I would like to take a different perspective. There is no question that we need effective privacy legislation. The discussion and the points that Michael is raising are about privacy, agreed. That's why we have PIPEDA. That's why we have a very active, internationally respected privacy commissioner who sets out guidelines and provides direction based on very technology-neutral legislation that is based on principles.
The problem with the anti-spam legislation is that it's not based on principles; it's based on very prescriptive rules that don't necessarily work in these new environments. The Internet of things is a great example. If you don't have an interface through which you can get consent, how do you comply? There is an unintended application of these prescriptive rules to a technology we didn't fully understand or didn't see in the way that we see it today. Our privacy legislation provides the framework for technology-neutral legislation that is flexible to allow for technological change. CASL isn't that legislation, because it's overly prescriptive.
We have to fix the prescriptiveness. We have to make it more principle-based to achieve the outcomes that we all agree are necessary to protect consumers and to ensure that businesses don't exploit the privilege of contacting individuals or the right of installing an update to a computer program.