Evidence of meeting #76 for Industry, Science and Technology in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was casl.
A recording is available from Parliament.
11:45 a.m.
Associate Chief Privacy Officer, Rogers Communications Inc.
We have to do our best to keep our customers happy.
11:45 a.m.
Liberal
Lloyd Longfield Liberal Guelph, ON
It makes me wonder who's supplying my cellphone here.
Mr. Fekete, I'm running really short on time, so I'm just going to use my time to say thank you for getting the balance. As a former president of a chamber of commerce, I'm left back where I was a few years ago, wondering about the efficacy of this whole exercise that we're in the middle of right now.
Thank you.
October 17th, 2017 / 11:50 a.m.
Conservative
Maxime Bernier Conservative Beauce, QC
Thank you very much.
My first question is for David Messer.
You said on your website that your organization championed the development of a robust, sustainable digital economy in Canada. Is the creation of a robust, sustainable digital economy in Canada possible under the current legislation?
11:50 a.m.
Vice-President, Policy, Information Technology Association of Canada
If we want our digital economy to grow and be stronger, we need to make it better aligned with our competitors. As Michael noted, Canada's software provisions are an outlier compared to those of the rest of the world. The requirements in CASL are completely different from the requirements in CAN-SPAM, the U.S. legislation, which is much more principles-based.
If we want to build a strong and robust digital economy, we need to be engaging with the world and not inhibiting our companies by putting in unnecessarily strenuous requirements; and we need to be working through organizations such as the OECD, APEC, and the G20 to develop interoperability where we can, because the ICT industry really is the most globalized industry in the world.
11:50 a.m.
Canada Research Chair in Internet and E-commerce Law, Faculty of Law, University of Ottawa, As an Individual
I'd note that CAN-SPAM in the United States is aptly named, because you can SPAM.
The reality is that the task force had the opportunity to look at some of those other laws. The idea that Canada should emulate a law that is universally regarded as entirely ineffective strikes me as problematic.
If anything, what we are seeing is jurisdictions moving towards stronger rules. Australia, for example, saw the spam problem that was happening locally and adopted the strongest anti-spam rules at the time. It found that, within short order, much as we've experienced with the reduction in major anti-spamming organizations, they left Australia because the penalties were so high that the risk changed their analysis of whether it made sense.
If we're thinking about whether these kinds of rules are getting tougher, just take a look at what's taking place in the European Union with the GDPR, which has far tougher privacy rules that are applied not just in the EU but around the world.
11:50 a.m.
Vice-President, Policy, Information Technology Association of Canada
I'm not saying Canada should have the weakest rules or go to the lowest common denominator at all. We should find ways to work with our allies and other countries to develop interoperability so Canadian businesses are not unnecessarily hampered.
11:50 a.m.
Partner, Osler, Hoskin & Harcourt LLP, As an Individual
Certainly. I want to agree with Michael that we need strong privacy rules that govern the collection of information, and we have a federal privacy statute that sets a very strong standard in terms of how to do that based on principles and a flexible approach with strong guidance provided by our commissioner.
When we think about the computer program provisions, Michael is right to say there are times when personal information is collected, but that's where PIPEDA applies already. There are many times when updates to computer programs do not result in collection of personal information. In those instances, you have to comply with very prescriptive rules that don't match the rules in any other jurisdiction. If you want to focus on where Canada is hamstringing innovation in Canadian business, you can look very closely at the computer program rules and ask yourself why no other country has copied our approach.
11:50 a.m.
Conservative
Maxime Bernier Conservative Beauce, QC
I have a question for Ms. Evans.
Do you have any idea of the costs Rogers must pay for being compliant? What is the cost of the employees and the database? Can you explain what you are doing to be fully in compliance with the legislation?
11:50 a.m.
Associate Chief Privacy Officer, Rogers Communications Inc.
We have a very robust compliance program that follows the guidance that has come from the CRTC.
With regard to employees, we have embedded a culture of CASL compliance in all employees who have are responsible for sending commercial electronic messages. Those employees are required to know what they have to do to comply with the law. They get robust annual training on how to comply with the law. We have tool kits available to them and job aids to help them.
We have a centralized database. We have an online preference centre for our customers to go in and self-manage their communications from us according to types of communications and lines of business. I couldn't put a dollar figure on specific costs, but it is something that's embedded in the corporate culture.
11:55 a.m.
Conservative
Maxime Bernier Conservative Beauce, QC
Thank you.
I want to share my time. We still have three minutes.
11:55 a.m.
Conservative
Matt Jeneroux Conservative Edmonton Riverbend, AB
Thank you, everybody, for coming today and to your staff who are here for helping to prepare for today. I know it's a lot of work.
I want to just clarify a few things. We had before us some presentations from a number of individuals in the lead-up and preparation for this. I will read you just a couple here.
From the Canadian Chamber of Commerce, Mr. Scott Smith indicated in his presentation that “...in 2008 92.6% of global email traffic was spam. By 2015 that number had declined to 54%.”
We had another presentation from Mr. Lawford from the Public Interest Advocacy Centre. He said that, “One report from...2015 found outgoing spam volumes from Canada dropped 37% and overall email volume—spam and legitimate email—received by Canadians also dropped about 30% in the period immediately after CASL came into full force on July 1, 2014.”
A number of you said that it hasn't had any effect on this issue. Can you point us to any reports or statistics that show that?
11:55 a.m.
Canada Research Chair in Internet and E-commerce Law, Faculty of Law, University of Ottawa, As an Individual
I'll just reiterate my opening remarks. I don't think there is anything more telling, to be honest, than knowing that Canada was once truly a haven for large spamming organizations responsible collectively for more than 80% of the spam generated worldwide, with a disproportionate number of those organizations hosted in Canada. Today we can't say that anymore. The decline from seven of those organizations two days before CASL took effect in 2014 to only two organizations today—and that's still two too many—speaks volumes about how the law intended to try to address the amount of spam being generated in Canada and sent either to Canadians or around the world and how it has clearly had an impact in reducing the number of those organizations situated here in Canada.
11:55 a.m.
Liberal
11:55 a.m.
NDP
Brian Masse NDP Windsor West, ON
Thank you, Mr. Chair.
Thank you for being here.
I represent many businesses in my community that do not want to have innovation stymied by unnecessary maintenance of emails they do not want, viruses, and other scams that occupy their time, especially when they don't have IT people on staff and have to rely on subscribers. I also come with a different perspective. I mentioned this last time, and I'll mention it every time: I view it as a privilege that this type of advertising appears on something you pay for, something you maintain, something on which you pay for the data downloaded to you. To email me advertising is a privilege, not a right.
With regard to Rogers, if I'm correct, it was a problem with the “unsubscribe” that led to that, and it turned out to be something that others were involved in.
Can you give me an example of that? How could it be done to allow for a quicker resolution? There are others such as Compu-Finder that were fined as well, but they were well-known spammers going back to 2008. What can you say about the two different cases? There are others that have been fined, like Plentyoffish, which is an online dating site that bogs down business. These are the types of problems we're facing.
11:55 a.m.
Associate Chief Privacy Officer, Rogers Communications Inc.
From our perspective and our investigation, we had an issue for a short time on our business-to-business publishing side, where an “unsubscribe” was not functioning as we had intended. We had put in place robust processes prior to deploying the email regarding how we compile our lists—the form, the content, everything to comply with the legislation. We sent out some communications. Unfortunately, it didn't operate as we'd intended. We heard from some of our customers, and we immediately looked into the issue. We resolved it in a matter of days of it having been brought to our attention. It's not in our best interests to be out of compliance with the law. We want to be seen as good corporate citizens—not as a company in the same boat as Compu-Finder, which, as you pointed out, has been a known spammer forever. We're a well-intentioned, established business.
Noon
NDP
Brian Masse NDP Windsor West, ON
I agree. What was striking in some of this was the in-between time of those who are doing it but not using it as a loss leader. There has been a lot of discussion on this.
Mr. Geist, maybe you can talk about ROKSO a little bit, because in the past, spam has been a loss leader for business, a small spam investment sending out millions, if not multi-millions, of dollars in emails. All you have to do is get back one. I think all members of Parliament get calls about the fake CRA scams that prey on seniors. This deplorable practice is only getting worse. It's done not only by telephone but also through spam.
That was a big part of the discussion about what we're doing internationally on this, and I have made a request for a witness from Interpol in the future, but could you please go into a little more detail about ROKSO?
Noon
Canada Research Chair in Internet and E-commerce Law, Faculty of Law, University of Ottawa, As an Individual
One of the most surprising things is that the large spamming organizations operate with impunity and very often in the open, something one wouldn't expect. One of the reasons they do this has to do with the lax laws that exist in many countries. It's recognized that one of the only ways to deal with some of those large players is through tough anti-spam laws. We've seen a couple of countries, Australia and now Canada, that have been able to effectively drive some of those organizations out by passing some tough laws.
At the heart of the problem is the risk equation. If you are a spammer, you are in a sense off-loading just about all the costs onto consumers. We pay for all of this, and I would argue that legitimate businesses, large and small, pay too, because people's trust in the system is undermined by all of this. What we need is an effective system that will benefit large and small businesses alike, while increasing the costs for some of the scammers out there, so that they either leave the jurisdiction or stop what they're doing.
I find it somewhat discouraging when we hear people coming before committee saying that what we really need is to reduce the tools we have to enforce this law. Private right of action is a good illustration of this. You can't say, on the one hand, that the rules are too tough from an enforcement perspective and that we need ways to sort this out, and then say, on the other hand, that everything is going really well so we don't need a private right of action.
PRAs have been used in other jurisdictions and they can be used effectively.
Noon
Counsel, Interactive Advertising Bureau of Canada, As an Individual
Yes, we're at the same law firm, but I'm also counsel to the Interactive Advertising Bureau of Canada.
Noon
NDP
Brian Masse NDP Windsor West, ON
I'm just looking for clarification, because we're provided 20 minutes. I don't know which—
Noon
Counsel, Interactive Advertising Bureau of Canada, As an Individual
We're different organizations.
