting its stated objectives.
In addition to the national coordinating body, there are three independent federal agencies responsible for enforcing the act. The Canadian Radio-television and Telecommunications Commission, the CRTC, of which we have representatives with us today, can issue administrative monetary penalties for violations of the anti-spam law. The Competition Bureau can seek administrative monetary penalties or criminal sanctions under the Competition Act. The Office of the Privacy Commissioner also has powers under the Personal Information Protection and Electronic Documents Act related to ensuring the privacy of personal information and handling breaches.
The office of consumer affairs, which is also part of ISED, has an important role to play in terms of information and outreach, as they manage the fightspam.gc.ca website in liaison with the three mentioned agencies and the national coordinating body.
Despite new e-communication filters and blockers, spam and malware remain a significant issue for electronic commerce, and a serious security threat. Spam, while being reduced from the level of 2004, still accounts for over 50% of global email traffic in 2017. Moreover, spam is used as a means to introduce malicious programs, such as ransomware, into computer systems of both consumers and businesses. For example, after the WannaCry ransomware attack, malicious spam rose by 17%.
The scope of the issue is global and requires coordinated international efforts, and our enforcement agencies participate in international forums to impose administrative monetary penalties and conclude investigations on an international scale.
CASL is a key element of the Canadian legal framework to support development of the digital economy. Its stated purpose is to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means.
There is evidence that CASL is working. Since the law has been in force, the amount of spam sent from within Canada has been reduced by more than a third. CASL provides for a suite of enforcement tools, including a private right of action, to support anti-spam efforts. The private right of action was scheduled to come into force in July 2017, the same time as the scheduled statutory review under the act. Some Canadian representatives from industry, academia, and civil society had raised concerns over the scope of the private right of action under CASL. As noted in recent ISED consultations with stakeholders, there is a significant sentiment that some aspects of the law could be further clarified.
As all of you know, the coming into force date of the provisions was suspended on June 2, 2017, pending a legislative review by this committee. Legislation such as CASL is foundational to building trust in the digital economy and it is sound practice to review such rules on a regular basis to ensure that they respond effectively and adapt to new developments in this fast-evolving digital marketplace.
In today's markets, business success depends heavily on the flow and utilization of information, making information itself one of the primary raw materials of the modern economy. Consumers and businesses need to trust that this information is managed responsibly for the digital economy to flourish. That is why a balanced and efficient regulatory framework is key, and CASL is a central part of Canada's response to this challenge.
I would be happy to respond to any questions that you may have with respect to ISED's role in administering CASL. My colleagues from the CRTC are also here today and are best placed to respond to questions related to enforcement activities, including interpretation of CASL.