I just note—and it's come up now a couple of times—that there's this notion that there are the really bad actors, the spamming organizations, and everyone is in agreement that we have to target them; and then there's an attempt to characterize all the other businesses as not being bad actors. I don't doubt for a moment that Rogers, my carrier, is not a bad actor, but I will say that if you are sending me messages when you have not obtained my consent that is a bad act. I think we have to recognize that there are lots of legitimate businesses that may even still want to comply but that are, I would argue, misusing our personal information without obtaining appropriate consent. That's a bad act, and that's what the law's designed to target. If we contemplate moving back to implied consent, then we're right back to where we started from. The task force looked at whether or not PIPEDA was effective in dealing with spam, and the conclusion was that it was not. One of the core reasons was that implied consent just doesn't work in this context. It will be obvious to all of you, given the number of times, I'm sure, you've received messages from a legitimate business while you can't for the life of you understand why you're getting this message. The reason is that these businesses often rely on implied consent to be able to send out those messages.
On October 17th, 2017. See this statement in context.